Bug 144620 - Squirrelmail can't send mail
Summary: Squirrelmail can't send mail
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted   
(Show other bugs)
Version: 3
Hardware: x86_64
OS: Linux
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2005-01-09 21:01 UTC by Paul Black
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-01-11 15:09:33 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
SELinux messages sent to syslog (5.48 KB, text/plain)
2005-01-09 21:02 UTC, Paul Black
no flags Details
SELinux messages from /var/log/messages (5.54 KB, text/plain)
2005-01-11 10:11 UTC, Paul Black
no flags Details

Description Paul Black 2005-01-09 21:01:03 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.7.5)
Gecko/20041110 Firefox/1.0

Description of problem:
SELinux doesn't allow Squirrelmail to send email. Squirrelmail behaves
as if the mail was sent (including storing the sent mail) but mail is
not sent. This is similar to bug 138630 which was fixed. I' don't know
if this was broken by an update to SELinux or if it's specific to me
now using an x86-64 machine.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Compose and send an email with squirrelmail

Actual Results:  Email is not sent and SELinux generates messages log

Expected Results:  Email should be sent.

Additional info:

Comment 1 Paul Black 2005-01-09 21:02:01 UTC
Created attachment 109542 [details]
SELinux messages sent to syslog

Comment 2 Daniel Walsh 2005-01-10 14:47:37 UTC
The problem is that your system is not labeled correctly.   The best
way to fix this is to 
touch /.autorelabel

Which will clean up the labels.  Squirrelmail was fixed after the
release of FC3, so you have to relabel.


Comment 3 Paul Black 2005-01-10 17:07:36 UTC
It made things worse! No I can't log in to squirrelmail without
"setenfdorce 0". The other errors are still present.

Comment 4 Daniel Walsh 2005-01-10 17:28:56 UTC
I do not know how you generated the AVC message log that you attached.
 Can you just attach the output of 

grep -i avc /var/log/messages

Do you have selinux-policy-targeted-sources installed?

If yes can you do a 
make -C /etc/selinux/targeted/src/policy load


Comment 5 Paul Black 2005-01-11 10:11:02 UTC
Created attachment 109595 [details]
SELinux messages from /var/log/messages

The previous log message were from /var/log/messages with the timestamps

> Do you have selinux-policy-targeted-sources installed?


> If yes can you do a 
> make -C /etc/selinux/targeted/src/policy load

Ran without error.

This log I'm attaching has two bits in it: the first two messages are from
logging in to Squirrelmail, the rest are from trying to send mail.

Comment 6 Daniel Walsh 2005-01-11 14:46:47 UTC
Ok the problem is that httpd is not transitioning to system_mail_t.

ls -lZ /usr/sbin/sendmail.sendmail

should show that sendmail is marked as system_u:object_r:sendmail_exec_t

It also looks like 
ls -ladZ /var/spool/mqueue
is labeled incorrectly
should be system_u:object_r:mqueue_spool_t

So I believe your system did not relabel correctly.


Comment 7 Paul Black 2005-01-11 15:09:33 UTC
You may be right about not doing the relabel correctly. I've just
redone the "touch /.autorelabel; reboot" (that's the second relabel
today) and both /usr/sbin/sendmail.sendmail and /var/spool/mqueue now
have the labels mentioned above (they didn't before). Squirrelmail now
works. Cheers.

Note You need to log in before you can comment on or make changes to this bug.