Mail-crypt won't encrypt emails

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Mail-crypt won't encrypt emails

Dovecot mailing list

Hi,

(Reposting as my previous post got zero replies.)

We're running Dovecot 2.2.36 and we need to set up the mail-crypt plugin to encrypt all incoming and outgoing emails. Outgoing emails seem to get encrypted fine but the incoming ones don't. We tried everything including this config:

mail_attribute_dict = file:%h/Maildir/dovecot-attributes
mail_plugins = $mail_plugins mail_crypt

plugin {
mail_crypt_global_private_key = <ecprivkey.pem
  mail_crypt_global_public_key = <ecpubkey.pem    
    mail_crypt_save_version = 2

}

also this one:

plugin {

mail_crypt_curve = prime256v1

mail_crypt_save_version = 2

}

but to no avail. There are no visible errors, Dovecot restarts fine and outgoing emails get encrypted. Any ideas?

 

--

 

Kind Regards,

Support Team
SERVERIA.COM
Riga, LV-1063, Latvia
US: +1 (213) 224-7938
LV: + (371) 22330032

Skype: bighostlv
[hidden email]
www.serveria.com

Reply | Threaded
Open this post in threaded view
|

Re: Mail-crypt won't encrypt emails

Dovecot mailing list
The plugin encrypts mail to be written encrypted at rest /on/ the server, and
then decrypts the same mail when it is read /off/ the server. If it is
working correctly mails sent will arrive at their destination readable. You
need to go to the user directory where the mail is residing (example):

/mail/vhosts/XXXX/username/cur   (wherever your user mail resides)

Choose any mail (example...  
'1546546546546.Mdffgdfg535435.domain,S=4355435W=4r34534:3,S' ) will look
something like that (I have obfuscated the actual example but it will look
similar).

Now try and view it on the server using

> postcat  '1546546546546.Mdffgdfg535435.domain,S=4355435W=4r34534:3,S'

1. If you get an error that looks something like:

*** ENVELOPE RECORDS
'1546546546546.Mdffgdfg535435.domain,S=4355435W=4r34534:3,S' ***
message_size: YPTED
postcat: fatal: invalid size record: YPTED???

OR

2. Alternatively you can try and > cat the message like a text file and at
the start of the output you will see the string:  CRYPTED

Then you will know the plugin is working.

If it shows the message in plaintext, the plugin is not active.



--
Sent from: http://dovecot.2317879.n4.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: Mail-crypt won't encrypt emails

Dovecot mailing list
In reply to this post by Dovecot mailing list
Please provide doveconf -n

Also set mail_debug=yes and provide logs.

Remember that dovecot can only encrypt mails if you are using LMTP or dovecot-lda to deliver mails.

Aki
On 01/12/2019 23:10 Serveria Support via dovecot <[hidden email]> wrote:


Hi,

(Reposting as my previous post got zero replies.)

We're running Dovecot 2.2.36 and we need to set up the mail-crypt plugin to encrypt all incoming and outgoing emails. Outgoing emails seem to get encrypted fine but the incoming ones don't. We tried everything including this config:

mail_attribute_dict = file:%h/Maildir/dovecot-attributes
mail_plugins = $mail_plugins mail_crypt

plugin {
mail_crypt_global_private_key = <ecprivkey.pem
  mail_crypt_global_public_key = <ecpubkey.pem    
    mail_crypt_save_version = 2

}

also this one:

plugin {

mail_crypt_curve = prime256v1

mail_crypt_save_version = 2

}

but to no avail. There are no visible errors, Dovecot restarts fine and outgoing emails get encrypted. Any ideas?


--


Kind Regards,

Support Team
SERVERIA.COM
Riga, LV-1063, Latvia
US: +1 (213) 224-7938
LV: + (371) 22330032

Skype: bighostlv
[hidden email]
www.serveria.com


---
Aki Tuomi