Hello I write here again as I made some progress.
Now I can read correctly from LDAP both the private key and public key, also I
can read the password of the user during the imap session to allow dovecot to
decrypt emails.
The problem now is that I cannot fix a configuration that works for both the
encryption (receive emails by lmtp process) and decryption (read emails by imap
process).
The following configuration allows dovecot to read (decrypt) emails but cannot
receive any new emails (encrypt):
crypt_global_private_key main {
}
userdb ldap {
driver = ldap
fields {
crypt_global_public_key_file=inline:%{ldap:pubkey}
crypt_global_private_key/main/crypt_private_key_file=inline:%{ldap:privkey}
crypt_private_key_password=%{password}
}
}
but when dovecot lmtp process receives a new email I get this error:
lmtp(138655): Fatal: Raw user initialization failed: mail_crypt_plugin: main:
Couldn't parse private key : Unknown key format
The following configuration instead allows dovecot to receive new emails
(encrypt) but it doesn't allow to read emails (decrypt):
#crypt_global_private_key main {
#}
userdb ldap {
driver = ldap
fields {
crypt_global_public_key_file=inline:%{ldap:pubkey}
crypt_global_private_key/main/crypt_private_key_file=inline:%{ldap:privkey}
crypt_private_key_password=%{password}
}
}
but when dovecot imap process wants to read an email I get this error:
imap(t...@domain.com)<138699><nSKkDjAxdJWsHUKZ>: Error: Mailbox INBOX: UID 81:
read() failed:
read(/mail/domain.com/test/cur/1742932215.M80009P138688.pop.server.com,S=3172,W=3228:2,)
failed: Decryption error: no private key available (FETCH BODY[HEADER])
imap(t...@domain.com)<138699><nSKkDjAxdJWsHUKZ>: Disconnected: FETCH read()
failed in=216 out=938 deleted=0 expunged=0 trashed=0 hdr_count=1 hdr_bytes=0
body_count=0 body_bytes=0
In the first scenario it appears that dovecot when receives emails by lmtp
process try to read the key in the crypt_global_private_key main section but
there is no defined key inside it and it says that cannot parse the private key
(why? dovecot shoulds need just the public key for encrypting, not the private).
Instead, in the second scenario, when it tries to read emails it appears
dovecot needs that there is a crypt_global_private_key main section defined
(why? it should be enough I declare a private key in userdb section.).
Also, in the second scenario I tried to replace
crypt_global_private_key/main/crypt_private_key_file with just
crypt_private_key_file but it doesn't work.
Maybe is it a bug?
Thank you to everyone can give to me some suggestion.
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
