-----Original Message-----
From: Aki Tuomi [mailto:aki.tu...@open-xchange.com]
Sent: Thursday, June 15, 2023 10:02 AM
To: rcoo...@dwford.com; rcooper--- via dovecot
Subject: Re: Cannot get mail-crypt plugin to work
========================================================================
This email came from an external source. Do NOT click ANY links
or open ANY attachments unless you know for CERTAIN who the source is.
Don't trust the name.
(Bob Thomas Dealerships I.T. Department)
=========================================================================
> On 15/06/2023 15:32 EEST rcooper--- via dovecot <dovecot@dovecot.org>
wrote:
>
>
> dovecot 2.2.27 and then 2.2.36 (tried both)
> Trying to enable mail-crypt in global key mode. Nothing is ever encrypted,
even when I move mail from folder to folder.
> I have tried everything available to find here, google, etc and I assume I
am missing something fundamental.
> Debug log shows the plugin loading
> Jun 15 08:26:00 srv2 dovecot: POP3(rick): Debug: Loading modules from
directory: /usr/lib/dovecot
> Jun 15 08:26:00 srv2 dovecot: POP3(rick): Debug: Module loaded:
/usr/lib/dovecot/lib10_mail_crypt_plugin.so
> Jun 15 08:26:00 srv2 dovecot: POP3(rick): Debug: mail_crypt_plugin:
mail_crypt_curve setting missing - generating EC keys disabled (I assume
because global not per user)
>
> my 10-mailcrypt.conf in .conf.d
> mail_plugins = $mail_plugins mail_crypt
>
> plugin {
> mail_crypt_global_private_key = </certs/ecprivkey.pem
> mail_crypt_global_public_key = </certs/ecpubkey.pem
> mail_crypt_save_version = 2
> }
>
>
> I have also tried base64 encoded .pem files inline. I have also added the
mail_plugins line to my protocol definitions to no avail and when I do that
dovecot -n shows the lines as mail_plugins = " mail_crypt mail_crypt" so I
assume it's a mistake to add mail_plugins = $mail_plugins mail_crypt to the
protocol sections. Some online tutorials say must do this and others do not
mention it at all.
>
> Just looking for some guidance as to where to go next.
Hi!
Mail crypt plugin does not encrypt anything for you, only new or migrated
emails are encrypted. If you want to encrypt your mailbox, you need to use
doveadm sync/backup to migrate your mailbox.
Aki
I understand that, however it does state new mail should be encrypted and if
I send an email from another email account to the account that is on a
testing server with the mail-crypt plug-in active that email is not
encrypted. It was also my understanding that best practice is to get the
plug-in functioning with new mail before running through the process of
encrypting old mail. I would assume that, at a min, when dovecot moves an
email from new to cur it would be encrypted or when I move an email from
Inbox to a sub folder and back it would be encrypted. The need her is to
have email encrypted at rest in compliance with FTC safeguard rules. So is
am I reading incorrectly that dovecot encrypts new emails automatically?
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
