Dovecot quota-warning executable can not log to stdout

Question

I'm running dovecot with DB based userdb and passdb inside a docker container using the s6-overlay.

Everything runs very well. Now I tried to add quota warnings and run into a problem with logging to /dev/stdout.

Error message

Whenever the warning mail should be sent I see this message getting logged:

Oct 28 10:27:01 quota-warning: Error: Can't open log file /dev/stdout: No such device or address
Oct 28 10:27:01 quota-warning: Fatal: master: service(quota-warning): child 460 returned error 75

Relevant dovecot config

I've set log path to /dev/stdout to let S6 capture the logs for me. And I added a quota warning script following the manual. Here's the relevant config:

log_path = /dev/stdout
first_valid_uid = 100
mail_uid = vmail
mail_gid = dovecot
mail_privileged_group = dovecot
mail_home = /var/mail/domains/%d/%n
mail_location = maildir:/var/mail/domains/%d/%n**
plugin {
  quota = maildir:User quota
  quota_exceeded_message = Storage quota for user %u exceeded
  quota_rule2 = Trash:storage=+100M
  quota_grace = 10%%
  quota_status_success = DUNNO
  quota_status_nouser = DUNNO
  quota_status_overquota = "552 5.2.2 Mailbox is full"
  quota_warning = storage=85%% quota-warning 85 %u %d
}
service quota-warning {
  executable = script /usr/local/bin/quota-warning.sh
  user = vmail
  group = dovecot
  unix_listener quota-warning {
    user = dovecot
    mode = 0666
  }
}

Quota warning script

#!/bin/sh
PERCENT=$1
USER=$2
DOMAIN=$3
cat << EOF | /usr/libexec/dovecot/dovecot-lda -d $USER -o "plugin/quota=maildir:User quota:noenforcing"
From: no-reply@$DOMAIN
Subject: Qutoa warning

Your mailbox quota is at $PERCENT%.
EOF

S6 dovecot service

The S6 run script to start dovecot is very simple:

#!/bin/sh
exec /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf

Log output from /dev/stdout is captured via a logs/run script:

#!/bin/sh
exec logutil-service /logs/dovecot

What I've tried

Everything works as soon as I change log_path to a static file like /tmp/dovecot.log. But that's not what I want.

So as I see it there's no /dev/stdout created for the quota-warning script and I have no idea how to fix this.

For the record: Everything else from dovecot is logged just fine via /dev/stdout.

UPDATE: I can also run the quota-warning.sh script manually from a shell inside the container without a problem. It drops a warning message into the users mailbox.

Answer 1

It works if you do the following:

Change the user executing the quota-warning script to root:

service quota-warning { executable = script /usr/local/bin/quota-warning.sh user = root }

Even when running the script as root (which is not ideal from a security perspective), it doesn't work, though.

So I appended the following options to the dovecot-lda command line:

/usr/libexec/dovecot/dovecot-lda -d $USER -o "log_path=/proc/1/fd/2" -o "info_log_path=/proc/1/fd/1" -o "plugin/quota=maildir:User quota:noenforcing"

When doing so, logging is redirected to the STDOUT and STDERR of the process with PID=1, which is the process whose output normally gets logged by docker.

I don't know why /dev/stdout and /dev/stderr are not available to the quota-warning script, even if it is run by root...

Did you find a better solution in the meantime?

Best regards, Stefan