[SOLVED] postfix/spamassassin/dovecot

[Typhome]

Hello. After spamassassin installed, email is bounced back (few minutes after sending) with error:

Code: Select all

This is the mail system at host mail.example.com.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<info@example.com>: Command died with status 1: "/usr/bin/spamc". Command
    output: sendmail: Connection lost in middle of processing



---------- Forwarded message ----------
...

I tried to google what's this about and how to resolve this issue, but that didn't work. Maybe someone here can help me out...

Without spamassassin installed, mailserver works as it should. I followed this guide from: https://janikarhunen.fi/tackle-spam-wit ... nd-postfix

/etc/postfix/master.cf

Code: Select all

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
#smtp      inet  n       -       n       -       -       smtpd
smtp      inet  n       -       n       -       -       smtpd -o content_filter=spamassassin
#smtp      inet  n       -       n       -       1       postscreen
#smtpd     pass  -       -       n       -       -       smtpd
#dnsblog   unix  -       -       n       -       0       dnsblog
#tlsproxy  unix  -       -       n       -       0       tlsproxy
submission inet n       -       -       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       -       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
  -o content_filter=spamassassin
#628       inet  n       -       n       -       -       qmqpd
pickup    unix  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
#qmgr     unix  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop  unix  -       n       n       -       -       pipe
#  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
#  mailbox_transport = lmtp:inet:localhost
#  virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -       n       n       -       -       pipe
#  user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
# Old example of delivery via Cyrus.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp      unix  -       n       n       -       -       pipe
#  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# ====================================================================
#
# Other external delivery methods.
#
#ifmail    unix  -       n       n       -       -       pipe
#  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
#bsmtp     unix  -       n       n       -       -       pipe
#  flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
#scalemail-backend unix -       n       n       -       2       pipe
#  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
#  ${nexthop} ${user} ${extension}
#
#mailman   unix  -       n       n       -       -       pipe
#  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
#  ${nexthop} ${user}

spamassassin unix - n n - - pipe flags=R user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}

