From 95e14c183b185cb2d0089ce8067be16ceaf9b552 Mon Sep 17 00:00:00 2001 From: CyberMind-FR Date: Tue, 17 Feb 2026 07:11:22 +0100 Subject: [PATCH] fix(mailserver): Improve Dovecot startup permissions - Create login/token-login/empty directories with correct ownership - Set proper permissions for dovenull user on login directories - Remove stale auth-token-secret.dat on startup (prevents "compromised token" errors) - Increase sleep time after dovecot start for socket creation - Fix permissions again after socket creation Co-Authored-By: Claude Opus 4.5 --- .../files/usr/sbin/mailserverctl | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/package/secubox/secubox-app-mailserver/files/usr/sbin/mailserverctl b/package/secubox/secubox-app-mailserver/files/usr/sbin/mailserverctl index 77965444..b0a51310 100644 --- a/package/secubox/secubox-app-mailserver/files/usr/sbin/mailserverctl +++ b/package/secubox/secubox-app-mailserver/files/usr/sbin/mailserverctl @@ -81,9 +81,14 @@ addgroup dovenull dovecot 2>/dev/null || true # Ensure dovecot run directory exists with correct permissions # This fixes anvil-auth-penalty socket permission issues -mkdir -p /run/dovecot +mkdir -p /run/dovecot /run/dovecot/login /run/dovecot/token-login /run/dovecot/empty chown -R dovecot:dovecot /run/dovecot +chown root:dovenull /run/dovecot/login /run/dovecot/token-login chmod 755 /run/dovecot +chmod 750 /run/dovecot/login /run/dovecot/token-login + +# Remove stale auth token (prevents "compromised token" errors on restart) +rm -f /run/dovecot/auth-token-secret.dat # Ensure dovecot users file is readable (fixes LMTP lookup errors) [ -f /etc/dovecot/users ] && chmod 644 /etc/dovecot/users && chown root:dovecot /etc/dovecot/users @@ -95,8 +100,9 @@ sleep 1 /usr/sbin/dovecot # Give dovecot a moment to create sockets, then fix permissions -sleep 1 +sleep 2 chown -R dovecot:dovecot /run/dovecot +chown root:dovenull /run/dovecot/login /run/dovecot/token-login echo "Mail services started"