[prev in list] [next in list] [prev in thread] [next in thread]
List: dovecot
Subject: Permission problem when using sieve script
From: tacodewolff () gmail ! com
Date: 2024-01-28 2:12:28
Message-ID: 170640794890.861641.4498520603807407739 () talvi ! dovecot ! org
[Download RAW message or body]
Hi,
I've been banging my head on this problem for a while now and need some help on this \
issue. I've set up Dovecot with Sieve scripts, which use bash scripts to either learn \
ham or learn spam. This is sent to the Rspamd controller (using a Unix socket at \
/var/run/rspamd/rspamd-controller.sock).
The socket has permissions 660 and is owned by _rspamd:_rspamd. It's directory and \
parent directory have 755. The sieve script looks like: exec /usr/bin/rspamc -h \
/var/run/rspamd/rspamd-controller.sock -P 'password' learn_ham
I've added the dovecot user to the _rspamd group, but I consistently get "Permission \
denied" when marking emails as ham/spam. Only when I make the socket permission 666 \
it works correctly. Also when the permission is 660 but ownership is _rspamd:dovecot \
it works as well. I don't want the former as anyone could connect, and the latter \
can't be set automatically in Rspamd.
I'm pulling my hairs out. I've tried to figure out the user and group that dovecot \
uses to run the sieve script (creatively by 'exit'ing the bash script with the uid or \
gid as error code), and they are both 97 (i.e. dovecot uid and gid).
I've tried personally logging in as dovecot using 'sudo -u dovecot bash' and then \
using 'socat' to connect to the socket. This works fine. But through the dovecot \
sieve script for some reason it's not working. I've tried disabling SELinux and \
fapolicyd, but no luck. Is Dovecot using some restricted permissions when running \
sieve scripts?
# dovecot --version
2.3.16 (7e2e900c1a)
Thank you,
Taco
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-leave@dovecot.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic