Paul,
Thank you for the suggestion. I tried the command you recommended and spamd no longer has an error when the sendmail and spamassassin services are started. However, I am still having problems with my webmail client sending messages. I have the setourbleshoot messages included in the message I replied to David on this list.
I wonder what I did to cause these problems.
If you have suggestions on the other error messages, I would greatly appriciate hearing them.
Thank you for the help!
Doug
Paul Howarth wrote:
On Thu, 11 Oct 2007 13:16:53 -0700 Doug Thistlethwaite doug@dupreeinc.com wrote:
Hello,
I hope somebody has seen this before. I am not sure if it is a bug or my not completely understanding how SELinux works.
My mail server was working fine secured by SELinux running in enforcing mode. Our company lost connection the the Internet for a couple days so I edited sendmail.mc to skip the domain check for the duration. I edited the file ran MAKE and restarted the sendmail process. I also disabled spamd because all of the email would be internal.
Well SELinux didn't like what I did and started to produce lots of AVC messages and provided solutions to most of them. I followed the suggestion in the "Allowing Access" section of the setroubleshoot browser and most of the messages went away. After about a dozen of these messages, I decided to just have the system "relabel on next reboot" using the SELinux management tool. When that didn't fix the problem, I just disabled SELinux until the Internet connection was fixed.
So the connection was fixed, I fixed the sendmail.mc file to be exactly the same as before the problem. I used MAKE on the file and relabeled the SELinux during a reboot and reset SELinux to enforcement mode.
Spamd will not start in enforcement mode. I get the following setroubleshoot message:
Summary SELinux is preventing spamd (spamd_t) "search" to mail (httpd_sys_content_t).
Somehow you seem to have some important mail-related dir (and maybe more) labelled as httpd_sys_content_t. Maybe /etc/mail?
I was under the impression that if I relabeled the system everything would be reset, but obviously I am incorrect...
I have also received other AVC messages all relating to sendmail files. I was not sure if these would help so I did not include them in this message (This questions is already pretty long!).
Any idea how I can get spamd to run in enforcing mode -and- get SELinux to be happy again?
httpd_sys_content_t is a customizable type and hence not subject to being relabelled normally.
Try: # restorecon -FRv /etc/mail /var/spool/mail
Paul.