Managesieve problem

John Fawcett john at voipsupport.it
Sun Feb 3 21:15:40 EET 2019


On 03/02/2019 18:51, Ervin Hegedüs wrote:
> Hi John,
>
> On Sun, Feb 03, 2019 at 04:44:44PM +0100, John wrote:
>> On 2/3/19 2:09 PM, Hegedüs Ervin wrote:
>>> Hi John,
>>>
>>> On Sun, Feb 03, 2019 at 09:56:38AM +0100, John Fawcett wrote:
>>>> On 01/02/2019 13:39, Ervin Hegedüs wrote:
>>>>> I'ld try to set up the managesieve (for RoundCube) - the sieve is
>>>>> works as well with dovecot (I mean my filters works perfectly).
>>>>>
>>>>> When I would try to connect to managesieve, I got an error, and
>>>>> mail.err contains:
>>>>>
>>>>> dovecot: managesieve(airween at mydomain.hu): Error: user airween at madomain.hu: Couldn't drop privileges: getgrnam(vmail) failed: Permission denied (in mail_privileged_group setting)
>>>>>
>>>>> Also I got it when I try to connect to port 4190 at localhost
>>>>> (with telnet), and send the generated AUTH string (with
>>>>> sieve-auth-command.pl).
>>>> it can often help if you give versions of the dovecot and pigeonhole as
>>>> well as posting the config (dovecot -n) since people may be able to spot
>>>> configuration errors.
>>> sorry, you're right, I forgot it :(
>>>
>>> # 2.2.13: /etc/dovecot/dovecot.conf
>>> # OS: Linux 3.16.0-4-amd64 x86_64  ext4
> thanks for your detailed message,
>  
>> Checking further, the managesieve-login process is chrooted by default.
> yes, I read it - but is there any way (and meaning) to configure
> it for not-chroot?
>
>> I
>> wonder if it can then read /etc/group. Are you using mail_privileged_group
>> because of the permissions on your mail storage directories would not
>> otherwise allow them to be accessed?
> yes... I guess :)
>
>> If not you could try to just set
>> mail_privileged_group to blank and restart dovecot.
> I leave it blank, restarted Dovecot, and now it works as well.
>
> Thanks again for your help.
>
>
> a.

So in your case, if everything including imap logins and operations are
working fine without mail_privileged_group then I guess you don't really
need it there. If you had needed it, I'm not 100% sure how the issue
could have been resolved. You could have tried not to chroot by puttinig

chroot =

in the service managesieve-login section of your config, but even if it
worked it's not a great solution.

I checked on dovecot 2.2.36 I don't have any issue with a non blank
mail_privileged_group when logging into managesieve.

John



More information about the dovecot mailing list