Decrypting some mails and some not

[semaf]

Contribution guidelines

• [X] I've read the contribution guidelines and wholeheartedly agree

I've found a bug and checked that ...

• [X] ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
• [X] ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
• [X] ... I have understood that answers are voluntary and community-driven, and not commercial support.
• [X] ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

I have the same issue here..

One of the mail accounts (tom@domain.com) can read the mails from INBOX but not the other mail account (amanda@domain.com). 
As both accounts are using the same key files, it can be only an issue. Updated today to 2024-04 version.

I have restored also the first instance of borgmatic backup and copied the key files manually which did not solve the issue.

Using the documentation to decrypt mails, this is the result that on some accounts it cant be decrypted. I running at the moment 4 domains and 14 mail accounts in total.

8c3a221f571c:/mail_crypt# find /var/vmail/ -type f -regextype egrep -regex '.*S=.*W=.*' | while read -r file; do
if [[ $(head -c7 "$file") == "CRYPTED" ]]; then
doveadm fs get compress lz4:1:crypt:private_key_path=/mail_crypt/ecprivkey.pem:public_key_path=/mail_crypt/ecpubkey.pem:posix:prefix=/ \
  "$file" > "/tmp/$(basename "$file")"
  if [[ -s "/tmp/$(basename "$file")" ]]; then
    chmod 600 "/tmp/$(basename "$file")"
    chown 5000:5000 "/tmp/$(basename "$file")"
    mv "/tmp/$(basename "$file")" "$file"
  else
    rm "/tmp/$(basename "$file")"
  fi
fi
done

As this is not secure enough, loosing emails, I unlikely disabled encrypting mails.

Collection of decrypt issues: https://github.com/mailcow/mailcow-dockerized/issues/2395 https://github.com/mailcow/mailcow-dockerized/issues/5105 https://community.mailcow.email/d/2236-mail-cant-be-readdecrypt-after-restore/2 https://community.mailcow.email/d/2082-certain-emails-no-longer-loading-corrupted https://community.mailcow.email/d/2266-lost-access-to-a-mailbox-but-still-receiving-mail https://community.mailcow.email/d/955-cant-restore-to-a-new-server

### Logs:

```plain text
Error: read(/var/vmail/semaf.at/tom/Maildir/cur/1711752189.M161924P154.66ecee6179b1,S=55288,W=56569:2,) failed: Decryption error: no private key available
Error: read(/var/vmail/semaf.at/tom/Maildir/cur/1711751438.M58396P1850.4802c740a8c9,S=40489,W=41192:2,) failed: Decryption error: no private key available
Error: read(/var/vmail/semaf.at/tom/Maildir/cur/1711753621.M217592P1025.66ecee6179b1,S=109437,W=110890:2,) failed: Decryption error: no private key available
Error: read(/var/vmail/semaf.at/tom/Maildir/cur/1711752842.M184920P390.66ecee6179b1,S=476253,W=486780:2,) failed: Decryption error: no private key available
Error: read(/var/vmail/domain1.at/mike/Maildir/.Junk/new/1711753547.M240604P1025.66ecee6179b1,S=6651,W=6805) failed: Decryption error: no private key available
Error: read(/var/vmail/domain2.at/lisa/Maildir/new/1711752697.M978152P390.66ecee6179b1,S=46569,W=47647) failed: Decryption error: no private key available
Error: read(/var/vmail/domain2.at/jack/Maildir/cur/1711754825.M812922P1025.66ecee6179b1,S=44041,W=44642:2,S) failed: Decryption error: no private key available

Steps to reproduce:

1. Backup mailcow using Borgmatic
2. Restore mailcow using Borgmatic

Which branch are you using?

master

Which architecture are you using?

x86

Operating System:

Ubuntu 22.04

Server/VM specifications:

4

Is Apparmor, SELinux or similar active?

no

Virtualization technology:

VMware

Docker version:

26.0.0

docker-compose version or docker compose version:

2.25.0

mailcow version:

2024-04

Reverse proxy:

Nginx Proxy Manager

Logs of git diff:

x

Logs of iptables -L -vn:

x

Logs of ip6tables -L -vn:

x

Logs of iptables -L -vn -t nat:

x

Logs of ip6tables -L -vn -t nat:

x

DNS check:

x

[semaf]

Even new received mails cant be read from accounts with that issue if mcrypt is activated.

[xBytez]

I'm running into this as well (nightly)

I remember having this previously and I fixed it then with using an older image of dovecot decrypting everything and encrypting it all again with the latest image, that didn't seem to work this time.

[milkmaker]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.