[Dovecot] post-login scripting failing with "denied access to user" v2.1.7

Frank dovecot_list at greenant.net
Mon Jan 27 08:57:54 EET 2014 

I am trying to have a default sieve rule for new mailboxes that can be 
edited by users using the round cube sieve plugin.
It would actually be better executed when a new user is created but my postfixadmin runs on a separate machine so that's a bit tricky.

The "sieve-default =" setting won't quite achieve what I want as I want users to be able to edit the default rule (to adjust SPAM level)

Mail works fine before I add my post-login script to 
10-master.conf
----------------------
	service imap {
	  # tell imap to do post-login lookup using a socket called "imap-postlogin"
	  executable = imap imap-postlogin
	}

	
	service imap-postlogin {
	  # all post-login scripts are executed via script-login binary
	  executable = script-login /etc/dovecot/custom_sieve/postlogin.sh

	  # the script process runs as the user specified here (v2.0.14+):
	  user = mail # also tried $default_internal_user and root
	  # this UNIX socket listener must use the same name as given to imap executable
	  unix_listener imap-postlogin {
	  }
	}

After adding this setting, login fails and gives the error below.
It certainly looks like a permission issue, but I have checked my script is executable and owned by vmail:vmail.  The bash script executes fine as the mail user.
The other possibility is that dovecot is denying access to the $HOME variable, but that seems unlikely.
Nevertheless, I am stuck!

Log shows:
------------------
dovecot: master: Dovecot v2.1.7 starting up (core dumps disabled)
dovecot: auth-worker(17522): mysql(database1): Connected to database postfixadmin
dovecot: imap-login: Login: user=<test2 at fqdn.net>, method=PLAIN, rip=10.0.3.120, lip=10.0.1.180, mpid=17524, TLS, session=<+blqxxxxxxxxxM>
dovecot: imap(test2 at fqdn.net): Post-login script denied access to user test2 at fqdn.net


BASH script: /etc/dovecot/custom_sieve/postlogin.sh
--------------------------------------------------
#!/bin/sh
if [ ! -f $HOME/dovecot.sieve ]  # if file doesn't exist
then
    mkdir -p $HOME/sieve
    cp /etc/dovecot/custom_sieve/default.sieve $HOME/sieve/managesieve.sieve
    ln -s $HOME/sieve/managesieve.sieve $HOME/dovecot.sieve
fi

DEFAULT SIEVE RULE: /etc/dovecot/custom_sieve/default.sieve
-----------------------------------
require ["fileinto"];
# rule:[SPAM]
if header :contains "X-Spam-Level" "**********"
{
        fileinto "Junk";
}




Config
=======

# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.3 ext4
dict {
  sqldomainquota = mysql:/etc/dovecot/dovecot-sql-domain.conf
  sqluserquota = mysql:/etc/dovecot/dovecot-dict-sql-user.conf
}
mail_location = maildir:/home/vmail/%d/%n/Maildir:INDEX=/home/vmail/%d/%n/Maildir/indexes
mail_plugins = " quota"
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    auto = subscribe
    special_use = \Drafts
  }
  mailbox Junk {
    auto = subscribe
    special_use = \Junk
  }
  mailbox Sent {
    auto = subscribe
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    auto = subscribe
    special_use = \Trash
  }
  prefix =
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
plugin {
  quota = dict:User Quota::proxy::sqluserquota
  quota_rule2 = Trash:storage=+100M
  sieve = ~/../.dovecot.sieve
  sieve_dir = ~/../sieve
}
protocols = " imap sieve pop3"
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
}
service dict {
  unix_listener dict {
    group = vmail
    mode = 0600
    user = vmail
  }
}
service imap-postlogin {
  executable = script-login /var/spool/mail/postlogin.sh
  user = vmail
}
service imap {
  executable = imap imap-postlogin
}
ssl_cert = </etc/ssl/mailserver/mailserver.pem
ssl_key = </etc/ssl/mailserver/private/mailserver_dcp.pem
userdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
protocol lda {
  mail_plugins = " quota sieve"
  postmaster_address = hidden at fqdn.net
}
protocol imap {
  mail_plugins = " quota imap_quota"
}

More information about the dovecot mailing list