Source: dovecot Severity: normal This bug was observed in dovecot 2.3.4 on Debian 10 and in dovecot 2.3.20 on FreeBSD 13.
The following plugins are enabled: mail-crypt, mail-crypt-acl, imap-acl and acl. We are using encrypted folder keys for mail encryption. Encryption is enabled or disabled for each user individually by storing the mail_crypt_save_version option in userdb. Sharing a user's mailbox to another user works fine if sharing is enabled on the command line using doveadm. If the sharing user's mails are encrypted, the password can be supplied on the command line. But sharing by using e.g. Roundcube as MUA throws an error in the dovecot logs, regardless if the sharing user has encryption enabled or not. This is the error message: Jul 13 18:15:34 prokyon dovecot: imap(administra...@mydomain.de)<23701><8f41pGAAkIL9EChC8NEBAQAAAAAAAAAC>: Error: mail-crypt-acl-plugin: Cannot initialize destination user some...@mydomain.de: userdb didn't return a home directory, but mail_attribute_dict used it (%h): file:%h/dovecot-attributes Jul 13 18:15:34 prokyon dovecot: imap(administra...@mydomain.de)<23701><8f41pGAAkIL9EChC8NEBAQAAAAAAAAAC>: Error: Mailbox INBOX: Failed to set ACL After that, sharing is configured only halfway. It looks like mail-crypt-acl plugin fails to determine the receiving user's home directory. I cannot see any attemps to query userdb in advance of this error. The configured userdb query definitely returns the home directory (otherwise nothing would work at all...). This is independent whether the sharing user has encryption enabled or not. I cannot run any tests with unencrypted folder keys, or global keys, or encryption disabled globally with mail-crypt plugin enabled but unused. I would expect that this error will occur in all these configurations. Expected result is that folder sharing at least can be enabled by using a capable MUA (like Roundcube), if the sharing user is using unencrypted folder keys, if global keys are used or encryption is disabled for the sharing user (this is the configuration where I see this error). I don't know what happens if the sharing user uses encrypted folder keys and the password is needed for sharing. -- Robert Senger <robert.sen...@gmx.de> PGP/GPG Public Key ID: 8714E1A3
