Re: Port to use in MTA when communicating with mail filter ?
Nicolas Mailhot wrote:
Hi,
I'm using postfix with the amavid-new spam/virus mail filter. In this
type of configuration the MTA sends every processed mail to the filter
daemon on one port, and receives the result of the filtering on another.
The online documentation is not too clear, but the commonly used ports
seem to be on the 10024-10026 range. In my setup the MTA listens on port
10026 and the filter on port 10025.
Looks like these ports are used by amavisd
portcon tcp 10024 system_u:object_r:amavisd_recv_port_t
portcon tcp 10025 system_u:object_r:amavisd_send_port_t
And reading policy states that postfix can listen on the send port.
Are you seeing any avc messages?
Unfortunately that means the selinux policy in Raw Hide blocks
postfix
startup:
Oct 23 11:56:21 rousalka postfix/master[2076]: fatal: bind 127.0.0.1
port 10026: Permission denied
Therefore, I'd like to know:
1. if a port has already been allocated in the Fedora Devel targeted
policy for MTA <- filter communication
2. if yes which one is it so I make my installation conformant
3. if not would it be possible to add it? I'm ready to poll the
postfix/amavisd-new lists to find out what the canonical port to use
would be.
Regards,
------------------------------------------------------------------------
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--