Hi,
I've been banging my head on this problem for a while now and need some help on this issue. I've set up Dovecot with Sieve scripts, which use bash scripts to either learn ham or learn spam. This is sent to the Rspamd controller (using a Unix socket at /var/run/rspamd/rspamd-controller.sock).
The socket has permissions 660 and is owned by _rspamd:_rspamd. It's directory and parent directory have 755. The sieve script looks like: exec /usr/bin/rspamc -h /var/run/rspamd/rspamd-controller.sock -P 'password' learn_ham
I've added the dovecot user to the _rspamd group, but I consistently get "Permission denied" when marking emails as ham/spam. Only when I make the socket permission 666 it works correctly. Also when the permission is 660 but ownership is _rspamd:dovecot it works as well. I don't want the former as anyone could connect, and the latter can't be set automatically in Rspamd.
I'm pulling my hairs out. I've tried to figure out the user and group that dovecot uses to run the sieve script (creatively by 'exit'ing the bash script with the uid or gid as error code), and they are both 97 (i.e. dovecot uid and gid).
I've tried personally logging in as dovecot using 'sudo -u dovecot bash' and then using 'socat' to connect to the socket. This works fine. But through the dovecot sieve script for some reason it's not working. I've tried disabling SELinux and fapolicyd, but no luck. Is Dovecot using some restricted permissions when running sieve scripts?
# dovecot --version 2.3.16 (7e2e900c1a)
Thank you, Taco