sending mail with squirrelmail

Daniel J Walsh dwalsh at redhat.com
Mon Dec 20 14:59:58 UTC 2004 

Phil Anderson wrote:

> Nathan Lee Reynolds (yibble) wrote:
>
>> On Mon, 2004-12-20 at 15:08 +1100, Phil Anderson wrote:
>>  
>>
>>> Is anyone else having problems sending mail with squirrelmail?  This is
>>> the only remaining problem I have before I'm switching my server to
>>> enforcing mode.  The attachment problem was fixed in the latest policy
>>> update.
>>>   
>>
>> Same problem here, I have yet to find time to investigate :D
>>  
>>
> I think this is a TLS problem - not a squirrelmail problem - take a 
> look at the following.  I think sendmail needs access the random 
> number generator?  Or am I off track?
>
> sendmail[4239]: iBJBWAxA004239: Authentication-Warning: 
> xxxx.pza.net.au: apache set sender to xxxx at pza.net.au using -f
> sendmail[4239]: iBJBWAxA004239: from=xxxx at pza.net.au, size=1042, 
> class=0, nrcpts=1, msgid=<32 at www.pza.net.au>, relay=apache at localhost
> sendmail[4239]: iBJBWAxA004239: STARTTLS=client, error: connect 
> failed=-1, SSL_error=1, timedout=0, errno=0
> sendmail[4239]: STARTTLS=client: 4239:error:24064064:random number 
> generator:SSLEAY_RAND_BYTES:PRNG not seeded:md_rand.c:503:You need to 
> read the OpenSSL FAQ, http://www.openssl.org/support/faq.html
> sendmail[4239]: STARTTLS=client: 4239:error:05067003:Diffie-Hellman 
> routines:DH_generate_key:BN lib:dh_key.c:153:
> sendmail[4239]: STARTTLS=client: 4239:error:14098005:SSL 
> routines:SSL3_SEND_CLIENT_KEY_EXCHANGE:DH lib:s3_clnt.c:1655:
> sendmail[4239]: ruleset=tls_server, arg1=SOFTWARE, relay=[127.0.0.1], 
> reject=403 4.7.0 TLS handshake.
> sendmail[4239]: iBJBWAxA004239: to=xxxx at xxxx, ctladdr=xxxx at pza.net.au 
> (48/48), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=31042, 
> relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: 403 4.7.0 TLS 
> handshake.
> sendmail[4240]: STARTTLS=server, error: accept failed=0, SSL_error=5, 
> timedout=0, errno=0
> sendmail[4240]: iBJBWAHc004240: localhost.localdomain [127.0.0.1] did 
> not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
>
> kernel: audit(1103515248.224:0): avc:  denied  {
>    read } for  pid=12496 exe=/usr/sbin/sendmail.sendmail name=urandom
>    dev=tmpfs ino=870 scontext=user_u:system_r:system_mail_t
>    tcontext=system_u:object_r:urandom_device_t tclass=chr_file
>
>
> -- 
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list

Adding rule to policy.

More information about the fedora-selinux-list mailing list