Managesieve problem

John Fawcett john at
Sun Feb 3 21:15:40 EET 2019

On 03/02/2019 18:51, Ervin Hegedüs wrote:
> Hi John,
> On Sun, Feb 03, 2019 at 04:44:44PM +0100, John wrote:
>> On 2/3/19 2:09 PM, Hegedüs Ervin wrote:
>>> Hi John,
>>> On Sun, Feb 03, 2019 at 09:56:38AM +0100, John Fawcett wrote:
>>>> On 01/02/2019 13:39, Ervin Hegedüs wrote:
>>>>> I'ld try to set up the managesieve (for RoundCube) - the sieve is
>>>>> works as well with dovecot (I mean my filters works perfectly).
>>>>> When I would try to connect to managesieve, I got an error, and
>>>>> mail.err contains:
>>>>> dovecot: managesieve(airween at Error: user airween at Couldn't drop privileges: getgrnam(vmail) failed: Permission denied (in mail_privileged_group setting)
>>>>> Also I got it when I try to connect to port 4190 at localhost
>>>>> (with telnet), and send the generated AUTH string (with
>>>> it can often help if you give versions of the dovecot and pigeonhole as
>>>> well as posting the config (dovecot -n) since people may be able to spot
>>>> configuration errors.
>>> sorry, you're right, I forgot it :(
>>> # 2.2.13: /etc/dovecot/dovecot.conf
>>> # OS: Linux 3.16.0-4-amd64 x86_64  ext4
> thanks for your detailed message,
>> Checking further, the managesieve-login process is chrooted by default.
> yes, I read it - but is there any way (and meaning) to configure
> it for not-chroot?
>> I
>> wonder if it can then read /etc/group. Are you using mail_privileged_group
>> because of the permissions on your mail storage directories would not
>> otherwise allow them to be accessed?
> yes... I guess :)
>> If not you could try to just set
>> mail_privileged_group to blank and restart dovecot.
> I leave it blank, restarted Dovecot, and now it works as well.
> Thanks again for your help.
> a.

So in your case, if everything including imap logins and operations are
working fine without mail_privileged_group then I guess you don't really
need it there. If you had needed it, I'm not 100% sure how the issue
could have been resolved. You could have tried not to chroot by puttinig

chroot =

in the service managesieve-login section of your config, but even if it
worked it's not a great solution.

I checked on dovecot 2.2.36 I don't have any issue with a non blank
mail_privileged_group when logging into managesieve.


More information about the dovecot mailing list