similar to: Postfix, Milters and SELinux

Hi all, I'm trying to add some milters (particularly spamass-milter and clamav-milter, which I acquired through rpmforge) to my postfix configuration on Centos5 with the targeted SELinux policy.. I'm running into difficulty getting postfix to communicate through the unix domain sockets created by the milters, because selinux keeps blocking them. I've attempted to use audit2allow

Following the most recent kernel updates I restarted our outgoing SMTP MTA which was recently reconfigured to DKIM sign messages using OpenDKIM. This morning I discovered that Postfix had stopped on that server. Whether it is related to the Postfix issue or not is yet to be determined but, in the process of getting things restarted I ran across this error with Open DKIM: # service opendkim

I am seeing these in the log of one of our off-site NX hosts running CentOS-6.6. type=AVC msg=audit(1421683972.786:4372): avc: denied { create } for pid=22788 comm="iptables" scontext=system_u:system_r:fail2ban_t:s0 tcontext=system_u:system_r:fail2ban_t:s0 tclass=rawip_socket Was caused by: Missing type enforcement (TE) allow rule. You can use

I am runnig posfix on Centos 4.4 as a Mailgateway. It only accepts mails for domains and then forwards mails to Lotus domino Server. All clients sends outgoing mails to that Lotus domino Server. Then , That Lotus Domino Server sends mails to Postfix mailgateway. This postfix mailgateway sends mails to all the destinations. But, This Postfix mailgateway has about 150 messages in the mailq. Some

Hello, Does anyone have a sample SELinux policy for dkim-milter? I'm using the configuration from this page: http://www.howtoforge.com/set-up-dkim-for-multiple-domains-on-postfix-with-dkim-milter-2.8.x-centos-5.3 Along with the latest RPM from the link on that page. Regards, Ben -- Ben McGinnes http://www.adversary.org/ Twitter: benmcginnes Systems Administrator, Writer, ICT

On Mon, January 19, 2015 11:50, James B. Byrne wrote: > I am seeing these in the log of one of our off-site NX hosts running > CentOS-6.6. > > type=AVC msg=audit(1421683972.786:4372): avc: denied { create } for > pid=22788 comm="iptables" scontext=system_u:system_r:fail2ban_t:s0 > tcontext=system_u:system_r:fail2ban_t:s0 tclass=rawip_socket > Was caused by:

Getting module_request errors from SELinux. Errors being thrown by metacity sendmail.postfix cleanup trivial-rewarite local postdrop pickup All errors are essentially the same System was working well until I began to apply some basic security hardening configuration. Postfix started complaining when I made /tmp noexec, nodev, nosuid, and then did a mount --bind of /var/tmp under

Installed Packages Name : postfix Arch : x86_64 Epoch : 2 Version : 2.6.6 Release : 6.el6_5 Size : 9.7 M Repo : installed >From repo : updates I am seeing several of these in our maillog file after a restart of the Postfix service: Apr 23 12:48:27 inet08 setroubleshoot: SELinux is preventing /usr/libexec/postfix/smtp from 'read, write'

On 21/09/19 9:07 AM, Chris Adams wrote: > Once upon a time, Kenneth Porter <shiva at sewingwitch.com> said: >> Perfect. I think the only other significant customizations I have >> are lines to use the MIMEDefang and OpenDKIM milters. When last I >> looked into migrating, I recall that Postfix handled milters just >> fine. > > Milters work a little different

Applied policy update. Now I see these occasionally. But by the time I try and see what the matter is the file is gone: /var/log/maillog . . . Dec 9 15:12:08 inet08 postfix/smtp[3670]: fatal: shared lock active/0A7EC60D8A: Resource temporarily unavailable . . . Dec 9 15:12:08 inet08 postfix/smtp[3758]: fatal: shared lock active/8DD5060F81: Resource temporarily unavailable . . . Dec 9 15:12:09

Am 09.02.2015 um 22:29 schrieb Leander Sch?fer: > I'm currently busy with a substiution of my current mail server. I'm > currently using > > * Clam-SMTP and > * SpamAssassin > > to fight Spam. I wonder if it is worth implementing AmaViS with > SpamAssassin backend instead and also using AmaViS to speak to clamd > directly. But I more and more wonder wether

Trying to restart postfix installed from yum. Restart fails, I get: type=AVC msg=audit(1430429813.721:12167): avc: denied { unlink } for pid=31624 comm="master" name="defer" dev="dm-0" ino=981632 scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:object_r:postfix_spool_maildrop_t:s0 tclass=sock_file I guess it needs to remove the

Once upon a time, Kenneth Porter <shiva at sewingwitch.com> said: > Perfect. I think the only other significant customizations I have > are lines to use the MIMEDefang and OpenDKIM milters. When last I > looked into migrating, I recall that Postfix handled milters just > fine. Milters work a little different under postfix IIRC... I haven't tried them (which is a little sad,

On 12/04/2014 03:22 PM, James B. Byrne wrote: > On Thu, December 4, 2014 12:29, James B. Byrne wrote: >> Re: SELinux. Do I just build a local policy or is there some boolean setting >> needed to handle this? I could not find one if there is but. . . >> > Anyone see any problem with generating a custom policy consisting of the > following? > > grep avc

hey, I upgraded a server to 5.3 from 5.2 today, its a mail server, and its using the rpmforge clamav milter... was getting errors in my mail log like... Apr 6 01:39:32 freescruz sendmail[12304]: n368dWxW012304: Milter (clamav): error connecting to filter: Connection refused by /var/clamav/clmilter.socket Apr 6 01:39:32 freescruz sendmail[12304]: n368dWxW012304: Milter (clamav): to error

On Thu, December 4, 2014 12:29, James B. Byrne wrote: > > Re: SELinux. Do I just build a local policy or is there some boolean setting > needed to handle this? I could not find one if there is but. . . > Anyone see any problem with generating a custom policy consisting of the following? grep avc /var/log/audit/audit.log | audit2allow #============= amavis_t ============== allow

On Fri, December 5, 2014 04:53, Daniel J Walsh wrote: > > On 12/04/2014 03:22 PM, James B. Byrne wrote: >> On Thu, December 4, 2014 12:29, James B. Byrne wrote: >>> Re: SELinux. Do I just build a local policy or is there some boolean >>> setting >>> needed to handle this? I could not find one if there is but. . . >>> >> Anyone see any problem

Hi, I guess this is a bit OT but perhaps someone has encountered this issue before. On a CentOS 6.3 x86_64 box I have installed postfix and dspam from EPEL. Dspam is configured to listen on port 10026. After having configured dspam and postfix I start dspam and then postfix and I see the following AVC message in audit.log: type=AVC msg=audit(1350920492.936:400): avc: denied { name_bind }

I've been running sendmail since the beginning of my online time. 1. Did I see that postfix can run sendmail milters? 2. If so, did I read that postfix can run these separately for inbound vs. outbound? 3. Can it run like a rbl blacklist on inbound and not outbound? 4. If the above is true, does this require separate configurations of postfix or is it already set to allow this out of the

Le 26/02/2020 ? 11:51, Nicolas Kovacs a ?crit?: > SELinux is preventing /usr/bin/python2.7 from read access on the file disable. > > *****? Plugin catchall (100. confidence) suggests?? ***** > > If you believe that python2.7 should be allowed read access on the disable file > by default. > Then you should report this as a bug. > You can generate a local policy module to