If you use Dovecot as a IMAP or POP3 server, and you have looked around how to secure and design your setup, you propably came across the mail-crypt plugin for Dovecot. The plugin enables you to store mails in an encrypted manner, basically to do so called “encryption at rest”.

However, there is several possibilities to achieve encryption at rest, where the mail-crypt plugin for Dovecot represents just one. And then again, the plugin may be used in different ways. You may want to generate the encryption keys automatically, or you may define and store them in a passdb/userdb of your choice, such as LDAP or MySQL or anything like that.

When setting up, there is many things that you can get wrong. Like me:

failed to store into mailbox 'INBOX': 
get_public_key(INBOX) failed: mailbox_attribute_get(INBOX, /shared/vendor/vendor.dovecot/pvt/crypt/active) failed: 
Mailbox attributes not enabled

In my specific case, which was not covered anywhere from documentation to mailinglists, I had accidentially not named the passdb {} and userdb {} settings in the conf.d/auth-sql.conf.ext config file right – I accidentially named both of them “passdb {}” which rendered the userdb lookup useless, where Dovecot expects the settings “mail_crypt_global_public_key=” and “mail_crypt_global_private_key=” to be filled with actual key data in a base64 encoded style.

If you require professional assistance in managing your server applications of any kind or if you require any professional technical help, let me know.