CentOS version

Code: Select all

# rpm -q centos-release
centos-release-7-6.1810.2.el7.centos.x86_64

/var/log/maillog

Jun 26 23:33:05 ns326984 postfix/smtpd[1637]: connect from mail-vk1-f175.google.com[209.85.221.175]
Jun 26 23:33:06 ns326984 postfix/smtpd[1637]: 9583F420150F: client=mail-vk1-f175.google.com[209.85.221.175]
Jun 26 23:33:06 ns326984 postfix/cleanup[1647]: 9583F420150F: message-id=<CAJu5E59NTQvg+oSwQ4E3wzZQyjFJFrrivDw_qSsm9bvgSDDkkg@mail.gmail.com>
Jun 26 23:33:06 ns326984 postfix/qmgr[842]: 9583F420150F: from=<***HIDDEN***>, size=2689, nrcpt=1 (queue active)
Jun 26 23:33:06 ns326984 postfix/smtpd[1637]: disconnect from mail-vk1-f175.google.com[209.85.221.175]
Jun 26 23:33:06 ns326984 spamd[32078]: spamd: connection from localhost [::1]:56034 to port 783, fd 6
Jun 26 23:33:06 ns326984 spamd[32078]: spamd: setuid to spamd succeeded
Jun 26 23:33:06 ns326984 spamd[32078]: spamd: creating default_prefs: /var/log/spamassassin/.spamassassin/user_prefs
Jun 26 23:33:06 ns326984 spamd[32078]: config: cannot create user preferences file /var/log/spamassassin/.spamassassin/user_prefs: No such file or directory
Jun 26 23:33:06 ns326984 spamd[32078]: spamd: failed to create readable default_prefs: /var/log/spamassassin/.spamassassin/user_prefs
Jun 26 23:33:06 ns326984 spamd[32078]: spamd: processing message <CAJu5E59NTQvg+oSwQ4E3wzZQyjFJFrrivDw_qSsm9bvgSDDkkg@mail.gmail.com> for spamd:5001
Jun 26 23:33:17 ns326984 spamd[32078]: spamd: clean message (1.4/5.0) for spamd:5001 in 10.7 seconds, 2678 bytes.
Jun 26 23:33:17 ns326984 spamd[32078]: spamd: result: . 1 - DKIM_ADSP_CUSTOM_MED,DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,HTML_MESSAGE,NML_ADSP_CUSTOM_MED,SPF_HELO_NONE,SPF_PASS scantime=10.7,size=2678,user=spamd,uid=5001,required_score=5.0,rhost=localhost,raddr=::1,rport=56034,mid=<CAJu5E59NTQvg+oSwQ4E3wzZQyjFJFrrivDw_qSsm9bvgSDDkkg@mail.gmail.com>,autolearn=no autolearn_force=no
Jun 26 23:33:17 ns326984 spamd[32074]: prefork: child states: II
Jun 26 23:33:45 ns326984 dovecot: imap-login: Login: user=<***HIDDEN***>, method=PLAIN, rip=***HIDDEN***, lip=37.187.109.71, mpid=1668, TLS, session=<jfepzECMdIFav6c3>
Jun 26 23:34:22 ns326984 dovecot: imap(***HIDDEN***): Logged out in=468 out=3097
Jun 26 23:34:55 ns326984 dovecot: imap-login: Login: user=<***HIDDEN***>, method=PLAIN, rip=***HIDDEN***, lip=37.187.109.71, mpid=1744, TLS, session=<+U/W0ECMfYFav6c3>
Jun 26 23:35:27 ns326984 sSMTP[944]: Connection lost in middle of processing
Jun 26 23:35:27 ns326984 postfix/pipe[942]: 4A5C9420150E: to=<***HIDDEN***>, relay=spamassassin, delay=611, delays=0.23/0.08/0/611, dsn=5.3.0, status=bounced (Command died with status 1: "/usr/bin/spamc". Command output: sendmail: Connection lost in middle of processing )
Jun 26 23:35:27 ns326984 postfix/cleanup[1803]: 885AE4201510: message-id=<20190626213527.885AE4201510@***HIDDEN***>
Jun 26 23:35:27 ns326984 postfix/bounce[1802]: 4A5C9420150E: sender non-delivery notification: 885AE4201510
Jun 26 23:35:27 ns326984 postfix/qmgr[842]: 885AE4201510: from=<>, size=4418, nrcpt=1 (queue active)
Jun 26 23:35:27 ns326984 postfix/qmgr[842]: 4A5C9420150E: removed
Jun 26 23:35:28 ns326984 postfix/smtp[1812]: 885AE4201510: to=<***HIDDEN***>, relay=gmail-smtp-in.l.google.com[2a00:1450:400c:c08::1a]:25, delay=1, delays=0.19/0.12/0.41/0.29, dsn=2.0.0, status=sent (250 2.0.0 OK 1561584928 v3si2193660wme.155 - gsmtp)
Jun 26 23:35:28 ns326984 postfix/qmgr[842]: 885AE4201510: removed

[Typhome]

...

[TrevorH]

Start by fixing the errors listed in your logs.

Jun 26 23:33:06 ns326984 spamd[32078]: config: cannot create user preferences file /var/log/spamassassin/.spamassassin/user_prefs: No such file or directory

They may not be related to the problem but they show you don't have it set up correctly.

Also, did you toggle the selinux boolean that allows it to access the network?

Code: Select all

[root@centos7 ~]# getsebool -a | grep spam
httpd_can_check_spam --> off
spamassassin_can_network --> off  
spamd_enable_home_dirs --> on
spamd_update_can_network --> off

[Typhome]

I also tried with setenforce 0, result was still same.

Code: Select all

[root@~]# getsebool -a | grep spam
httpd_can_check_spam --> off
spamassassin_can_network --> off
spamd_enable_home_dirs --> on
spamd_update_can_network --> off
[root@~]# setsebool spamassassin_can_network on
[root@~]# setsebool spamd_update_can_network on
[root@~]# getsebool -a | grep spam
httpd_can_check_spam --> off
spamassassin_can_network --> on
spamd_enable_home_dirs --> on
spamd_update_can_network --> on

Email is still bounced back with same error.

