All 3 Dovecot log files should be owned by vmail:vmail with permission 0600.

I looked at the body of the rejected messages.  These are from the nightly jobs that email root the status of backups and such.  I hadn't seen the failures for  a week or so, since I had chmod 666 the sieve file.  When the logrotate happened, the new sieve file was back to 600 and then the emails started failing...

So why are these errors happening.  Obviously 600 is NOT right (at least not for the sieve file for local delivery!)  Here is the entire text:

This is the mail system at host iredmail.druber.com.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<root@iredmail.druber.com>: temporary failure. Command output: Can't open log
    file /var/log/dovecot-sieve.log: Permission denied
Reporting-MTA: dns; iredmail.druber.com
X-Postfix-Queue-ID: 2EBC82C0678
X-Postfix-Sender: rfc822; root@druber.com
Arrival-Date: Wed, 17 Jun 2015 03:00:02 -0400 (EDT)

Final-Recipient: rfc822; root@iredmail.druber.com
Original-Recipient: rfc822;root@iredmail.druber.com
Action: failed
Status: 4.3.0
Diagnostic-Code: x-unix; Can't open log file
    /var/log/dovecot-sieve.log: Permission denied
Subject     Cron <root@iredmail> /bin/bash /var/vmail/backup/backup_openldap.sh
From     root@druber.comAdd contact
To     root@druber.comAdd contact
Date     Today 03:00
Return-Path: <root@druber.com>
Received: from iredmail.druber.com (iredmail.druber.com [127.0.0.1])
    by iredmail.druber.com (Postfix) with ESMTP id 2EBC82C0678
    for <root@iredmail.druber.com>; Wed, 17 Jun 2015 03:00:02 -0400 (EDT)
Authentication-Results: iredmail.druber.com (amavisd-new); dkim=pass
    reason="pass (just generated, assumed good)" header.d=druber.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=druber.com; h=
    date:date:message-id:auto-submitted:content-type:content-type
    :subject:subject:to:from:from; s=dkim; t=1434524401; x=
    1435388402; bh=zKa0tJCVnUloabNYK3fc69PFub8Z83LO6PB5YpYg+4g=; b=2
    ubtYrzXwWPHdEa11dgIv+VbBr5y3SP7IjjO4PvOTRolZvVbXls7+dGcMRbagWyWQ
    v8CdpnEsNCKSgy2qdU3j62xkMnJ48iHve0DtdGKsDW5WNPqlpK8e5mzQFDhHFRyB
    zaweIyCDBEFShJrF7rjrCd61rpDppCTb1uLmtg7fOkFWhbaWDJyGFbmSO2JztsEF
    sPsPjAcx6q6kfJAsR9OU9A06UcfzP9VAyE0ThqG4Sswjnfm5tKTs75KAINHRkk0L
    exR2KyAK35gYpy3MLPbSIulFwI0Mww7j+VTpGkL50yT5mkwc93ZqGCVuyO3RFIUx
    MtqaZVVU95xt+lOOOmRrA==
X-Virus-Scanned: amavisd-new at iredmail.druber.com
Received: from iredmail.druber.com ([127.0.0.1])
    by iredmail.druber.com (iredmail.druber.com [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id 9IUGHUeQ31Vb for <root@iredmail.druber.com>;
    Wed, 17 Jun 2015 03:00:01 -0400 (EDT)
Received: by iredmail.druber.com (Postfix, from userid 0)
    id B62272C06AE; Wed, 17 Jun 2015 03:00:01 -0400 (EDT)
From: root@druber.com (Cron Daemon)
To: root@druber.com
Subject: Cron <root@iredmail> /bin/bash /var/vmail/backup/backup_openldap.sh
Content-Type: text/plain; charset=UTF-8
Auto-Submitted: auto-generated
X-Cron-Env: <LANG=en_US.UTF-8>
X-Cron-Env: <SHELL=/bin/sh>
X-Cron-Env: <HOME=/root>
X-Cron-Env: <PATH=/usr/bin:/bin>
X-Cron-Env: <LOGNAME=root>
X-Cron-Env: <USER=root>
Message-Id: <20150617070001.B62272C06AE@iredmail.druber.com>
Date: Wed, 17 Jun 2015 03:00:01 -0400 (EDT)

55811af1 hdb_monitor_db_open: monitoring disabled; configure monitor database to enable
==> Backup completed successfully.
==> Detailed log (/var/vmail/backup/ldap/2015/06/2015-06-17-03:00:01.log):
=========================
    [DONE]
* File size:
=================
4.0K    /var/vmail/backup/ldap/2015/06/2015-06-17-03:00:01.ldif.bz2
=================
* Backup completed (Success? YES).

