Nicolas Mailhot wrote:
Hi,
I'm using postfix with the amavid-new spam/virus mail filter. In this type of configuration the MTA sends every processed mail to the filter daemon on one port, and receives the result of the filtering on another. The online documentation is not too clear, but the commonly used ports seem to be on the 10024-10026 range. In my setup the MTA listens on port 10026 and the filter on port 10025.
Looks like these ports are used by amavisd portcon tcp 10024 system_u:object_r:amavisd_recv_port_t portcon tcp 10025 system_u:object_r:amavisd_send_port_t
And reading policy states that postfix can listen on the send port.
Are you seeing any avc messages?
Unfortunately that means the selinux policy in Raw Hide blocks postfix startup: Oct 23 11:56:21 rousalka postfix/master[2076]: fatal: bind 127.0.0.1 port 10026: Permission denied
Therefore, I'd like to know:
- if a port has already been allocated in the Fedora Devel targeted
policy for MTA <- filter communication 2. if yes which one is it so I make my installation conformant 3. if not would it be possible to add it? I'm ready to poll the postfix/amavisd-new lists to find out what the canonical port to use would be.
Regards,
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list