SELinux is preventing user spamd to create user preferences file in /var/log/spamassasin. I'll change user spamd home dir to /home/spamd, maybe then SELinux won't intervene when user spamd tries to create user preferences file in /home/spamd dir (instead of /var/log/spamassassin).

// edit: about user preferences file error... it's fixed now.

Jun 28 23:03:48 ns326984 spamd[17506]: spamd: creating default_prefs: /home/spamd/.spamassassin/user_prefs
Jun 28 23:03:48 ns326984 spamd[17506]: config: created user preferences file: /home/spamd/.spamassassin/user_prefs

...

Jun 28 23:13:55 ns326984 postfix/smtpd[18635]: connect from mail-vs1-f44.google.com[209.85.217.44]
Jun 28 23:13:55 ns326984 postfix/smtpd[18635]: DDBC84201512: client=mail-vs1-f44.google.com[209.85.217.44]
Jun 28 23:13:56 ns326984 postfix/cleanup[18647]: DDBC84201512: message-id=<CAJu5E58Zcnvv3hCSTuO+F6Krj84Cmf42egeFzi8ThDs30VkaXg@mail.gmail.com>
Jun 28 23:13:56 ns326984 postfix/qmgr[18507]: DDBC84201512: from=<***HIDDEN***>, size=2512, nrcpt=1 (queue active)
Jun 28 23:13:56 ns326984 spamd[17506]: spamd: connection from localhost [::1]:40088 to port 783, fd 6
Jun 28 23:13:56 ns326984 spamd[17506]: spamd: setuid to spamd succeeded
Jun 28 23:13:56 ns326984 postfix/smtpd[18635]: disconnect from mail-vs1-f44.google.com[209.85.217.44]
Jun 28 23:13:56 ns326984 spamd[17506]: spamd: processing message <CAJu5E58Zcnvv3hCSTuO+F6Krj84Cmf42egeFzi8ThDs30VkaXg@mail.gmail.com> for spamd:5001
Jun 28 23:14:06 ns326984 spamd[17506]: spamd: clean message (1.4/5.0) for spamd:5001 in 10.6 seconds, 2504 bytes.
Jun 28 23:14:06 ns326984 spamd[17506]: spamd: result: . 1 - DKIM_ADSP_CUSTOM_MED,DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,HTML_MESSAGE,NML_ADSP_CUSTOM_MED,SPF_HELO_NONE,SPF_PASS scantime=10.6,size=2504,user=spamd,uid=5001,required_score=5.0,rhost=localhost,raddr=::1,rport=40088,mid=<CAJu5E58Zcnvv3hCSTuO+F6Krj84Cmf42egeFzi8ThDs30VkaXg@mail.gmail.com>,autolearn=no autolearn_force=no
Jun 28 23:14:07 ns326984 spamd[17504]: prefork: child states: II
...
Jun 28 23:24:06 ns326984 sSMTP[18652]: Connection lost in middle of processing
Jun 28 23:24:07 ns326984 postfix/pipe[18651]: DDBC84201512: to=<***HIDDEN***>, relay=spamassassin, delay=611, delays=0.26/0.05/0/611, dsn=5.3.0, status=bounced (Command died with status 1: "/usr/bin/spamc". Command output: sendmail: Connection lost in middle of processing )
Jun 28 23:24:07 ns326984 postfix/cleanup[19495]: 1D2E44201516: message-id=<20190628212407.1D2E44201516@***HIDDEN***>
Jun 28 23:24:07 ns326984 postfix/bounce[19494]: DDBC84201512: sender non-delivery notification: 1D2E44201516
Jun 28 23:24:07 ns326984 postfix/qmgr[18507]: 1D2E44201516: from=<>, size=4412, nrcpt=1 (queue active)
Jun 28 23:24:07 ns326984 postfix/qmgr[18507]: DDBC84201512: removed
Jun 28 23:24:08 ns326984 postfix/smtp[19504]: 1D2E44201516: to=<***HIDDEN***>, relay=gmail-smtp-in.l.google.com[74.125.140.27]:25, delay=1, delays=0.18/0.12/0.44/0.26, dsn=2.0.0, status=sent (250 2.0.0 OK 1561757048 s67si2142971wmf.59 - gsmtp)
Jun 28 23:24:08 ns326984 postfix/qmgr[18507]: 1D2E44201516: removed

[TrevorH]

If it is still broken even in permissive mode then the problem is not selinux so therefore it must either be spamassassin side - is it listening on the right ip/port? or the mail server side of things. Since it's been 10 years since I had the dubious pleasure of running a mail system on linux, I'm not the right person to help.

