CentOS 6.2 x86_64 Spamassassin/ clamav/ sendmail milter socket unsafe
Posted by rbTech Staff on 26 June 2012 10:12 PM

Last night, whilst rescusitating a recalcitrant mailserver, I was presented with a puzzler.  I'd copied the entire /etc/mail directory from the donor (dead) machine, as well as the required /etc/sysconfig files.

It seemed like no matter what I tried, I couldn't get the damned milters to come up.  The init scripts thought they ran successfully, but the actual processes were not running after the init scripts would exit.  After an hour or so fo head scratching, I finally clued into the log messages about contexts.  Then a Google referenced article that I've since lost the link to mentioned a grumble about packages that don't properly update the SELinux contexts, causing errors.

I then reviewed the SELinux config and the f&%*king thing was set to enforcing.  %*^&#$, there it is.  I set it to permissive, and rebooted, and all was perfectly happy.  SELinux to the (un)rescue again.

I generally remember to set SELinux to permissive, which logs errors, when dealing with systems that aren't totally locked down.  And I see little reason to completely lock down (read: disable) a single service spam filter machine, with no provieleges or other services on the LAN.  Viola and done.

It's always the little stuff.

I did have another minor Tourrettes episode when I stumbled across the new style firewall setup in CentOS 6 and newer, but that's a post for another day.

Hope this helps someone out of a jam!


(0 vote(s))
Not helpful

Comments (1)
Rion D'Luz
15 November 2014 12:41 AM
G search'd and found this page, but i like enforcing on my mailserver and was hoping you had shown the correct context to change Sendmail/Milter/ to.
maybe /system_u:object_r:lib_t/system_u:object_r:textrel_shlib_t/
Which is what i'm about to try, bec my audit.log shows no denials.

Anyhow, go SELinux!

See ya,
Post a new comment
Full Name:
CAPTCHA Verification 
Please enter the text you see in the image into the textbox below (we use this to prevent automated submissions).