> On 11/12/2025 16:11 EET m--- via dovecot <[email protected]> wrote: > > > In Dovecot 2.3 I had used the following query: > > password_query = \ > SELECT USER.user, USER.host, \ > SECRET.password, SECRET.public_key AS mail_crypt_global_public_key, > SECRET.private_key AS mail_crypt_global_private_key \ > FROM USER \ > WHERE USER.user = '%Lu' > > This worked fine, enabling encryption and decryption properly. > > For Dovecot 2.4 this does not work anymore. Example from LMTP: > > Dec 11 15:02:59 lmtp(975838): Info: lmtp-server: conn unix:pid=975905,uid=113 > [1]: rcpt [email protected]: <Ti6aNxPPOmne4w4APAc66w>: Failed to send message to > <[email protected]> at server:24: 451 4.2.0 <[email protected]> get_public_key(INBOX) > failed: mailbox_attribute_get(INBOX, > /shared/vendor/vendor.dovecot/pvt/crypt/active) failed: Mailbox attributes > not enabled (1/1 at 12 ms) > > I tried to adapt it to Dovecot 2.4 per the documentation, ending up with this: > > query = \ > SELECT \ > USER.user, USER.host, \ > SECRET.password, \ > concat('inline:', SECRET.public_key) AS crypt_global_public_key_file, \ > 'main' AS crypt_global_private_key, \ > concat('inline:', SECRET.private_key) AS > 'crypt_global_private_key/main/crypt_private_key_file' \ > FROM USER \ > WHERE USER.user = '%{user | lower}' > > Still the error message: > > get_public_key(INBOX) failed: mailbox_attribute_get(INBOX, > /shared/vendor/vendor.dovecot/pvt/crypt/active) failed: Mailbox attributes > not enabled > > Additionally I tried without the "inline:" prefix, because without, > > doveadm mailbox cryptokey list > > would return a "no such file or directory error" trying to treat the key as a > filename. > > With the "inline:" prefix it returns nothing except a warning: > > Warning: mailbox cryptokey list: Nothing was matched. Use -U or specify mask? > > What is the right way to proceed here?
Hi! I tested locally with inline: prefix and it seems to work for me. Can you try enabling log_debug=category=debug and providing logs for the testuser? Aki _______________________________________________ dovecot mailing list -- [email protected] To unsubscribe send an email to [email protected]