[Typhome]

Code: Select all

[root@* spamd]# netstat -tulpn | grep spam
tcp        0      0 127.0.0.1:783           0.0.0.0:*               LISTEN      22629/spamd.pid -d
tcp6       0      0 ::1:783                 :::*                    LISTEN      22629/spamd.pid -d

By default it's listening on localhost (IPv4 and IPv6) and 783 port.

Mailserver is installed by following this guide: https://www.linode.com/docs/email/postf ... d-packages

I also noticed that there was some email that had different error:

This is the mail system at host mail.example.com.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system

<info@example.com>: Command died with status 1: "/usr/bin/spamc". Command
output: sendmail: Cannot open mail:25

---------- Forwarded message ----------
...

But it's always "Command died with status 1: "/usr/bin/spamc". Command output: sendmail: Connection lost in middle of processing" error.

[TrevorH]

Cannot open mail:25

Which looks like a (malformed) host:port. Sounds like you have it configured to talk to a host called 'mail' on port 25 somewhere.

[Typhome]

/etc/sysconfig/spamassassin

Code: Select all

# Options to spamd
SPAMDOPTIONS="-d -c -m5 -H"

I'm not sure where from spamassassin got "mail" address and 25 port. And how I can configure it... I have to look around spamassassin docs/google.
Neither here... in /etc/postfix/master.cf

Code: Select all

spamassassin unix - n n - - pipe flags=R user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}

[Typhome]

I found config file where from spamassassin got "mail" address. Config file ssmtp.conf from /etc/ssmtp dir had "mailhub=mail" (default!). I changed it to "mailhub=localhost:587" and added "AuthUser" & "AuthPass" & "UseTLS=Yes" & "UseSTARTTLS=Yes". Now all works, spamassassin included.

---

Only new issue is that spamassassin replaces "From:" value with "spamd@server_hostname". So can't see who originally sent this email, unless checking in /var/log/maillog.

