I am trying to have a default sieve rule for new mailboxes that can be edited by users using the round cube sieve plugin. It would actually be better executed when a new user is created but my postfixadmin runs on a separate machine so that's a bit tricky.

The "sieve-default =" setting won't quite achieve what I want as I want users to be able to edit the default rule (to adjust SPAM level)

Mail works fine before I add my post-login script to 10-master.conf

service imap {
  # tell imap to do post-login lookup using a socket called "imap-postlogin"
  executable = imap imap-postlogin
}


service imap-postlogin {
  # all post-login scripts are executed via script-login binary
  executable = script-login /etc/dovecot/custom_sieve/postlogin.sh

  # the script process runs as the user specified here (v2.0.14+):
  user = mail # also tried $default_internal_user and root
  # this UNIX socket listener must use the same name as given to imap executable
  unix_listener imap-postlogin {
  }
}

After adding this setting, login fails and gives the error below. It certainly looks like a permission issue, but I have checked my script is executable and owned by vmail:vmail. The bash script executes fine as the mail user. The other possibility is that dovecot is denying access to the $HOME variable, but that seems unlikely. Nevertheless, I am stuck!

Log shows:

dovecot: master: Dovecot v2.1.7 starting up (core dumps disabled) dovecot: auth-worker(17522): mysql(database1): Connected to database postfixadmin dovecot: imap-login: Login: user=<test2@fqdn.net>, method=PLAIN, rip=10.0.3.120, lip=10.0.1.180, mpid=17524, TLS, session=<+blqxxxxxxxxxM> dovecot: imap(test2@fqdn.net): Post-login script denied access to user test2@fqdn.net

BASH script: /etc/dovecot/custom_sieve/postlogin.sh

#!/bin/sh if [ ! -f $HOME/dovecot.sieve ] # if file doesn't exist then mkdir -p $HOME/sieve cp /etc/dovecot/custom_sieve/default.sieve $HOME/sieve/managesieve.sieve ln -s $HOME/sieve/managesieve.sieve $HOME/dovecot.sieve fi

DEFAULT SIEVE RULE: /etc/dovecot/custom_sieve/default.sieve

require ["fileinto"]; # rule:[SPAM] if header :contains "X-Spam-Level" "**********" { fileinto "Junk"; }

Config

# 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.3 ext4 dict { sqldomainquota = mysql:/etc/dovecot/dovecot-sql-domain.conf sqluserquota = mysql:/etc/dovecot/dovecot-dict-sql-user.conf } mail_location = maildir:/home/vmail/%d/%n/Maildir:INDEX=/home/vmail/%d/%n/Maildir/indexes mail_plugins = " quota" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { quota = dict:User Quota::proxy::sqluserquota quota_rule2 = Trash:storage=+100M sieve = ~/../.dovecot.sieve sieve_dir = ~/../sieve } protocols = " imap sieve pop3" service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } service dict { unix_listener dict { group = vmail mode = 0600 user = vmail } } service imap-postlogin { executable = script-login /var/spool/mail/postlogin.sh user = vmail } service imap { executable = imap imap-postlogin } ssl_cert = </etc/ssl/mailserver/mailserver.pem ssl_key = </etc/ssl/mailserver/private/mailserver_dcp.pem userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } protocol lda { mail_plugins = " quota sieve" postmaster_address = hidden@fqdn.net } protocol imap { mail_plugins = " quota imap_quota" }