postfix, procmail and SELinux - No Go

Marc Schwartz MSchwartz at mn.rr.com
Thu Jun 8 12:45:21 UTC 2006 

On Wed, 2006-06-07 at 13:12 -0500, Marc Schwartz (via MN) wrote:
> On Wed, 2006-06-07 at 17:56 +0100, Paul Howarth wrote:
> > On Wed, 2006-06-07 at 12:20 -0400, Daniel J Walsh wrote:
> > > I will be turning on dcc and razor policy in next rawhide update.  This 
> > > should cover some of the problems you are having.  Please send
> > > me all of your policy so that I can get it in the upstream pool.
> > 
> > We may need to do some rework then, since what we have, particularly for
> > dcc, is getting the dcc client to work in spamd when running in the
> > spamd domain. By turning on the dcc policy, this will all change.
> > 
> > Similarly, Mark seems to be running razor from pyzor, so the policy
> > tweaks have been for getting razor working as pyzor_t.
> > 
> > I can send you what we've got so far, but it'll be of limited
> > usefulness. Perhaps more useful would be if Mark could let you know
> > where the various files/programs are installed to in the upstream
> > default configuration (and his config, if different), so that the file
> > contexts in policy can be right first time.
> 
> <snip of policies>
> 
> Paul and Dan,
> 
> As of this moment, now running in Enforcing Mode, the following are
> known to work with Paul's policies and context changes:
> 
>   Incoming multiple POP3 account mail via fetchmail is working.
>   fetchmail, BTW, runs every 2 mins. from my own crontab file, not the
>   system crontab, using ~/.fetchmailrc.
> 
>   Outgoing mail via company SMTP server is working
> 
>   Mail forwarding off my laptop via procmail/postfix is working
> 
>   Clamassassin is working
> 
>   Spamassassin is working
> 
> 
> I have not yet had any Viagra-like e-mails to be able to test the other
> remote servers (ie. pyzor, razor and DCC) to check for function.
> Hopefully some with come through today (why can't you get them when you
> want them....  ;-).

Just a quick update here that so far, I can add:

  DCC is working

  Pyzor is working

to the list.

So far, no confirmed hits on Razor2 or RBL's (ie. SpamCop).

I have temporarily modified some of the SA generated e-mail headers via
add_header in user_prefs so that I can keep better track of these things
specifically.

I'll post more when I can confirm the remaining tests.

Regards,

Marc

More information about the fedora-selinux-list mailing list