Not sure if that helps in finding conflicting plugin, but here is the success log that saves an unencrypted mail (after disabling mail_crypt).
---- Lmtp Log ---- lmtp(314): Info: Connect from 172.17.0.1 lmtp(some...@example.com)<314><FL0GDhguvGM6AQAAR5uF9w>: Debug: auth-master: userdb lookup(some...@example.com): Started userdb lookup lmtp(some...@example.com)<314><FL0GDhguvGM6AQAAR5uF9w>: Debug: auth-master: conn unix:/var/run/dovecot/auth-userdb: Connecting lmtp(some...@example.com)<314><FL0GDhguvGM6AQAAR5uF9w>: Debug: auth-master: conn unix:/var/run/dovecot/auth-userdb (pid=144,uid=0): Client connected (fd=18) lmtp(some...@example.com)<314><FL0GDhguvGM6AQAAR5uF9w>: Debug: auth-master: userdb lookup(some...@example.com): auth USER input: some...@example.com quota_rule=*:bytes=1024000000 mail_crypt_global_private_key=LS0tLS1CRUd.....LS0tLS0K mail_crypt_global_public_key=LS0tLS1CRUd.....LS0tCg== mail_crypt_save_version=2 lmtp(some...@example.com)<314><FL0GDhguvGM6AQAAR5uF9w>: Debug: auth-master: userdb lookup(some...@example.com): Finished userdb lookup (username=some...@example.com quota_rule=*:bytes=1024000000 mail_crypt_global_private_key=LS0tLS1CRUd.....LS0tLS0K mail_crypt_global_public_key=LS0tLS1CRUd.....LS0tCg== mail_crypt_save_version=2) lmtp(some...@example.com)<314><FL0GDhguvGM6AQAAR5uF9w>: Debug: lmtp-server: conn 172.17.0.1:5237 [1]: rcpt some...@example.com: Added userdb setting: plugin/mail_crypt_global_private_key=LS0tLS1CRUd.....LS0tLS0K lmtp(some...@example.com)<314><FL0GDhguvGM6AQAAR5uF9w>: Debug: lmtp-server: conn 172.17.0.1:5237 [1]: rcpt some...@example.com: Added userdb setting: plugin/mail_crypt_global_public_key=LS0tLS1CRUd.....LS0tCg== lmtp(some...@example.com)<314><FL0GDhguvGM6AQAAR5uF9w>: Debug: lmtp-server: conn 172.17.0.1:5237 [1]: rcpt some...@example.com: Added userdb setting: plugin/mail_crypt_save_version=2 lmtp(some...@example.com)<314><FL0GDhguvGM6AQAAR5uF9w>: Debug: lmtp-server: conn 172.17.0.1:5237 [1]: rcpt some...@example.com: Added userdb setting: plugin/quota_rule=*:bytes=1024000000 lmtp(some...@example.com)<314><FL0GDhguvGM6AQAAR5uF9w>: Debug: lmtp-server: conn 172.17.0.1:5237 [1]: rcpt some...@example.com: Effective uid=1000, gid=1000, home=/var/vmail/mailboxes/example.com/someone lmtp(some...@example.com)<314><FL0GDhguvGM6AQAAR5uF9w>: Debug: lmtp-server: conn 172.17.0.1:5237 [1]: rcpt some...@example.com: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/:LAYOUT=fs lmtp(some...@example.com)<314><FL0GDhguvGM6AQAAR5uF9w>: Debug: lmtp-server: conn 172.17.0.1:5237 [1]: rcpt some...@example.com: fs: root=/var/vmail/mailboxes/example.com/someone, index=, indexpvt=, control=, inbox=/var/vmail/mailboxes/example.com/someone, alt= lmtp(some...@example.com)<314><FL0GDhguvGM6AQAAR5uF9w>: Debug: lmtp-server: conn 172.17.0.1:5237 [1]: rcpt some...@example.com: Mailbox INBOX: Mailbox opened lmtp(some...@example.com)<314><FL0GDhguvGM6AQAAR5uF9w>: Info: msgid=<4e6b1652-8a1f-892f-af09-b9447dbbf...@example.com>: saved mail to INBOX lmtp(314): Debug: lmtp-server: conn 172.17.0.1:5237 [1]: rcpt some...@example.com: User session is finished lmtp(314): Info: Disconnect from 172.17.0.1: Logged out (state=READY) ---- Lmtp Log Ends ---- January 9, 2023 6:00 AM, "Aki Tuomi" <aki.tu...@open-xchange.com> wrote: >> On 08/01/2023 18:55 EET Baljeet Bhinder <cont...@baljeetbhinder.ca> wrote: >> >> I have been using postfix+dovecot successfully for a while now until I tried >> mail crypt plugin >> lately. I tried what is describe here >> https://doc.dovecot.org/configuration_manual/mail_crypt_plugin and I went >> for global-keys as >> described here: >> https://doc.dovecot.org/configuration_manual/mail_crypt_plugin/#global-keys >> "A good solution for environments where no user folder sharing is needed is >> to generate per-user EC >> key pair and encrypt that with something derived from user’s password." >> >> I am setting mail_crypt_global_private_key, mail_crypt_global_public_key, >> mail_crypt_save_version >> from user_query and userdb_mail_crypt_global_private_key_password from >> password_query. mail_crypt >> seems to work fine in imap (I saved a message as draft and it is stored >> encrypted on the disk), but >> lmtp complains about "mail_crypt_global_private_key_password unset, no >> password to decrypt the key" >> As you can see below in logs that it was able to set all other mail_crypt_ >> configurations >> successfully from user_query. However, the password is provided via >> password_query and I assume >> lmtp does not read password_query. How else can I provide a password in >> lmtp? Is my approach >> correct to begin with? > > Hi! > > Problem with user-password derivation is that what you've ran into. Some > features, like quota or > FTS, might need to access user's mail without being able to access the > password, because it's not > available. > > If you run into these, the only thing you can do is to not use conflicting > features. Using user's > password as the encryption key is very tricky thing to get working right. > >> Thanks >> Baljeet Bhinder > > Regards, > Aki Thanks, Baljeet Bhinder
