Strange Mailman/Sendmail Audit messages in Fedora-10?
Derek Atkins
warlord at MIT.EDU
Tue Feb 10 00:56:47 UTC 2009
Paul,
Quoting Paul Howarth <paul at city-fan.org>:
>> [snip]
>> > Do your milters exec other programs? There are a couple of sockets
>>
>> I don't think so, but I don't know. I'm using clamav-milter,
>> spamass-milter, and milter-sender. I'm pretty sure that the
>> latter doesn't fork/exec. I don't know about clamav or spamass.
>
> spamass-milter forks and execs sendmail to deliver spam if you use the
> "-b" option - that's how I discovered the problem.
Thanks. But I'm not using the -b option. It's run with:
-p /path/to/sock -P /path/to/pid -m -r 5 -i ...
> The audit log entries you posted suggest that mailman inherited a
> socket descriptor from sendmail.
I believe that.. Yet it doesn't look like it actually stopped anything
from happening.. The mail seemed to flow okay. But it would be
nice to fix this. I don't like getting audit warnings. Maybe sendmail
is leaking fds as you suggest? Should I file a bug with fedora
about this?
[snip]
>> Okay, how would I do that?
>
> You'll need to create a local policy module. I'd do it this way:
>
[instructions snipped]
Thanks, Paul. I'll consider doing this.
Is there any easy way to figure out what's connected to the sockets
that it's complaining about? I certainly can't find anything via
lsof or netstat -a. Most likely because the sockets get closed
before I see the audit message and try to track it down.
> Cheers, Paul.
And to you! Thanks.
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord at MIT.EDU PGP key available
More information about the fedora-selinux-list
mailing list