spamass-milter initrc_t issues
Dan Thurman
dant at cdkkt.com
Sat Jan 26 22:04:05 UTC 2008
I have tried in vain to resolve the spamass-milter issue and selinux. Nothing
I have tried manually, worked to resolve this issue. The specific issues
that I had was that selinux was expecting spamass-milter to be of type
initrc_t.
I have simply turned off spamass-milter in my sendmail.mc file until I can get
this issue resolved.
Here are some examples of complaints:
/var/log/maillog:
========================
Jan 26 13:56:47 gold sendmail[2408]: m0QLuhZk002408: from=dant, size=53,
class=0, nrcpts=1, msgid=<200801262156.m0QLuhZk002408 at gold.cdkkt.com>,
relay=dant at localhost
Jan 26 13:56:47 gold sendmail[2410]: m0QLulQ9002410: Milter (spamassassin):
error connecting to filter: Permission denied
Jan 26 13:56:47 gold sendmail[2410]: m0QLulQ9002410: Milter (spamassassin): to
error state
Jan 26 13:56:47 gold sendmail[2410]: STARTTLS=server,
relay=localhost.localdomain [127.0.0.1], version=TLSv1/SSLv3, verify=NO,
cipher=DHE-RSA-AES256-SHA, bits=256/256
Jan 26 13:56:47 gold sendmail[2408]: STARTTLS=client, relay=[127.0.0.1],
version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256
Jan 26 13:56:50 gold sendmail[2410]: m0QLulQA002410:
from=<dant at gold.cdkkt.com>, size=332, class=0, nrcpts=1,
msgid=<200801262156.m0QLuhZk002408 at gold.cdkkt.com>, proto=ESMTP, daemon=MTA,
relay=localhost.localdomain [127.0.0.1]
Jan 26 13:56:50 gold sendmail[2410]: m0QLulQA002410: Milter add: header:
X-Virus-Scanned: ClamAV 0.92/5562/Sat Jan 26 03:34:23 2008 on gold.cdkkt.com
Jan 26 13:56:50 gold sendmail[2410]: m0QLulQA002410: Milter add: header:
X-Virus-Status: Clean
Jan 26 13:56:50 gold sendmail[2408]: m0QLuhZk002408: to=dbthurman at hotmail.com,
ctladdr=dant (500/500), delay=00:00:07, xdelay=00:00:03, mailer=relay,
pri=30053, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent
(m0QLulQA002410 Message accepted for delivery)
Jan 26 13:57:12 gold sendmail[2414]: m0QLulQA002410:
to=<dbthurman at hotmail.com>, ctladdr=<dant at gold.cdkkt.com> (500/500),
delay=00:00:23, xdelay=00:00:22, mailer=esmtp, pri=120332,
relay=mx3.hotmail.com. [65.54.244.200], dsn=2.0.0, stat=Sent (
<200801262156.m0QLuhZk002408 at gold.cdkkt.com> Queued mail for delivery)
========================
/var/log/messages:
========================
Jan 26 13:56:53 gold setroubleshoot: #012 SELinux is
preventing /usr/sbin/sendmail.sendmail (sendmail_t) "connectto"
to /var/run/spamass-milter/spamass-milter.sock (initrc_t).#012 For
complete SELinux messages. run sealert -l
a82ae4e6-5276-4fe6-9db0-44af64ea413d
========================
sealert -l a82ae4e6-5276-4fe6-9db0-44af64ea413d
========================
Summary
SELinux is preventing /usr/sbin/sendmail.sendmail (sendmail_t) "connectto"
to /var/run/spamass-milter/spamass-milter.sock (initrc_t).
Detailed Description
SELinux denied access requested by /usr/sbin/sendmail.sendmail. It is not
expected that this access is required by /usr/sbin/sendmail.sendmail and
this access may signal an intrusion attempt. It is also possible that the
specific version or configuration of the application is causing it to
require additional access.
Allowing Access
You can generate a local policy module to allow this access - see
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can
disable
SELinux protection altogether. Disabling SELinux protection is not
recommended. Please file a
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
against this package.
Additional Information
Source Context system_u:system_r:sendmail_t:s0
Target Context system_u:system_r:initrc_t:s0
Target Objects /var/run/spamass-milter/spamass-milter.sock [
unix_stream_socket ]
Affected RPM Packages sendmail-8.14.2-1.fc8 [application]
Policy RPM selinux-policy-3.0.8-76.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.catchall
Host Name gold.cdkkt.com
Platform Linux gold.cdkkt.com 2.6.23.14-107.fc8 #1 SMP
Mon
Jan 14 21:37:30 EST 2008 i686 i686
Alert Count 1
First Seen Sat Jan 26 13:56:47 2008
Last Seen Sat Jan 26 13:56:47 2008
Local ID a82ae4e6-5276-4fe6-9db0-44af64ea413d
Line Numbers
Raw Audit Messages
avc: denied { connectto } for comm=sendmail egid=51 euid=0
exe=/usr/sbin/sendmail.sendmail exit=-13 fsgid=51 fsuid=0 gid=0 items=0
path=/var/run/spamass-milter/spamass-milter.sock pid=2410
scontext=system_u:system_r:sendmail_t:s0 sgid=51
subj=system_u:system_r:sendmail_t:s0 suid=0 tclass=unix_stream_socket
tcontext=system_u:system_r:initrc_t:s0 tty=(none) uid=0
========================
More information about the fedora-selinux-list
mailing list