On Sun, 2025-06-29 at 13:57 -0400, Genes Lists via dovecot wrote:
1)
With 2.4.1, when a non-root user runs sievec on their own sieve scripts it fails to run due to permission denied on the dovecot certificate key (which is only readable by root).
protocol lmtp { postmaster_address = postmaster@<domain>.com mail_plugins { sieve = yes } hostname = imap.<domain>.com } sieve_script before { driver = file path = /etc/dovecot/sieve/global active_path = remove_dup.sieve } sieve_script personal { driver = file path = ~/sieve active_path = ~/.dovecot.sieve } sieve_script after { driver = file path = /etc/dovecot/sieve active_path = default.sieve }
I changed the cert permissions so that users can see the cert (but not the key file). Now sievec runs as non-root.
However, sieve does not get run using above configs for some reason.
Any guidance on what I need to change in my configs to get sieve working again - it was working fine under 2.3.x but after migrating server to 2.4.1 it is no longer. I assume I missed something in the migration but I don't see what I've done wrong.
thanks for help.
gene
-- Gene
On Sun, 2025-06-29 at 13:57 -0400, Genes Lists via dovecot wrote: 1)
With 2.4.1, when a non-root user runs sievec on their own sieve
scripts
it fails to run due to permission denied on the dovecot certificate
key
(which is only readable by root).
protocol lmtp { postmaster_address = postmaster@<domain>.com mail_plugins { sieve = yes } hostname = imap.<domain>.com } sieve_script before { driver = file path = /etc/dovecot/sieve/global active_path = remove_dup.sieve } sieve_script personal { driver = file path = ~/sieve active_path = ~/.dovecot.sieve } sieve_script after { driver = file path = /etc/dovecot/sieve active_path = default.sieve }
I changed the cert permissions so that users can see the cert (but not the key file). Now sievec runs as non-root.
However, sieve does not get run using above configs for some reason.
Any guidance on what I need to change in my configs to get sieve working again
- it was working fine under 2.3.x but after migrating server to 2.4.1 it is no longer. I assume I missed something in the migration but I don't see what I've done wrong.
thanks for help.
gene
-- Gene