postfix and selinux - newbie

Mon Sep 26 15:32:51 UTC 2005

John Esquivel wrote:

> My yum service recently updated selinux policy which I believe broke 
> my postfix service.  I was guessing that selinux does not like me 
> using a non-standard port for postfix stmp, but then again I am a newbie.
> Is there a way to disable just the postfix part of selinux?  I have 
> done this for samba by using the security level gui, but postfix isn't 
> listed in the gui.  For now I can set selinux to permissive then 
> restart postfix (using the service config gui), then change selinux 
> back to enforced.  This works but this machine gets rebooted weekly 
> and then postfix fails, also I don't want to leave selinux off 
> completely.  I am running fc4, postfix, amavisd, clamav, and spamassasin.
> -JohnE
>
> $ egrep 'fatal:' /var/log/maillog
> Sep 25 15:06:22 lin3test postfix/master[6967]: fatal: bind 
> 192.168.1.11 port 10050: Permission denied
> Sep 25 15:06:23 lin3test postfix/postfix-script: fatal: the Postfix 
> mail system is not running
>
> Log report:
>
> /etc/cron.daily/0check4updates:
> Updated Packages
> selinux-policy-targeted.noarch           1.27.1-2.1             
> updates        squid.i386                               
> 7:2.5.STABLE11-1.FC4   updates        
> xinitrc.noarch                           4.0.18.1-1             
> updates        /etc/cron.daily/yum.cron:
> /sbin/restorecon reset /etc/postfix context 
> system_u:object_r:etc_t->system_u:object_r:postfix_etc_t
> /sbin/restorecon reset /etc/postfix/postfix-script context 
> system_u:object_r:etc_t->system_u:object_r:postfix_exec_t
> ..

Nevermind,
I Just saw the previous thread about this, to use audit2allow.

-Johne