Bug 158181 - squirrelmail can't make an imap connection
Summary: squirrelmail can't make an imap connection
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: rawhide
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-05-19 13:02 UTC by Thomas J. Baker
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-06-23 12:59:01 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Thomas J. Baker 2005-05-19 13:02:50 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.8) Gecko/20050512 Fedora/1.0.4-2 Firefox/1.0.4

Description of problem:
fc4t3 + May 18th rawhide. Squirrelmail is not connecting to the localhost imap server with the "Error connecting to IMAP server: localhost. 13 : Permission denied" message. I have dovecot running and working. I can telnet to port 143. Nothing is logged anywhere that I can find. Not /var/log/audit/audit.log, /var/log/maillog, or /var/log/messages. It doesn't appear that squirrelmail is actually making an imap connection to localhost because when I make a connection by hand with telnet, it gets logged.

After a "setenforce 0", squirremail gets past the permission denied error but then it eventually reports a "ERROR: ERROR : Connection dropped by imap-server." The imap server logs 

May 19 08:46:15 wintermute imap-login: Disconnected: Inactivity [::ffff:127.0.0.1]
May 19 08:47:15 wintermute imap-login: Disconnected: Inactivity [::ffff:127.0.0.1]
May 19 08:48:15 wintermute imap-login: Disconnected: Inactivity [::ffff:127.0.0.1]

I've been reloading firefox for the last 20 minutes and in that time, I've have had some successful squirrelmail output (it once showed me by inbox index) but the other 99% have been imap timeouts. Using evolution via imap is working fine.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.23.16-1, squirrelmail-1.4.4-2

How reproducible:
Always

Steps to Reproduce:
1. install necessary squirrelmail components
2. try to login from the sm web page
3.
  

Actual Results:  above reported failure

Expected Results:  sm should come up and allow me to read mail.

Additional info:

Comment 1 Thomas J. Baker 2005-05-19 13:15:26 UTC
OK, to clear things up a bit, if I "setenforce 0" and restart dovecot,
squirrelmail works normally. With enforcing enabled, squirrelmail reports the
permission denied error and can't make an imap connection. Nothing is logged as
to why even though it's clearly an selinux problem. I have audit-0.8.1 installed
(bug #158011).

Comment 2 Daniel Walsh 2005-05-19 14:19:24 UTC
Did you look in /var/log/audit/audit.log?

Dan

Comment 3 Thomas J. Baker 2005-05-25 19:37:33 UTC
As I said before, nothing is logged anywhere I can find. Not in the audit log or
messages or dmesg or maillog or anywhere. Other things are logging to the audit
log fine.

Comment 4 Daniel Walsh 2005-05-26 14:42:17 UTC
Ok, do you have policy sources in stalled?

Please try

cd /etc/selinux/targeted/src/policy
make enableaudit; make load

Then try the connection and see if you get audit messages.

Dan

Comment 5 Thomas J. Baker 2005-05-26 18:03:38 UTC
That helped:

type=AVC msg=audit(1117130474.312:7160534): avc:  denied  { name_connect } for 
pid=4126 comm="httpd" dest=143 scontext=system_u:system_r:httpd_t
tcontext=system_u:object_r:pop_port_t tclass=tcp_socket
type=SYSCALL msg=audit(1117130474.312:7160534): arch=c000003e syscall=42
success=no exit=-13 a0=13 a1=555556004b38 a2=10 a3=42960eea items=0 pid=4126
auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48
comm="httpd" exe="/usr/sbin/httpd"
type=SOCKADDR msg=audit(1117130474.312:7160534):
saddr=0200008F7F0000010000000000000000


Comment 6 Daniel Walsh 2005-06-08 17:26:19 UTC
Does setting the boolean

httpd_can_network_connect fix the problem?

setsebool -P httpd_can_network_connect=1



Comment 7 Mogens Lauridsen 2005-06-21 20:08:26 UTC
I had a similar problem with squirrelmail / dovecot

The error message in "messages" says:
Jun 20 19:13:22 HomeServer kernel: audit(1119287602.556:0): avc:  denied  {
connect } for  pid=2949 exe=/usr/sbin/httpd scontext=user_u:system_r:httpd_t
tcontext=user_u:system_r:httpd_t tclass=tcp_socket

I have tried settig the boolean as described, and that solved the problem for me.

Comment 8 James Hill 2005-08-16 18:46:37 UTC
Is php5 that comnes with FC4 compiled with imap abilities?  if not you problem
may be found here.


Note You need to log in before you can comment on or make changes to this bug.