Hi! This is because you do not have private password set during delivery. To use this feature like this you need to make sure the user keys are generated using doveadm mail cryptokey generate -u user -U before delivery.
Aki > On 28/05/2021 12:54 Daniel Schuermann <dove...@2718282.net> wrote: > > > Hi, > > I tried to enable encrypted folder keys using mail-crypt-plugin. > It works as expected when using unencrypted folder keys. > When I add > > mail_crypt_require_encrypted_user_key = yes > > as shown below, I somehow manage to crash dovecot: > > dovecot: lmtp(82060): Fatal: master: service(lmtp): > child 82060 killed with signal 6 (core not dumped - > https://dovecot.org/bugreport.html#coredumps - > set service lmtp { drop_priv_before_exec=yes }) > > dovecot: lmtp(67814): Panic: file mail-user.c: line 229 (mail_user_deinit): > assertion failed: ((*user)->refcount== 1) > > lmtp(root): Info: msgid=<07e3a23b2aaea...@mx.2718282.net>: > save failed to INBOX: generate_keypair(INBOX) failed: > mail_crypt_require_encrypted_user_key set, > cannot generate user keypair without password or key > > My config files: > > # 2.3.14 (cee3cbc0d): /etc/mail/imap.conf > # OS: OpenBSD 6.9 amd64 > auth_verbose = yes > debug_log_path = /var/log/dovecot > info_log_path = /var/log/dovecot > mail_attribute_dict = file:%h/Maildir/dovecot-attributes > mail_debug = yes > namespace inbox { > ... > } > passdb { > args = /etc/mail/imap-sqlite.conf > driver = sql > } > plugin { > mail_crypt_curve = secp521r1 > mail_crypt_require_encrypted_user_key = yes > mail_crypt_save_version = 2 > } > protocols = imap lmtp > service imap-login { > ... > } > ssl = required > ssl_cert = </etc/ssl/rsa.crt > ssl_key = # hidden, use -P to show it > ssl_min_protocol = TLSv1.2 > ssl_prefer_server_ciphers = yes > userdb { > args = /etc/mail/imap-sqlite.conf > driver = sql > override_fields = uid=vmail gid=vmail > } > > # file: /etc/mail/imap-sqlite.conf > driver = sqlite > connect = /etc/mail/sqlite.db > default_pass_scheme = BLF-CRYPT > user_query = SELECT '/home/vmail/'||destination AS home FROM virtuals WHERE > email = '%u' > password_query = SELECT email as user, password, '%w' AS \ > userdb_mail_crypt_private_password FROM credentials WHERE email = '%u'
