0

Struggling getting Postfix to run properly on CentOS9, I have it working sending a mail when I call webpage that has the code for a hardcoded email test.

The issue is on a contact form on the website, it comes up with the below issues with SELinux, I'd prefer not to disable SELinux.

I've tried creating a custom rule file but can't get it working.

[root@web ~]# audit2allow -a


#============= NetworkManager_dispatcher_chronyc_t ==============
allow NetworkManager_dispatcher_chronyc_t unlabeled_t:file getattr;

#============= NetworkManager_dispatcher_dhclient_t ==============
allow NetworkManager_dispatcher_dhclient_t unlabeled_t:file getattr;

#============= dkim_milter_t ==============
allow dkim_milter_t reserved_port_t:tcp_socket name_bind;

#============= httpd_t ==============
allow httpd_t postfix_etc_t:file read;

#============= postfix_local_t ==============
allow postfix_local_t httpd_var_lib_t:dir search;

#============= system_mail_t ==============
allow system_mail_t httpd_sys_content_t:file read;

UPDATE #1:

I've managed to create a custom rule file but it's still not sending mail, I've noticed the change in audit2allow now showng #!!!! This avc is allowed in the current policy, is there a step I'm missing?

[root@web ~]# audit2allow -a -M postfixCustom
******************** IMPORTANT ***********************
To make this policy package active, execute:

semodule -i postfixCustom.pp

[root@web ~]# semodule -i postfixCustom.pp
[root@web ~]# audit2allow -a


#============= NetworkManager_dispatcher_chronyc_t ==============

#!!!! This avc is allowed in the current policy
allow NetworkManager_dispatcher_chronyc_t unlabeled_t:file getattr;

#============= NetworkManager_dispatcher_dhclient_t ==============

#!!!! This avc is allowed in the current policy
allow NetworkManager_dispatcher_dhclient_t unlabeled_t:file getattr;

#============= dkim_milter_t ==============

#!!!! This avc is allowed in the current policy
allow dkim_milter_t reserved_port_t:tcp_socket name_bind;

#============= httpd_t ==============

#!!!! This avc is allowed in the current policy
allow httpd_t postfix_etc_t:file read;

#============= postfix_local_t ==============

#!!!! This avc is allowed in the current policy
allow postfix_local_t httpd_var_lib_t:dir search;

#============= system_mail_t ==============

#!!!! This avc is allowed in the current policy
allow system_mail_t httpd_sys_content_t:file read;
5
  • I believe the selinux log shows exact commands you may use to enable the actions it disabled. Start with reading it and adding a relevant part of it into the question. Commented Jun 25 at 9:25
  • Those are the commands to run? Do you prefix it with semanage or something else to run it?
    – llanato
    Commented Jun 25 at 9:45
  • Show the log entries and I will direct you what is the command to run in it. Commented Jun 25 at 9:50
  • @NikitaKipriyanov I've updated the question above with the output of what I'm seeing now. The mail request doesn't look to be getting to postfix as there are no recent messages in maillog.
    – llanato
    Commented Jun 25 at 9:55
  • @NikitaKipriyanov there is nothing in any of the logs I can find, no errors, warnings, not even informational logs.
    – llanato
    Commented Jun 26 at 9:34

0

You must log in to answer this question.

Browse other questions tagged .