[Dovecot] Problem with checkpassword-reply

[sawyer x]

Hello

I posted an earlier post on problems with getting usernames. That one
is solved, thank you.

I'm currently having trouble executing checkpassword-reply. The
maillog shows the following error: (substituting rip/lip/user/domain)
May 27 07:21:06 saw dovecot: Logins with UID 0 not permitted (user
user at domain.com>
May 27 07:21:06 saw dovecot: imap-login: Internal login failure:
user=<user at domain.com>, method=plain, rip=xxx.xxx.xxx.xxx,
lip=xxx.xxx.xxx.xxx, TLS

My script reads fd3 right and gets all the details correct. Then runs
the following code:
---
$REPLY = $ARGV[0] || exit 111; # this is actually run much earlier
$ENV{HOME} = "$USERSHOME/$domain/$user";
$ENV{USER} = $user;
# effective gid
$) = 300;
# effective uid
$> = 300;
exec $REPLY;
---

I've looked at the checkpassword-reply code (thank god for open source
software) and I saw that it opens fd4 for writing. I couldn't find any
documentation about this and couldn't find anyone who is using
checkpassword-reply. No sample scripts, no examples, and the
documentation on the site is extremely scarce.
The wiki docs indicate I should just execute it - which I do - but
that does not help.
Also, the debugging isn't very meaningful. I'm definitely changing the
UID and GID, but it's not apparent in the maillog. The fie permissions
on checkpassword-reply show I could execute it under any user and I've
tried that with "sudo -u <user> /path/to/checkpassword-reply.

On a post somewhere in the vortex of the internet someone said Dovecot
does not allow any uid/gid under 99 (which is why I tried 300), but I
couldn't find any documentation for that anywhere in the wiki either.

What am I missing and is there anything I've missed that would have
prevented me from emailing the mailing list with this long email?

Thanks,
Sawyer.