Bug 1848125 - amavisd fails to start in multiple port config
Summary: amavisd fails to start in multiple port config
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: amavisd-new
Version: 32
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Juan Orti
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-06-17 17:46 UTC by dan
Modified: 2020-09-19 13:36 UTC (History)
5 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2020-09-19 13:36:20 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description dan 2020-06-17 17:46:50 UTC 
amavisd fails to start using recommend 2 port configuration:

$inet_socket_port = [10024,10026];  # listen on multiple TCP ports

The failure occurs because the selinux-policy has labelled port 10026 as for use by spamd.

[root]# semanage port -l | grep spamd
spamd_port_t                   tcp      783, 10026, 10027

Another port could be used as a workaround but it would be helpful for the amavisd and selinux team to identify another recommended port for the 2nd instance which would be properly labeled in the selinux policy.
Comment 1 dan 2020-06-18 04:07:08 UTC 
This is a bit more complex that I thought.  In trying to move the receive/send functions from 10026/10027 to 10036/10037 I was still being blocked by policy until I added:

semanage port -a -t amavisd_recv_port_t  -p tcp 10036
semanage port -a -t amavisd_send_port_t  -p tcp 10037
Comment 2 Juan Orti 2020-09-19 13:36:20 UTC 
(In reply to dan from comment #0)
> $inet_socket_port = [10024,10026];  # listen on multiple TCP ports

This is commented out and is an example. The default port is 10024 which is allowed in the SELinux policy.

It's expected that you have to tag any other port with the correct SELinux label.
Note You need to log in before you can comment on or make changes to this bug.