Loading ...
Sorry, an error occurred while loading the content.

Re: Using postfix w/ mimedefang's Unix socket

Expand Messages
  • Philip Prindeville
    ... Could have sworn this SElinux issue was fixed a couple of years ago... it either regressed or the patch never made it downstream from Fedora to Centos. It
    Message 1 of 7 , Dec 3, 2011
    • 0 Attachment
      On 12/3/11 7:15 AM, Wietse Venema wrote:
      > Philip Prindeville:
      >> Dec 2 20:32:54 localhost postfix/smtpd[9440]: warning: connect
      >> to Milter service unix:/var/spool/MIMEDefang/mimedefang.sock:
      >> Permission denied
      >
      > Does the error go away if you turn off SeLinux?
      >
      > Wietse

      Could have sworn this SElinux issue was fixed a couple of years ago... it either regressed or the patch never made it downstream from Fedora to Centos.

      It goes away if I patch Mimedefang to fchmod() the UNIX socket to 0660, and put the postfix in the defang group, and add the following policy:

      module postfix 1.0;

      require {
      type postfix_smtpd_t;
      type spamd_var_run_t;
      class dir search;
      }

      #============= postfix_smtpd_t ==============
      allow postfix_smtpd_t spamd_var_run_t:dir search;

      Bugs (with fixes) have been filed against both issues.

      -Philip
    Your message has been successfully submitted and would be delivered to recipients shortly.