I have SquirrelMail installed and this is a webmail interfaces. It doesn't work with standard selinux configuration, because in order to work it needs to connect to imap and smtp port ports for mail receiving/sending. It can be bypassed by setting httpd_can_network_connect --> on, but I think it's too permissive. I added these rules to my local policy: allow httpd_t pop_port_t:tcp_socket name_connect; allow httpd_t smtp_port_t:tcp_socket name_connect;
Does it work if you set httpd_can_sendmail?
It does, my bad. In my defense, httpd_selinux(8) description of this boolean mentions only sendmail invocation and in this case httpd doesn't actually call sendmail. Thank you.
No problem, we are having a doc writer review all of the services documentation so things like this hopefully will become clearer.