Hi, I'm have an enormous headache with what may be a very simple problem. I am trying to migrate a mail server that I have in Ubuntu, to another one in CentoS. I used Postfix in Ubuntu with the options: smtp_sender_dependent_authentication = yes smtp_sasl_auth_enable = yes smtp_sasl_security_options = sender_dependent_relayhost_maps = hash:/buzones2/postfix/relayhost_map smtp_sasl_password_maps = hash:/buzones2/postfix/passwd and it worked perfectly. When I put the same parameters in another computer, with CentoS, it works fine without the smtp map options, but when I add the previous lines, it seems that can't access the db files I've made with postmap. I've tried it with different owners, permissions,... I get this errors: In /var/log/maillog: Dec 10 19:45:55 localhost postfix/trivial-rewrite[11058]: fatal: open database /buzones2/postfix/relayhost_map.db: Permission denied Dec 10 19:45:56 localhost postfix/master[10908]: warning: process /usr/libexec/postfix/trivial-rewrite pid 11058 exit status 1 Dec 10 19:45:56 localhost postfix/master[10908]: warning: /usr/libexec/postfix/trivial-rewrite: bad command startup -- throttling The errors printed in /var/log/audit/audit.log are: (when the owner of the file is "postfix") type=AVC msg=audit(1323541225.528:1019): avc: denied { read } for pid=10798 comm="trivial-rewrite" name="relayhost_map.db" dev=sda2 ino=38712 scontext=unconfined_u:system_r: postfix_master_t:s0 tcontext=unconfined_u: object_r:default_t:s0 tclass=file type=SYSCALL msg=audit(1323541225.528:1019): arch=40000003 syscall=5 success=no exit=-13 a0=1cd42d0 a1=8000 a2=0 a3=0 items=0 ppid=10793 pid=10798 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=11 comm="trivial-rewrite" exe="/usr/libexec/postfix/trivial-rewrite" subj=unconfined_u:system_r: postfix_master_t:s0 key=(null) (when the owner is root) type=AVC msg=audit(1323541413.078:1023): avc: denied { read } for pid=10913 comm="trivial-rewrite" name="relayhost_map.db" dev=sda2 ino=38712 scontext=unconfined_u:system_r: postfix_master_t:s0 tcontext=unconfined_u: object_r: default_t:s0 tclass=file type=SYSCALL msg=audit(1323541413.078:1023): arch=40000003 syscall=5 success=no exit=-13 a0=2b092d0 a1=8000 a2=0 a3=0 items=0 ppid=10908 pid=10913 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=11 comm="trivial-rewrite" exe="/usr/libexec/postfix/trivial-rewrite" subj=unconfined_u:system_r: postfix_master_t:s0 key=(null) Can anybody give me hand on this? Thanks in advance, Rafael
Solution After looking for solutions, someone suggested me to try to see if the problem may be in SElinux. When I disbled it completely (not only set it to permissive mode), it worked perfectly. So the problem was there. The way to go through it, it's been: 1. Install audit2allow (I have centos 6) yum install policycoreutils-python 2. To allow the access to relay_hosts_db.db. grep postfix_master_t /var/log/audit/audit.log | audit2allow -M postgreylocal semodule -i postgreylocal.pp 3. Afterwards, I had a similar problem with the access to the file with the passwords for each sender. To allow the access to passwd.db grep postfix_smtp_t /var/log/audit/audit.log | audit2allow -M postgreylocal semodule -i postgreylocal.pp Now, it works! audit2allow is fantastic! I hope this may help other people.