[root@iredmail ~]# dovecot -n
# 2.1.17: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-504.el6.x86_64 x86_64 CentOS release 6.6 (Final)
auth_default_realm = druber.com
auth_master_user_separator = *
auth_mechanisms = PLAIN LOGIN
dict {
  acl = mysql:/etc/dovecot/dovecot-share-folder.conf
  quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf
}
first_valid_uid = 2000
last_valid_uid = 2000
listen = * [::]
log_path = /var/log/dovecot.log
mail_gid = 2000
mail_location = maildir:%Lh/Maildir/:INDEX=%Lh/Maildir/
mail_plugins = quota acl
mail_uid = 2000
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
namespace {
  inbox = yes
  location =
  prefix =
  separator = /
  type = private
}
namespace {
  list = children
  location = maildir:%%Lh/Maildir/:INDEX=%%Lh/Maildir/Shared/%%u
  prefix = Shared/%%u/
  separator = /
  subscriptions = yes
  type = shared
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf
  driver = ldap
}
passdb {
  args = /etc/dovecot/dovecot-master-users
  driver = passwd-file
  master = yes
}
plugin {
  acl = vfile
  acl_shared_dict = proxy::acl
  auth_socket_path = /var/run/dovecot/auth-master
  autocreate = INBOX
  autocreate2 = Sent
  autocreate3 = Trash
  autocreate4 = Drafts
  autocreate5 = Junk
  autosubscribe = INBOX
  autosubscribe2 = Sent
  autosubscribe3 = Trash
  autosubscribe4 = Drafts
  autosubscribe5 = Junk
  quota = dict:user::proxy::quotadict
  quota_rule = *:storage=1G
  quota_warning = storage=85%% quota-warning 85 %u
  quota_warning2 = storage=90%% quota-warning 90 %u
  quota_warning3 = storage=95%% quota-warning 95 %u
  sieve = %Lh/sieve/dovecot.sieve
  sieve_before = /var/vmail/sieve/dovecot.sieve
  sieve_dir = %Lh/sieve
  sieve_global_dir = /var/vmail/sieve
}
protocols = imap sieve lmtp
service auth {
  unix_listener /var/spool/postfix/private/dovecot-auth {
    group = postfix
    mode = 0666
    user = postfix
  }
  unix_listener auth-master {
    group = vmail
    mode = 0666
    user = vmail
  }
  unix_listener auth-userdb {
    group = vmail
    mode = 0660
    user = vmail
  }
}
service dict {
  unix_listener dict {
    group = vmail
    mode = 0660
    user = vmail
  }
}
service imap-login {
  process_limit = 500
  service_count = 1
}
service lmtp {
  executable = lmtp -L
  inet_listener lmtp {
    address = 127.0.0.1 ::1
    port = 24
  }
  process_min_avail = 5
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    group = postfix
    mode = 0600
    user = postfix
  }
  user = vmail
}
service managesieve-login {
  inet_listener sieve {
    address = 127.0.0.1 ::1
    port = 4190
  }
}
service pop3-login {
  service_count = 1
}
service quota-warning {
  executable = script /usr/local/bin/dovecot-quota-warning.sh
  unix_listener quota-warning {
    group = vmail
    mode = 0660
    user = vmail
  }
}
ssl = required
ssl_cert = </etc/pki/tls/certs/iRedMail.crt
ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
ssl_key = </etc/pki/tls/private/iRedMail.key
ssl_protocols = !SSLv2 !SSLv3
userdb {
  args = /etc/dovecot/dovecot-ldap.conf
  driver = ldap
}
protocol lda {
  auth_socket_path = /var/run/dovecot/auth-master
  lda_mailbox_autocreate = yes
  lda_mailbox_autosubscribe = yes
  log_path = /var/log/dovecot-sieve.log
  mail_plugins = quota acl sieve autocreate
  postmaster_address = root
}
protocol lmtp {
  info_log_path = /var/log/dovecot-lmtp.log
  lmtp_save_to_detail_mailbox = yes
  mail_plugins = quota sieve
  postmaster_address = postmaster
  recipient_delimiter = +
}
protocol imap {
  imap_client_workarounds = tb-extra-mailbox-sep
  mail_max_userip_connections = 20
  mail_plugins = quota acl imap_quota autocreate imap_acl
}
protocol pop3 {
  mail_max_userip_connections = 20
  mail_plugins = quota acl
  pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
  pop3_uidl_format = %08Xu%08Xv
}

