I noticed similar problems with 42.2-Current. Interestingly the logger reproducer doesn't trigger it there, but I noticed sys_admin denials for dovecot/auth - and I doubt dovecot/auth needs the the sys_admin capability. Please make sure to also submit the fixed package to 42.2.