@wernerfred

Also please make sure to mirror the changes you introduced to setup.sh to the corresponding docs site that it reflects the current state.

will do!

Current state: I want to avoid writing tests for now until the overall changes I made are reviewed by a few people. That way I'm minimizing time spent on rewrites.

Accidentally rebased again. I hope this is fine this time, otherwise excuse me again and force-push over it 🙈

Bad habits never die 😅

I don't mind reviewing, but will be busy until early next week. Unfortunately no time until then due to a deadline.

There is no rush for this

An opportunity for a PR if someone has time: check-for-changes.sh doesn't start on the very first start of the container and if no email is created. Where there is needed improvement is for the setup-stack.sh to loop at Unless using LDAP, you need at least 1 email account to start Dovecot instead of immediately return an error and proceed with the setup once the user creates the first email.

Documentation preview for this PR is ready! 🎉

Built with commit: fc6a4b2

Is there a workaround that might be fine for now? (One that avoids destroying containers Everytime you add a new user?)

Is there a workaround that might be fine for now? (One that avoids destroying containers Everytime you add a new user?)

I would appreciate if someone else could pick this up and contact dovecot. I've recently become too overwhelmed with travel, work, and another side project to continue with this.

I'll take it over, but it is low priority for me, I should be able to work on it by december hopefully 👍

Once the hostname and related changes I've been sorting out are all merged, a v10.3 release can be done and this PR should be able go from there for v11 release.

I'd close this as is, but I feel like at least two persons will reach out and tell me this will be worked on. Hence, I will just move it to v13.0.0, because it is unlikely going into v12.0.0.

I don't know if it helps, but I've been using a setup like this. Using only user-patch.sh changes and some volume mounts overwrites :)

The encrypted mails are working quite nicely. Except I didn't do (yet) @polarathene idea of using SHA512-CRYPT on the password.

But at some point I hope to switch the custom user-patches out, but I fully understand this will take effort to develop. And open source motivation comes from your own case, not from others. So here is hoping I'll find some time to properly take a swing at this, but I don't expect to find that time anywhere soon.

FYI: This is my setup. I WOULD NOT ADVICE ANYONE DOING THIS! You have to review changes to the patched files for every release:

10-crypt.conf:

mail_attribute_dict = file:%h/.attributes
mail_plugins = $mail_plugins mail_crypt

plugin {
  mail_crypt_curve = secp521r1
  mail_crypt_save_version = 2
  mail_crypt_require_encrypted_user_key = yes
}

user-patches.sh:

#!/bin/bash

TARGET='/etc/dovecot/conf.d/auth-passwdfile.inc'
ADDEDLINE='override_fields = userdb_mail_crypt_private_password=%{sha256:password} userdb_mail_crypt_save_version=2'
if ! grep -Fq "$ADDEDLINE" $TARGET; then
    sedfile -i 's|^\(  args = scheme.*userdb\)|\1\n'"$ADDEDLINE"'|' $TARGET
fi

TARGET='/usr/local/bin/addmailuser'
if ! grep -Fq "mail_crypt_private_password" $TARGET; then
cat << 'EOF' >> "$TARGET"
  while [[ $(stat -c '%U' "/var/mail/${DOMAIN}/${USER}") != docker ]] # handle slow ownership setting problem
  do
    echo "Waiting for proper owner to be set on /var/mail/${DOMAIN}/${USER}..."
    sleep 1
  done
  doveadm -o plugin/mail_crypt_private_password="$(echo -n "${PASSWD}" | sha256sum | awk '{print $1}')" mailbox cryptokey generate -u "${FULL_EMAIL}" -U
EOF
fi

TARGET='/usr/local/bin/updatemailuser'
if ! grep -Fq "mail_crypt_private_password" $TARGET; then
cat << 'EOF' >> "$TARGET"
  FULL_EMAIL="${USER}@${DOMAIN}"
  USER="${FULL_EMAIL%@*}"
  DOMAIN="${FULL_EMAIL#*@}"
  if [[ ! -f "/var/mail/${DOMAIN}/${USER}/.attributes" ]] # create key if it doesn't exist already
  then
    doveadm -o plugin/mail_crypt_private_password="$(echo -n "${PASSWD}" | sha256sum | awk '{print $1}')" mailbox cryptokey generate -u "${FULL_EMAIL}" -U
  else
    if [[ -z "${CRYPTOKEY_UPDATE_PASSWORD}" ]]
    then
      read -r -s -p "Enter Old Password (to update encryption key): " CRYPTOKEY_UPDATE_PASSWORD
      echo
      [[ -z ${CRYPTOKEY_UPDATE_PASSWORD} ]] && _exit_with_error "old encryption password must not be empty"
    fi
    doveadm mailbox cryptokey password -u "${FULL_EMAIL}" -n "$(echo -n "${PASSWD}" | sha256sum | awk '{print $1}')" -o "$(echo -n "${CRYPTOKEY_UPDATE_PASSWORD}" | sha256sum | awk '{print $1}')"
  fi
EOF
fi

custom mounts:

   volumes:
      - ./config/dms:/tmp/docker-mailserver # get user patches
      - ./config/dms/10-crypt.conf:/etc/dovecot/conf.d/10-crypt.conf:ro # add config

So here is hoping I'll find some time to properly take a swing at this, but I don't expect to find that time anywhere soon.

I've had something 90% complete since August 2022, but:

• I had to put it on hold while I attended a course between Aug to Dec 2022.
• I've been swamped with DMS contributions / reviewing since late Dec with v11.3 release.
  • Lots of churn and changes for v12 breaking changes and big new features or fixes requiring heavy investigation.
  • Push for a change I've been hesitant to approve until tests get into better shape / coverage.

I actually was looking into revisiting it roughly a week ago to adapt to all the v12 changes, but received more issues and reviews to go over (which I'm slow at), among other commitments outside of DMS also reaching out for their own time-sensitive needs. I'm exhausted.

I'd close this as is, but I feel like at least two persons will reach out and tell me this will be worked on.

I was wanting to tackle this in Jan, but needed to prioritize other activity within the project that came up. With v12 release, hopefully that settles down so I can allocate time to getting this wrapped up (the tests definitely aren't going to rebase anymore).

I can't make any promises if I have to shift priorities elsewhere, I have a backlog building up outside of DMS and really should be focusing on job search 😅 I'll do my best to at least get the work adjusted and pushed up as a draft PR in the event I am unable to finish it.

I'm exhausted.

Damn, sorry about that. I did not mean to pile on. I think this project is doing great, and looking at it's history, it's kinda impressive you all manage to keep it running like this, even with multiple people coming and leaving.

So yeah, focus on that job search, and this issue will get back later, once you have the space.

Closing this for now. Reason: This PR has become stale. If you want to pick up these changes, please do so :) We encourage everyone to further work on this, and apply these changes and updates to the most recent version of master.

Related: #3289 (comment)