Jun 30 00:50:15 ns326984 postfix/smtpd[21623]: connect from mail-ua1-f43.google.com[209.85.222.43]
Jun 30 00:50:15 ns326984 postfix/smtpd[21623]: CAA834201512: client=mail-ua1-f43.google.com[209.85.222.43]
Jun 30 00:50:15 ns326984 postfix/cleanup[21632]: CAA834201512: message-id=<CAJu5E5-Csezh=uVw=e3OEx6GVX_oZyX5m31FiPfZG0awXP0EUw@mail.gmail.com>
Jun 30 00:50:16 ns326984 postfix/qmgr[28962]: CAA834201512: from=<***HIDDEN***>, size=2531, nrcpt=1 (queue active)
Jun 30 00:50:16 ns326984 postfix/smtpd[21623]: disconnect from mail-ua1-f43.google.com[209.85.222.43]
Jun 30 00:50:16 ns326984 spamd[22678]: spamd: connection from localhost [::1]:52434 to port 783, fd 6
Jun 30 00:50:16 ns326984 spamd[22678]: spamd: setuid to spamd succeeded
Jun 30 00:50:16 ns326984 spamd[22678]: spamd: processing message <CAJu5E5-Csezh=uVw=e3OEx6GVX_oZyX5m31FiPfZG0awXP0EUw@mail.gmail.com> for spamd:5001
Jun 30 00:50:26 ns326984 spamd[22678]: spamd: clean message (1.4/5.0) for spamd:5001 in 10.7 seconds, 2523 bytes.
Jun 30 00:50:26 ns326984 spamd[22678]: spamd: result: . 1 - DKIM_ADSP_CUSTOM_MED,DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,HTML_MESSAGE,NML_ADSP_CUSTOM_MED,SPF_HELO_NONE,SPF_PASS scantime=10.7,size=2523,user=spamd,uid=5001,required_score=5.0,rhost=localhost,raddr=::1,rport=52434,mid=<CAJu5E5-Csezh=uVw=e3OEx6GVX_oZyX5m31FiPfZG0awXP0EUw@mail.gmail.com>,autolearn=no autolearn_force=no
Jun 30 00:50:27 ns326984 sSMTP[21638]: Creating SSL connection to host
Jun 30 00:50:27 ns326984 postfix/submission/smtpd[21642]: connect from unknown[::1]
Jun 30 00:50:27 ns326984 sSMTP[21638]: SSL connection using ECDHE-RSA-AES256-GCM-SHA384
Jun 30 00:50:27 ns326984 spamd[22629]: prefork: child states: II
Jun 30 00:50:29 ns326984 postfix/submission/smtpd[21642]: 2DEFD4201517: client=unknown[::1], sasl_method=LOGIN, sasl_username=info@example.com
Jun 30 00:50:30 ns326984 postfix/cleanup[21632]: 2DEFD4201517: message-id=<CAJu5E5-Csezh=uVw=e3OEx6GVX_oZyX5m31FiPfZG0awXP0EUw@mail.gmail.com>
Jun 30 00:50:30 ns326984 postfix/qmgr[28962]: 2DEFD4201517: from=<spamd@***SERVER_HOSTNAME***>, size=3070, nrcpt=1 (queue active)
Jun 30 00:50:30 ns326984 sSMTP[21638]: Sent mail for spamd@***SERVER_HOSTNAME*** (221 2.0.0 Bye) uid=5001 username=spamd outbytes=3065
Jun 30 00:50:30 ns326984 postfix/submission/smtpd[21642]: disconnect from unknown[::1]
Jun 30 00:50:30 ns326984 postfix/pipe[21636]: CAA834201512: to=<info@example.com>, orig_to=<info@example.com>, relay=spamassassin, delay=15, delays=0.35/0.07/0/14, dsn=2.0.0, status=sent (delivered via spamassassin service)
Jun 30 00:50:30 ns326984 postfix/qmgr[28962]: CAA834201512: removed
Jun 30 00:50:30 ns326984 dovecot: lmtp(21644): Connect from local
Jun 30 00:50:30 ns326984 dovecot: lmtp(info@example.com): msgid=<CAJu5E5-Csezh=uVw=e3OEx6GVX_oZyX5m31FiPfZG0awXP0EUw@mail.gmail.com>: saved mail to INBOX
Jun 30 00:50:30 ns326984 postfix/lmtp[21643]: 2DEFD4201517: to=<info@example.com>, relay=mail.example.com[private/dovecot-lmtp], delay=1.4, delays=1.1/0.15/0.08/0.12, dsn=2.0.0, status=sent (250 2.0.0 <info@example.com> uOkhHjbrF12MVAAAe+HKfQ Saved)
Jun 30 00:50:30 ns326984 dovecot: lmtp(21644): Disconnect from local: Successful quit
Jun 30 00:50:30 ns326984 postfix/qmgr[28962]: 2DEFD4201517: removed

// edit: solution --> see other post

[Typhome]

/etc/postfix/master.cf

Code: Select all

spamassassin unix -     n   n   -   -   pipe
    flags=DROhu user=vmail:vmail argv=/usr/bin/spamc -f -e 
    /usr/libexec/dovecot/deliver -f ${sender} -d ${user}@${nexthop} 

But...

Jun 30 01:42:16 ns326984 spamc[27430]: exec failed: Permission denied

SELinux is preventing user vmail (?) to execute /usr/libexec/dovecot/deliver.
When "setenforce 0", everything works, email origin header remain unchanged.

/usr/libexec/dovecot/dovecot-lda is same as /usr/libexec/dovecot/deliver.

