From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6 Description of problem: This is running as a SELinux targeted policy. When setenforce is 0, I can sendmail from an Outlook 2K client on the network using SSL on port 25. When setenforce is set to 1, it is prevented. The Outlook client keeps on presenting the User Name/Password dialog box, and the maillog shows: [w.x.y.z]: did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA Resetting SELinux to permissive, the smtp succeeds. The audit.log show no record for the failure. I'm using sendmail-8.13.4-2 (actually, everything is up-to-date via yum today). Version-Release number of selected component (if applicable): selinux-policy-targeted-1.25.4-10.1 How reproducible: Always Steps to Reproduce: 1.Set up sendmail to accept SSL smtp on port 25 from an Outlook 2K client. 2.setenforce 1 3.Send mail to FC4 server via Outlook 2K Actual Results: The mail session fails - outlook keeps on asking for user/password, and sendmail (in maillog) says MAIL/EXPN/VRFY/ETRN was not issued. Expected Results: The mail should have gone through as it does with setenforce=0. Additional info: Workaround: # setenforce Permissive
What avc messages are you seeing in /var/log/messages or /var/log/audit/audit.log? Dan
There are no entries in either /var/log/messages or /var/log/audit/audit.log . --steve
Can you ps -eZ | grep sendmail Do you have policy sources installed? If yes could you do a cd /etc/selinux/targeted/src/policy make enabledaudit; make load Then see if there are any avc messages?
Here's the data, but after the elapsed time, and yum updates, the sendmail problem went away. You can close this bug. # # ps -eZ|grep sendmail system_u:system_r:kernel_t 3352 ? 00:00:00 sendmail-milter system_u:system_r:kernel_t 3367 ? 00:00:00 sendmail system_u:system_r:kernel_t 3373 ? 00:00:00 sendmail # # make enableaudit; make load grep -v dontaudit policy.conf > policy.audit mv policy.audit policy.conf Compiling policy ... /usr/bin/checkpolicy -o /etc/selinux/targeted/policy/policy.19 policy.conf /usr/bin/checkpolicy: loading policy configuration from policy.conf security: 3 users, 6 roles, 872 types, 101 bools security: 55 classes, 203038 rules /usr/bin/checkpolicy: policy configuration loaded /usr/bin/checkpolicy: writing binary representation (version 19) to /etc/selinux/targeted/policy/policy.19 Loading Policy ... /usr/sbin/load_policy /etc/selinux/targeted/policy/policy.19 touch tmp/load install -m 644 tmp/system.users /etc/selinux/targeted/users/system.users install -m 644 tmp/customizable_types /etc/selinux/targeted/contexts/customizable_types install -m 644 tmp/port_types /etc/selinux/targeted/contexts/port_types Installing file contexts files... install -m 644 file_contexts/homedir_template /etc/selinux/targeted/contexts/files/homedir_template install -m 644 file_contexts/file_contexts /etc/selinux/targeted/contexts/files/file_contexts # Here are avc messages from /var/log/messages: Sep 24 12:26:44 bastion kernel: security: 9 users, 6 roles, 872 types, 101 bools Sep 24 12:26:44 bastion kernel: security: 55 classes, 203038 rules Sep 24 12:26:44 bastion dbus: avc: received policyload notice (seqno=8) Sep 24 12:26:44 bastion dbus: avc: 0 AV entries and 0/512 buckets used, longest chain length 0 Sep 24 12:26:44 bastion dbus: avc: received policyload notice (seqno=8) Sep 24 12:26:44 bastion dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1 Sep 24 12:26:44 bastion dbus: avc: received policyload notice (seqno=8) Sep 24 12:26:44 bastion dbus: avc: 0 AV entries and 0/512 buckets used, longest chain length 0 Sep 24 12:26:44 bastion dbus: avc: received policyload notice (seqno=8) Sep 24 12:26:44 bastion dbus: avc: 0 AV entries and 0/512 buckets used, longest chain length 0 Sep 24 12:26:44 bastion dbus: avc: received policyload notice (seqno=8) Sep 24 12:26:44 bastion dbus: avc: 0 AV entries and 0/512 buckets used, longest chain length 0 From /var/log/audit/audit.log: type=SYSCALL msg=audit(1127579204.347:13258799): arch=40000003 syscall=4 success=yes exit=5801251 a0=4 a1=b7286008 a2=588523 a3=bfae0fbc items=0 pid=30546 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="load_policy" exe="/usr/sbin/load_policy"