7 Feb
2024
7 Feb
'24
1:59 p.m.
I've fixed this issue and wanted to get back for any else that might stumble upon this.
Using logger -p mail.err "$(id)" in the sieve bash script I found out that the groups for dovecot:dovecot didn't include all groups as set in /etc/group. Apparently Dovecot doesn't respect the system's group memberships (probably due to security?) and instead requires you to set it explicitly using the mail_access_groups variable. E.g. this works in accessing /var/run/rspamd/rspamd-controller.sock owned by _rspamd:_rspamd and permissions 660 (the execute bit doesn't do anything for sockets, so it is effectively the same as 770):
conf.d/10-mail.conf
mail_uid = dovecot
mail_gid = dovecot
mail_access_groups = _rspamd
first_valid_uid = 97