[root@iredmail ~]# ls -l /var/log/dovecot*
-rw------- 1 vmail vmail       0 Jun 14 03:50 /var/log/dovecot-lmtp.log
-rw------- 1 vmail vmail      14 Jun 14 03:50 /var/log/dovecot-lmtp.log-20150614.bz2
-rw------- 1 vmail vmail 1083887 Jun 17 10:53 /var/log/dovecot.log
-rw------- 1 vmail vmail   30190 Jun 14 03:50 /var/log/dovecot.log-20150614.bz2
-rw-rw-rw- 1 vmail vmail   37588 Jun 17 10:53 /var/log/dovecot-sieve.log
-rw------- 1 vmail vmail    2704 Jun 14 03:50 /var/log/dovecot-sieve.log-20150614.bz2

(I set the sieve file 666 to avoid the errors for now)

Here is one example from /var/log/maillog:

Jun 15 11:19:09 iredmail postfix/pickup[12791]: 411B62C069E: uid=0 from=<root>
Jun 15 11:19:09 iredmail postfix/cleanup[12802]: 411B62C069E: message-id=<20150615151909.411B62C069E@iredmail.druber.com>
Jun 15 11:19:09 iredmail postfix/qmgr[12790]: 411B62C069E: from=<root@iredmail.druber.com>, size=426, nrcpt=1 (queue active)
Jun 15 11:19:09 iredmail postfix/smtpd[12812]: connect from iredmail.druber.com[127.0.0.1]
Jun 15 11:19:09 iredmail postfix/smtpd[12812]: 8FA592C069D: client=iredmail.druber.com[127.0.0.1]
Jun 15 11:19:09 iredmail postfix/cleanup[12802]: 8FA592C069D: message-id=<20150615151909.411B62C069E@iredmail.druber.com>
Jun 15 11:19:09 iredmail postfix/qmgr[12790]: 8FA592C069D: from=<root@iredmail.druber.com>, size=1172, nrcpt=1 (queue active)
Jun 15 11:19:09 iredmail postfix/smtpd[12812]: disconnect from iredmail.druber.com[127.0.0.1]
Jun 15 11:19:09 iredmail amavis[10429]: (10429-06) Passed CLEAN {RelayedInternal}, MYUSERS <root@iredmail.druber.com> -> <root@iredmail.druber.com>, Message-ID: <20150615151909.411B62C069E@iredmail.druber.com>, mail_id: jYZQTxyC2IUB, Hits: 5.289, size: 426, queued_as: 8FA592C069D, 257 ms
Jun 15 11:19:09 iredmail postfix/smtp[12806]: 411B62C069E: to=<root@iredmail.druber.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.39, delays=0.07/0.04/0/0.28, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 8FA592C069D)
Jun 15 11:19:09 iredmail postfix/qmgr[12790]: 411B62C069E: removed
Jun 15 11:19:09 iredmail postfix/local[12814]: 8FA592C069D: to=<root@iredmail.druber.com>, relay=local, delay=0.08, delays=0.01/0.04/0/0.04, dsn=4.3.0, status=deferred (temporary failure. Command output: Can't open log file /var/log/dovecot-sieve.log: Permission denied )

You can add one line in /etc/postfix/aliases like below:

root: user@domain.com

Then run 'postalias /etc/postfix/aliases'.

Make sure you are using a real/valid email address.