Yes, I do not remember having to create the postfix user on centos 6 now that I think about it. When I run that command I getcody wrote:I don't think dovecot is related per se, actually. The reason is this: I have in the past (and indeed when migrating to CentOS 7) set up one at a time. But user/group is one thing. The problem with that is if it is indeed /etc/postfix/main.cf then it should be readable. As for adding postfix user, I seem to think the postfix rpm post install scriptlet (I maintain my own repository, small as it may be, I have experience with the spec files) adds the user (typically that is the case). You can find out if there are any files without owners in the database. Given that it is a new environment I suspect this is not the case. What is entirely possible however, is that your postfix refers to a user/group that does not exist. You can find files/directories with a uid or gid that does not exist :
Which will look like:Code: Select all
# /usr/bin/find / \( -path '/proc*' -o -path '/dev*' -o -path '/sys*' -o -path '/backup*' \) -prune -o \( -nouser -o -nogroup \) -printf "%u %g (%M) %p\n"
(you might also have other paths you want to prune from the list but those are the ones that come to mind. If you use bind-chroot then /var/named/chroot will appear as circular filesystem but find handles that gracefully).Code: Select all
501 apache (-rw-r--r--) /var/www
if for example /var/www had no user but a proper group. And that above is something similar to my system (technically a directory under it, a specific vhost). This goes back to the user/group ids starting differently (I had apache as the group but the user was id 501 but now that user in question is id 1001. I forgot about this certain vhost because it is a test vhost, only resolvable via internal view in bind).
As for SELinux there is something you can do to determine if it is relevant. That is this:
you have it in a VM, right ? Just disable selinux (/etc/sysconfig/selinux) and reboot. Try to start postfix. If it starts then you can assume something is up with SELinux. If not, it isn't SELinux. Even if it was not a VM you'd probably be fine (and/or you could set it to permissive, but since you have it in a VM disabled is fine).
Would change the line to disable selinux and save the original file in /etc/sysconfig/selinux.origCode: Select all
# /usr/sbin/sed -i.orig 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
There is one other thing that comes to mind although I don't think this is related as although Wietse Venema has suggested that there are (and this part is true) another copy of main.cf - specifically /usr/libexec/postfix/main.cf (check the entire directory) that could be used. But I've personally never had a problem here.
Although it was on the previous page I seem to remember that the /etc/postfix directory has proper permissions to actually open files in it. I cannot imagine /etc has an issue, either (and you run it as root so even when it drops privileges it would - or so I would think - read the configuration file first).
What does:show ?Code: Select all
# systemctl status postfix # journalctl -xn
Also, I find that looking at /var/log/maillog and the surrounding lines is much more helpful (at times). This is a general rule, even. Why I think of this is it goes back to my programming experience (tracking down errors is beyond science; it is an art form). You can have one missing (or wrong) character on a line above and yet the compiler sees it (example: you don't end the line properly, above,so it is parsing it as one line but it sees it as the second line, in the file) and complains about the error on the line that appears fine. That example is not the only example. The point is that you can often get more insight into an issue with all the information available.Code: Select all
So I would do the following :
- check maillog and look around the failure (above and below it).
- if that doesn't give any information, try the two commands above to see if it gives any information.
- if that doesn't help, disable selinux and reboot (since in VM) to find out if it is or isn't selinux.
- if that does work, then you know where to go from. if it doesn't work you also know where not to go.
- if that still does not help, I would strongly consider what I suggested before: try to migrate your old install (that does work) in to the new one. configuration files for postfix from CentOS 6.x to CentOS 7.x shouldn't be an issue so it is not so much as the configuration as another problem.
I'm marking notify when a reply is posted so I can follow any further responses and maybe help (or try).
Code: Select all
/usr/bin/find: File system loop detected; `/var/named/chroot/var/named' is part of the same file system loop as `/var/named'.
