fix(mailserver): Improve Dovecot startup permissions

- Create login/token-login/empty directories with correct ownership - Set proper permissions for dovenull user on login directories - Remove stale auth-token-secret.dat on startup (prevents "compromised token" errors) - Increase sleep time after dovecot start for socket creation - Fix permissions again after socket creation Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-17 07:11:22 +01:00 · 2026-02-17 07:11:22 +01:00 · 95e14c183b
commit 95e14c183b
parent 8412639a8c
1 changed files with 8 additions and 2 deletions
--- a/package/secubox/secubox-app-mailserver/files/usr/sbin/mailserverctl
+++ b/package/secubox/secubox-app-mailserver/files/usr/sbin/mailserverctl
@ -81,9 +81,14 @@ addgroup dovenull dovecot 2>/dev/null || true

 # Ensure dovecot run directory exists with correct permissions
 # This fixes anvil-auth-penalty socket permission issues
-mkdir -p /run/dovecot
+mkdir -p /run/dovecot /run/dovecot/login /run/dovecot/token-login /run/dovecot/empty
 chown -R dovecot:dovecot /run/dovecot
+chown root:dovenull /run/dovecot/login /run/dovecot/token-login
 chmod 755 /run/dovecot
+chmod 750 /run/dovecot/login /run/dovecot/token-login
+
+# Remove stale auth token (prevents "compromised token" errors on restart)
+rm -f /run/dovecot/auth-token-secret.dat

 # Ensure dovecot users file is readable (fixes LMTP lookup errors)
 [ -f /etc/dovecot/users ] && chmod 644 /etc/dovecot/users && chown root:dovecot /etc/dovecot/users
@ -95,8 +100,9 @@ sleep 1
 /usr/sbin/dovecot

 # Give dovecot a moment to create sockets, then fix permissions
-sleep 1
+sleep 2
 chown -R dovecot:dovecot /run/dovecot
+chown root:dovenull /run/dovecot/login /run/dovecot/token-login

 echo "Mail services started"