Description of problem: In this particular configuration (config file attached), postdrop is not allowed to open a tcp_socket, which then causes it to fail and the mail never gets sent. The e-mail is sent from IMP running on the same box, which users sendmail (i.e. the one from postfix) to send mail with "sendmail -oi". Version-Release number of selected component (if applicable): 1.27.1-2.3 How reproducible: Always. Steps to Reproduce: 1. Use IMP to send mail from the system. I was unable to reproduce this by running any commands. Suggestions welcome. Actual results: Opening of the tcp socket fails, by policy. Expected results: postdrop should be allowed to open tcp sockets (I think :-) Additional info: maillog: --------------------------------- Oct 11 22:55:49 beauty postfix/postdrop[5051]: warning: inet_addr_host: skipping address family 2: Permission denied Oct 11 22:55:49 beauty postfix/postdrop[5051]: fatal: config variable inet_interfaces: host not found: beauty.rexursive.com Oct 12 08:55:50 beauty postfix/sendmail[5050]: warning: premature end-of-input on /usr/sbin/postdrop -r while reading input attribute name Oct 12 08:55:50 beauty postfix/sendmail[5050]: warning: command "/usr/sbin/postdrop -r" exited with status 1 --------------------------------- audit.log --------------------------------- type=AVC msg=audit(1129071349.676:55828): avc: denied { create } for pid=5051 comm="postdrop" scontext=system_u:system_r:postfix_postdrop_t tcontext=system_u:system_r:postfix_postdrop_t tclass=tcp_socket type=SYSCALL msg=audit(1129071349.676:55828): arch=40000003 syscall=102 success=no exit=-13 a0=1 a1=bfe111e0 a2=806a428 a3=9262838 items=0 pid=5051 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=90 sgid=90 fsgid=90 comm="postdrop" exe="/usr/sbin/postdrop" type=SOCKETCALL msg=audit(1129071349.676:55828): nargs=3 a0=2 a1=1 a2=0 ---------------------------------
Also worth mentioning, this used to work until 2 or 3 policy updates back. Then postfix related problems started coming up.
BTW, is there a way to turn SELinux enforcement for Postfix only? Something like postfix_disable_trans?
This appears to be fixed in 1.27.1-2.6. It would be nice to have postfix_disable_trans, however...