401 400 (-rw-r--r--) /usr/share/doc/amavisd-new-2.8.0/test-messages/sample-virus-executable.txt
401 400 (-rw-r--r--) /usr/share/doc/amavisd-new-2.8.0/test-messages/sample-42-mail-bomb.txt
401 400 (-rw-r--r--) /usr/share/doc/amavisd-new-2.8.0/test-messages/sample-spam-GTUBE-nojunk.txt
401 400 (-rw-r--r--) /usr/share/doc/amavisd-new-2.8.0/test-messages/sample-virus-simple.txt
401 400 (-rw-r--r--) /usr/share/doc/amavisd-new-2.8.0/test-messages/sample-spam-GTUBE-junk.txt
401 400 (-rw-r--r--) /usr/share/doc/amavisd-new-2.8.0/test-messages/sample-executable.txt
401 400 (-rw-r--r--) /usr/share/doc/amavisd-new-2.8.0/test-messages/sample-virus-nested.txt
401 400 (-rw-r--r--) /usr/share/doc/amavisd-new-2.8.0/test-messages/sample-nonspam.txt
401 400 (-rw-r--r--) /usr/share/doc/amavisd-new-2.8.0/test-messages/sample-spam.txt
401 400 (-rw-r--r--) /usr/share/doc/amavisd-new-2.8.0/test-messages/sample-badh.txt
However the thing about the /var/named/chroot shouldnt be too important, I tried installing bind-chroot but couldnt get it working (I have it working on centos 6 magically...) so I just removed it and am running it normally.
The thing about SELinux and postfix/dovecot well I know for a fact it is SELinux. What I am using as a "test" is the Roundcube installer, it does an SMTP (port 25 test) test as well as IMAP test (port 143). When SELinux is on (setenforce 1) I get "NOT OK" on roundcube installer for the SMTP test. When I disable SELinux (setenforce 0) I get "OK" back. Also, even with SELinux on/off Postfix will run, its just that I get the main.cf permission denied error when trying to do one of those tests.
There is another file, main.cf in /usr/libexec/postfix/ as well as a master.cf file.
Code: Select all
systemctl status postfix
postfix.service - Postfix Mail Transport Agent
Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled)
Active: active (running) since Thu 2014-08-07 23:33:24 EDT; 51s ago
Process: 7456 ExecStop=/usr/sbin/postfix stop (code=exited, status=0/SUCCESS)
Process: 7471 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
Process: 7468 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
Process: 7466 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
Main PID: 7543 (master)
CGroup: /system.slice/postfix.service
├─7543 /usr/libexec/postfix/master -w
├─7544 pickup -l -t unix -u
└─7545 qmgr -l -t unix -u
Aug 07 23:33:23 necc-data3.dataglobe3.net systemd[1]: Starting Postfix Mail T...
Aug 07 23:33:24 necc-data3.dataglobe3.net postfix/master[7543]: daemon starte...
Aug 07 23:33:24 necc-data3.dataglobe3.net systemd[1]: Started Postfix Mail Tr...
Hint: Some lines were ellipsized, use -l to show in full.
Code: Select all
journalctl -xn
-- Logs begin at Wed 2014-08-06 23:47:33 EDT, end at Thu 2014-08-07 23:34:25 EDT
Aug 07 23:34:25 necc-data3.dataglobe3.net bacula-dir[7564]: bacula-dir: dird.c:1
Aug 07 23:34:25 necc-data3.dataglobe3.net bacula-dir[7564]: Possible causes: SQL
Aug 07 23:34:25 necc-data3.dataglobe3.net bacula-dir[7564]: 07-Aug 23:34 bacula-
Aug 07 23:34:25 necc-data3.dataglobe3.net bacula-dir[7564]: Please correct confi
Aug 07 23:34:25 necc-data3.dataglobe3.net systemd[1]: bacula-dir.service: main p
Aug 07 23:34:25 necc-data3.dataglobe3.net systemd[1]: Unit bacula-dir.service en
Aug 07 23:34:25 necc-data3.dataglobe3.net systemd[1]: bacula-dir.service holdoff
Aug 07 23:34:25 necc-data3.dataglobe3.net systemd[1]: Stopping Bacula-Director,
-- Subject: Unit bacula-dir.service has begun shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit bacula-dir.service has begun shutting down.
Aug 07 23:34:25 necc-data3.dataglobe3.net systemd[1]: Starting Bacula-Director,
-- Subject: Unit bacula-dir.service has begun with start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit bacula-dir.service has begun starting up.
Aug 07 23:34:25 necc-data3.dataglobe3.net systemd[1]: Started Bacula-Director, t
-- Subject: Unit bacula-dir.service has finished start-up
-- Defined-By: systemd