From d43855b3d1b9aecdb144a394dc8da1663b95b0ad Mon Sep 17 00:00:00 2001
From: CyberMind-FR <gandalf@Gk2.net>
Date: Wed, 25 Feb 2026 07:11:43 +0100
Subject: [PATCH] fix(mailserver): Use uid/gid 5000 for vmail user in Dovecot
 config
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes Roundcube IMAP "Internal error occurred" caused by Dovecot
running mail processes as uid 102 (Alpine default) instead of the
actual vmail user uid 5000.

Changes:
- configure_postfix: virtual_uid_maps/gid_maps 102/105 → 5000/5000
- configure_dovecot: mail_uid/gid, first_valid_uid, userdb args
- cmd_add_user: passwd file entries and ownership

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 .claude/HISTORY.md                             |  9 +++++++++
 .../files/usr/sbin/mailserverctl               | 18 +++++++++---------
 2 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/.claude/HISTORY.md b/.claude/HISTORY.md
index 25f4ba05..93f6def8 100644
--- a/.claude/HISTORY.md
+++ b/.claude/HISTORY.md
@@ -3489,3 +3489,12 @@ git checkout HEAD -- index.html
     - **Fix Applied:**
       - `p2p-mesh.sh`: Silenced usage output when sourced as library
     - **Tested:** All RPCD methods working via ubus, discovery mode toggle, bulk tokens
+
+27. **Mailserver Dovecot UID/GID Fix (2026-02-25)**
+    - Fixed Roundcube IMAP "Internal error" caused by Dovecot running as wrong user (uid 102 instead of 5000)
+    - **Problem:** Dovecot config had hardcoded uid=102/gid=105 from Alpine defaults, but vmail user is uid=5000/gid=5000
+    - **Files Modified:**
+      - `mailserverctl`: Fixed 7 uid/gid references (102→5000, 105→5000)
+      - `dovecot.conf` template: Changed mail_uid/gid, first_valid_uid/last_valid_uid
+      - `configure_postfix`: Changed virtual_uid_maps/virtual_gid_maps
+      - `cmd_add_user`: Changed passwd file uid:gid entries
diff --git a/package/secubox/secubox-app-mailserver/files/usr/sbin/mailserverctl b/package/secubox/secubox-app-mailserver/files/usr/sbin/mailserverctl
index 2dffdde9..9aafe649 100644
--- a/package/secubox/secubox-app-mailserver/files/usr/sbin/mailserverctl
+++ b/package/secubox/secubox-app-mailserver/files/usr/sbin/mailserverctl
@@ -203,8 +203,8 @@ mynetworks = 127.0.0.0/8 [::1]/128 192.168.255.0/24
 virtual_mailbox_domains = $domain
 virtual_mailbox_base = /var/mail
 virtual_mailbox_maps = lmdb:/etc/postfix/vmailbox
-virtual_uid_maps = static:102
-virtual_gid_maps = static:105
+virtual_uid_maps = static:5000
+virtual_gid_maps = static:5000
 virtual_transport = lmtp:unix:private/dovecot-lmtp
 
 # SASL auth via Dovecot
@@ -282,10 +282,10 @@ configure_dovecot() {
 protocols = imap lmtp
 listen = *
 mail_location = maildir:/var/mail/%d/%n
-mail_uid = 102
-mail_gid = 105
-first_valid_uid = 102
-last_valid_uid = 102
+mail_uid = 5000
+mail_gid = 5000
+first_valid_uid = 500
+last_valid_uid = 65534
 
 # Auth
 auth_mechanisms = plain login
@@ -295,7 +295,7 @@ passdb {
 }
 userdb {
   driver = static
-  args = uid=102 gid=105 home=/var/mail/%d/%n
+  args = uid=5000 gid=5000 home=/var/mail/%d/%n
 }
 
 # SSL
@@ -383,10 +383,10 @@ cmd_add_user() {
 	# Generate password hash and add to users file
 	if lxc_running; then
 		local pass_hash=$(lxc-attach -n "$CONTAINER" -- doveadm pw -s SHA512-CRYPT -p "$password")
-		echo "${email}:${pass_hash}:102:105::/var/mail/${domain}/${user}::" >> "$rootfs/etc/dovecot/users"
+		echo "${email}:${pass_hash}:5000:5000::/var/mail/${domain}/${user}::" >> "$rootfs/etc/dovecot/users"
 		# Fix permissions (dovecot needs read access)
 		chmod 644 "$rootfs/etc/dovecot/users"
-		chown root:102 "$rootfs/etc/dovecot/users"
+		chown root:5000 "$rootfs/etc/dovecot/users"
 	else
 		error "Container not running. Start it first."
 		return 1