This service will be undergoing maintenance at 20:00 UTC, 2017-04-03. It is expected to last about 30 minutes
Bug 158181 - squirrelmail can't make an imap connection
squirrelmail can't make an imap connection
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
rawhide
x86_64 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-05-19 09:02 EDT by Thomas J. Baker
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-06-23 08:59:01 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Thomas J. Baker 2005-05-19 09:02:50 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.8) Gecko/20050512 Fedora/1.0.4-2 Firefox/1.0.4

Description of problem:
fc4t3 + May 18th rawhide. Squirrelmail is not connecting to the localhost imap server with the "Error connecting to IMAP server: localhost. 13 : Permission denied" message. I have dovecot running and working. I can telnet to port 143. Nothing is logged anywhere that I can find. Not /var/log/audit/audit.log, /var/log/maillog, or /var/log/messages. It doesn't appear that squirrelmail is actually making an imap connection to localhost because when I make a connection by hand with telnet, it gets logged.

After a "setenforce 0", squirremail gets past the permission denied error but then it eventually reports a "ERROR: ERROR : Connection dropped by imap-server." The imap server logs 

May 19 08:46:15 wintermute imap-login: Disconnected: Inactivity [::ffff:127.0.0.1]
May 19 08:47:15 wintermute imap-login: Disconnected: Inactivity [::ffff:127.0.0.1]
May 19 08:48:15 wintermute imap-login: Disconnected: Inactivity [::ffff:127.0.0.1]

I've been reloading firefox for the last 20 minutes and in that time, I've have had some successful squirrelmail output (it once showed me by inbox index) but the other 99% have been imap timeouts. Using evolution via imap is working fine.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.23.16-1, squirrelmail-1.4.4-2

How reproducible:
Always

Steps to Reproduce:
1. install necessary squirrelmail components
2. try to login from the sm web page
3.
  

Actual Results:  above reported failure

Expected Results:  sm should come up and allow me to read mail.

Additional info:
Comment 1 Thomas J. Baker 2005-05-19 09:15:26 EDT
OK, to clear things up a bit, if I "setenforce 0" and restart dovecot,
squirrelmail works normally. With enforcing enabled, squirrelmail reports the
permission denied error and can't make an imap connection. Nothing is logged as
to why even though it's clearly an selinux problem. I have audit-0.8.1 installed
(bug #158011).
Comment 2 Daniel Walsh 2005-05-19 10:19:24 EDT
Did you look in /var/log/audit/audit.log?

Dan
Comment 3 Thomas J. Baker 2005-05-25 15:37:33 EDT
As I said before, nothing is logged anywhere I can find. Not in the audit log or
messages or dmesg or maillog or anywhere. Other things are logging to the audit
log fine.
Comment 4 Daniel Walsh 2005-05-26 10:42:17 EDT
Ok, do you have policy sources in stalled?

Please try

cd /etc/selinux/targeted/src/policy
make enableaudit; make load

Then try the connection and see if you get audit messages.

Dan
Comment 5 Thomas J. Baker 2005-05-26 14:03:38 EDT
That helped:

type=AVC msg=audit(1117130474.312:7160534): avc:  denied  { name_connect } for 
pid=4126 comm="httpd" dest=143 scontext=system_u:system_r:httpd_t
tcontext=system_u:object_r:pop_port_t tclass=tcp_socket
type=SYSCALL msg=audit(1117130474.312:7160534): arch=c000003e syscall=42
success=no exit=-13 a0=13 a1=555556004b38 a2=10 a3=42960eea items=0 pid=4126
auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48
comm="httpd" exe="/usr/sbin/httpd"
type=SOCKADDR msg=audit(1117130474.312:7160534):
saddr=0200008F7F0000010000000000000000
Comment 6 Daniel Walsh 2005-06-08 13:26:19 EDT
Does setting the boolean

httpd_can_network_connect fix the problem?

setsebool -P httpd_can_network_connect=1

Comment 7 Mogens Lauridsen 2005-06-21 16:08:26 EDT
I had a similar problem with squirrelmail / dovecot

The error message in "messages" says:
Jun 20 19:13:22 HomeServer kernel: audit(1119287602.556:0): avc:  denied  {
connect } for  pid=2949 exe=/usr/sbin/httpd scontext=user_u:system_r:httpd_t
tcontext=user_u:system_r:httpd_t tclass=tcp_socket

I have tried settig the boolean as described, and that solved the problem for me.
Comment 8 James Hill 2005-08-16 14:46:37 EDT
Is php5 that comnes with FC4 compiled with imap abilities?  if not you problem
may be found here.

Note You need to log in before you can comment on or make changes to this bug.