Unable to write *.sieve files while Dovecot is running

Ralph Seichter ralph at ml.seichter.de
Fri Apr 8 13:49:57 UTC 2022

* Alexander Dalloz:

> IMHO dovecot only consumes the bytecode sieve filter, not the plain
> text source file based on which the bytecode get generated.

Quoting the sievec(1) manual page:

  [...] Dovecot's LDA process will first look for a binary file
  "dovecot.svbin" when it needs to execute "dovecot.sieve". It will
  compile a new binary when it is missing or outdated.

Changing the *.sieve file has always been sufficient. Manually invoking
sievec is just something I do because it will tell me right away if my
latest changes introduced a syntactic mistake.

> I would be your issue is cause by unix permissions or by MAC systems
> like grsecurity, SELinux or Apparmor.

That comment of yours got me experimenting today. I stopped Deovecot and
messed about with the example.siev e file. Finally, I renamed it to
old.sieve, and then used

  cat old.sieve > example.sieve

to create a fresh file with with the old content. I can now once again
modify example.sieve while Dovecot is running, and Dovecot recompiles it
to example.svbin as necessary.

While I don't know how the original *.sieve file got "broken" in terms
of permissions or special attributes, it appears that it was indeed a
local issue unrelated to Dovecot itself. My apologies, and thanks.


More information about the dovecot mailing list