Code: Select all

[root@ns326984 spamd]# ls -Z /usr/libexec/dovecot/deliver
lrwxrwxrwx. root root system_u:object_r:bin_t:s0       /usr/libexec/dovecot/deliver -> dovecot-lda
[root@ns326984 spamd]# ls -Z /usr/libexec/dovecot/dovecot-lda
-rwxr-xr-x. root root system_u:object_r:dovecot_deliver_exec_t:s0 /usr/libexec/dovecot/dovecot-lda

/var/log/audit/audit.log

type=AVC msg=audit(1561880941.216:17747089): avc: denied { execute } for pid=28819 comm=spamc name=dovecot-lda dev=md1 ino=31068260 scontext=system_u:system_r:spamc_t:s0 tcontext=system_u:object_r:dovecot_deliver_exec_t:s0 tclass=file p$
type=AVC msg=audit(1561881975.799:17747311): avc: denied { read open } for pid=31156 comm=spamc path=/usr/libexec/dovecot/dovecot-lda dev=md1 ino=31068260 scontext=system_u:system_r:spamc_t:s0 tcontext=system_u:object_r:dovecot_deliver_$
type=AVC msg=audit(1561882584.519:17747502): avc: denied { execute_no_trans } for pid=32457 comm=spamc path=/usr/libexec/dovecot/dovecot-lda dev=md1 ino=31068260 scontext=system_u:system_r:spamc_t:s0 tcontext=system_u:object_r:doveco$

type=AVC msg=audit(1561884714.753:17748290): avc: denied { read } for pid=1106 comm=7370616D64206368696C64 name="mail" dev="md1" ino=52168858 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:mail_spool_t:s0 tclass=lnk$
type=SYSCALL msg=audit(1561884714.753:17748290): arch=c000003e syscall=2 success=no exit=-13 a0=3b8c6b0 a1=0 a2=1b6 a3=0 items=0 ppid=18072 pid=1106 auid=4294967295 uid=0 gid=0 euid=5000 suid=0 fsuid=5000 egid=5000 sgid=0 fsgid=5000 tty$
type=PROCTITLE msg=audit(1561884714.753:17748290): proctitle=7370616D64206368696C64

type=AVC msg=audit(1561884945.724:17748398): avc: denied { search } for pid=1106 comm=7370616D64206368696C64 name="mail" dev="md1" ino=52168843 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:mail_spool_t:s0 tclass=d$
type=SYSCALL msg=audit(1561884945.724:17748398): arch=c000003e syscall=4 success=no exit=-13 a0=38d6660 a1=1bb0138 a2=1bb0138 a3=616d6170732e2f6c items=0 ppid=18072 pid=1106 auid=4294967295 uid=0 gid=0 euid=5000 suid=0 fsuid=5000 egid=5$
type=PROCTITLE msg=audit(1561884945.724:17748398): proctitle=7370616D64206368696C64

type=AVC msg=audit(1561885079.686:17748443): avc: denied { getattr } for pid=1106 comm=7370616D64206368696C64 path="/var/spool/mail/.spamassassin/user_prefs" dev="md1" ino=89916619 scontext=system_u:system_r:spamd_t:s0 tcontext=syste$
type=SYSCALL msg=audit(1561885079.686:17748443): arch=c000003e syscall=4 success=no exit=-13 a0=38d6660 a1=1bb0138 a2=1bb0138 a3=6d6170732e2f2f6c items=0 ppid=18072 pid=1106 auid=4294967295 uid=0 gid=0 euid=5000 suid=0 fsuid=5000 egid=5$
type=PROCTITLE msg=audit(1561885079.686:17748443): proctitle=7370616D64206368696C64

type=AVC msg=audit(1561885079.688:17748444): avc: denied { read } for pid=1106 comm=7370616D64206368696C64 name="user_prefs" dev="md1" ino=89916619 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:mail_spool_t:s0 tcla$
type=SYSCALL msg=audit(1561885079.688:17748444): arch=c000003e syscall=2 success=no exit=-13 a0=39c2590 a1=0 a2=1b6 a3=0 items=0 ppid=18072 pid=1106 auid=4294967295 uid=0 gid=0 euid=5000 suid=0 fsuid=5000 egid=5000 sgid=0 fsgid=5000 tty$
type=PROCTITLE msg=audit(1561885079.688:17748444): proctitle=7370616D64206368696C64

