Hello everyone if anyone is running postfix and had the latest selinux updates break all things email, then this might help you.
Packages Installed:
postfix-2.9.6-4.fc18.i686
selinux-policy-doc-3.11.1-95.fc18.noarch
selinux-policy-devel-3.11.1-95.fc18.noarch
selinux-policy-targeted-3.11.1-95.fc18.noarch
selinux-policy-3.11.1-95.fc18.noarch
So noticed that I was getting no emails from any of my F18 servers. Checked the queue
and sure enough it had a lot of emails in it. Tried to force the queue with:
but nothing happened. So I tailed the /var/log/maillog and it showed a bunch of:
So past experience dictated that I try a quick check if it was selinux by putting it in passive mode with:
Then I did the
again and this time the emails went out. So OK its selinux (again...)
So I ran policy creation process of:
which seemed to run without errors. The I restarted postfix, turned selinux back to enforce, and tried to send an email:
This didn't work (same maillog errors) which was puzzling. So I looked at the mypostfix.te file and it seemed to be OK:
but again past experience dictates that I try and run the audit2allow command again
and I took a look at the mypostfix2.te file which had more to it this time:
then I ran my email test again and it worked.
So I copied mypostfix.pp file over to all systems and ran the
on them and now all my systems are back sending emails.
Packages Installed:
postfix-2.9.6-4.fc18.i686
selinux-policy-doc-3.11.1-95.fc18.noarch
selinux-policy-devel-3.11.1-95.fc18.noarch
selinux-policy-targeted-3.11.1-95.fc18.noarch
selinux-policy-3.11.1-95.fc18.noarch
So noticed that I was getting no emails from any of my F18 servers. Checked the queue
Code:
postqueue -qCode:
postqueue -fCode:
May 21 09:38:02 ms02 postfix/cleanup[12111]: fatal: open lock file pid/unix.cleanup: cannot open file: Permission denied
May 21 09:38:03 ms02 postfix/master[1128]: warning: process /usr/libexec/postfix/cleanup pid 12111 exit status 1
May 21 09:38:03 ms02 postfix/master[1128]: warning: /usr/libexec/postfix/cleanup: bad command startup -- throttlingCode:
setenforce 0Code:
postqueue -fSo I ran policy creation process of:
Code:
audit2allow -M mypostfix < /var/log/audit/audit.log
semodule -i mypostfix.ppCode:
systemctl restart postfix
setenforce 1
echo "email test from $HOSTNAME"|mail -s "email test from $HOSTNAME" rootCode:
module mypostfix 1.0;
require {
type postfix_cleanup_t;
type postfix_var_run_t;
class file { read write };
}
#============= postfix_cleanup_t ==============
allow postfix_cleanup_t postfix_var_run_t:file { read write };Code:
audit2allow -M mypostfix2 < /var/log/audit/audit.log
semodule -i mypostfix2.ppCode:
module mypostfix2 1.0;
require {
type postfix_bounce_t;
type postfix_smtp_t;
type postfix_cleanup_t;
type postfix_var_run_t;
class file { read lock write getattr open };
}
#============= postfix_bounce_t ==============
allow postfix_bounce_t postfix_var_run_t:file { read write getattr open lock };
#============= postfix_cleanup_t ==============
#!!!! This avc is allowed in the current policy
allow postfix_cleanup_t postfix_var_run_t:file { read write };
allow postfix_cleanup_t postfix_var_run_t:file { lock getattr open };
#============= postfix_smtp_t ==============
allow postfix_smtp_t postfix_var_run_t:file { read write getattr open lock };So I copied mypostfix.pp file over to all systems and ran the
Code:
semodule -i mypostfix2.pp