OK, I've figured it out:
In the dovecot profile for apparmor the sieve directory is not
confgured. I solved it this way:
To configure only one directory in the apparmor profile, I placed the
active-script link inside the .sieve directory. Keeping the scripts
separate in a store subdirectory, like this:
In /etc/dovecot/conf.d/90-sieve.conf :
sieve = file:~/.sieve/store;active=~/.sieve/active.sieve
Then dovecot is granted access by adding the .sieve directory in the
apparmor profile. The dovecot file in the tunables directory seems to be
a neat way to that:
In /etc/apparmor.d/tunables/dovecot :
@{DOVECOT_MAILSTORE}=@{HOME}/Maildir/ /var/spool/mail/
@{HOME}/.sieve/
Ofcourse the .sieve directory is not really a MAILSTORE. But this way,
the configuration stays close to the defaults. I didn't find something
like DOVECOT_SIEVESTORE, which would be more appropriate.
After restart of apparmor and dovecot, it works!
@Stephan: thanks for the advice - it did help to pinpoint the problem!
Regards,
Rogier