type=AVC msg=audit(1561885258.917:17748519): avc: denied { open } for pid=1106 comm=7370616D64206368696C64 path="/var/spool/mail/.spamassassin/user_prefs" dev="md1" ino=89916619 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u$
type=SYSCALL msg=audit(1561885258.917:17748519): arch=c000003e syscall=2 success=no exit=-13 a0=39d1760 a1=0 a2=1b6 a3=0 items=0 ppid=18072 pid=1106 auid=4294967295 uid=0 gid=0 euid=5000 suid=0 fsuid=5000 egid=5000 sgid=0 fsgid=5000 tty$
type=PROCTITLE msg=audit(1561885258.917:17748519): proctitle=7370616D64206368696C64

type=AVC msg=audit(1561885258.918:17748520): avc: denied { getattr } for pid=1106 comm=7370616D64206368696C64 path="/var/spool/mail/.spamassassin" dev="md1" ino=89916616 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_$
type=SYSCALL msg=audit(1561885258.918:17748520): arch=c000003e syscall=4 success=no exit=-13 a0=38d6660 a1=1bb0138 a2=1bb0138 a3=69616d2f7261762f items=0 ppid=18072 pid=1106 auid=4294967295 uid=0 gid=0 euid=5000 suid=0 fsuid=5000 egid=5$
type=PROCTITLE msg=audit(1561885258.918:17748520): proctitle=7370616D64206368696C64

type=AVC msg=audit(1561885599.213:17748622): avc: denied { ioctl } for pid=1106 comm=7370616D64206368696C64 path="/var/spool/mail/.spamassassin/user_prefs" dev="md1" ino=89916619 ioctlcmd=5401 scontext=system_u:system_r:spamd_t:s0 tc$
type=SYSCALL msg=audit(1561885599.213:17748622): arch=c000003e syscall=16 success=no exit=-13 a0=b a1=5401 a2=7ffeb456e900 a3=6 items=0 ppid=18072 pid=1106 auid=4294967295 uid=0 gid=0 euid=5000 suid=0 fsuid=5000 egid=5000 sgid=0 fsgid=5$
type=PROCTITLE msg=audit(1561885599.213:17748622): proctitle=7370616D64206368696C64

Code: Select all

[root@ns326984 spamd]# cat /root/spamc_dovecot.log | audit2allow -a


#============= spamc_t ==============

#!!!! This avc is allowed in the current policy
allow spamc_t dovecot_deliver_exec_t:file { execute execute_no_trans open read };

#============= spamd_t ==============

#!!!! This avc is allowed in the current policy
allow spamd_t mail_spool_t:dir { getattr search };

#!!!! This avc is allowed in the current policy
allow spamd_t mail_spool_t:file { getattr ioctl open read };

#!!!! This avc is allowed in the current policy
allow spamd_t mail_spool_t:lnk_file read;

Previous SELinux issues solved and I am still receiving error:

Jun 30 11:13:31 ns326984 postfix/pipe[12324]: AD5744201527: to=<info@example.com>, relay=spamassassin, delay=11, delays=0.39/0.08/0/11, dsn=4.3.0, status=deferred (temporary failure. Command output: lda(info@example.com,)Error: Error reading configuration: stat(/etc/dovecot/dovecot.conf) failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +w perm: /etc/dovecot/dovecot.conf stat(/etc/dovecot/dovecot.conf) failed: Permission denied, dir owned by 0:0 mode=0755) lda: Fatal: Internal error occurred. Refer to server log for more information. )

Code: Select all

[root@ns326984 spamd]# ls -al /etc/dovecot/dovecot.conf
-rw-r-----. 1 vmail dovecot 4379 Jun 25 14:19 /etc/dovecot/dovecot.conf
[root@ns326984 ~]# ls -Z /etc/dovecot/dovecot.conf
-rw-r-----. vmail dovecot system_u:object_r:dovecot_etc_t:s0 /etc/dovecot/dovecot.conf

Looking at this chmod, user vmail should have write permission for this config file...

SELinux still intervenes (when I set "setenforce 0", this error is gone and everything works...), though I can't see any new "avc: denied" in /var/log/audit/audit.log.

Code: Select all

[root@ns326984 ~]# cat /var/log/audit/audit.log | grep denied
[root@ns326984 ~]#
[root@ns326984 ~]# cat /var/log/audit/audit.log | audit2why
Nothing to do

Any ideas how to solve this issue?