Bug 158181

Summary: squirrelmail can't make an imap connection
Product: [Fedora] Fedora Reporter: Thomas J. Baker <tjb>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: james
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-06-23 12:59:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Thomas J. Baker 2005-05-19 13:02:50 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.8) Gecko/20050512 Fedora/1.0.4-2 Firefox/1.0.4

Description of problem:
fc4t3 + May 18th rawhide. Squirrelmail is not connecting to the localhost imap server with the "Error connecting to IMAP server: localhost. 13 : Permission denied" message. I have dovecot running and working. I can telnet to port 143. Nothing is logged anywhere that I can find. Not /var/log/audit/audit.log, /var/log/maillog, or /var/log/messages. It doesn't appear that squirrelmail is actually making an imap connection to localhost because when I make a connection by hand with telnet, it gets logged.

After a "setenforce 0", squirremail gets past the permission denied error but then it eventually reports a "ERROR: ERROR : Connection dropped by imap-server." The imap server logs 

May 19 08:46:15 wintermute imap-login: Disconnected: Inactivity [::ffff:]
May 19 08:47:15 wintermute imap-login: Disconnected: Inactivity [::ffff:]
May 19 08:48:15 wintermute imap-login: Disconnected: Inactivity [::ffff:]

I've been reloading firefox for the last 20 minutes and in that time, I've have had some successful squirrelmail output (it once showed me by inbox index) but the other 99% have been imap timeouts. Using evolution via imap is working fine.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.23.16-1, squirrelmail-1.4.4-2

How reproducible:

Steps to Reproduce:
1. install necessary squirrelmail components
2. try to login from the sm web page

Actual Results:  above reported failure

Expected Results:  sm should come up and allow me to read mail.

Additional info:

Comment 1 Thomas J. Baker 2005-05-19 13:15:26 UTC
OK, to clear things up a bit, if I "setenforce 0" and restart dovecot,
squirrelmail works normally. With enforcing enabled, squirrelmail reports the
permission denied error and can't make an imap connection. Nothing is logged as
to why even though it's clearly an selinux problem. I have audit-0.8.1 installed
(bug #158011).

Comment 2 Daniel Walsh 2005-05-19 14:19:24 UTC
Did you look in /var/log/audit/audit.log?


Comment 3 Thomas J. Baker 2005-05-25 19:37:33 UTC
As I said before, nothing is logged anywhere I can find. Not in the audit log or
messages or dmesg or maillog or anywhere. Other things are logging to the audit
log fine.

Comment 4 Daniel Walsh 2005-05-26 14:42:17 UTC
Ok, do you have policy sources in stalled?

Please try

cd /etc/selinux/targeted/src/policy
make enableaudit; make load

Then try the connection and see if you get audit messages.


Comment 5 Thomas J. Baker 2005-05-26 18:03:38 UTC
That helped:

type=AVC msg=audit(1117130474.312:7160534): avc:  denied  { name_connect } for 
pid=4126 comm="httpd" dest=143 scontext=system_u:system_r:httpd_t
tcontext=system_u:object_r:pop_port_t tclass=tcp_socket
type=SYSCALL msg=audit(1117130474.312:7160534): arch=c000003e syscall=42
success=no exit=-13 a0=13 a1=555556004b38 a2=10 a3=42960eea items=0 pid=4126
auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48
comm="httpd" exe="/usr/sbin/httpd"
type=SOCKADDR msg=audit(1117130474.312:7160534):

Comment 6 Daniel Walsh 2005-06-08 17:26:19 UTC
Does setting the boolean

httpd_can_network_connect fix the problem?

setsebool -P httpd_can_network_connect=1

Comment 7 Mogens Lauridsen 2005-06-21 20:08:26 UTC
I had a similar problem with squirrelmail / dovecot

The error message in "messages" says:
Jun 20 19:13:22 HomeServer kernel: audit(1119287602.556:0): avc:  denied  {
connect } for  pid=2949 exe=/usr/sbin/httpd scontext=user_u:system_r:httpd_t
tcontext=user_u:system_r:httpd_t tclass=tcp_socket

I have tried settig the boolean as described, and that solved the problem for me.

Comment 8 James Hill 2005-08-16 18:46:37 UTC
Is php5 that comnes with FC4 compiled with imap abilities?  if not you problem
may be found here.