The mailing list for listmasters using Sympa

[Michael Werzowa <address@concealed>]

Hello Lourdes, hello all!

Normally, it’s quite straightforward to adapt selinux to the requirements of an application, I did this for sympa just within a few minutes.

You can do this with selinux in enforcing or permissive mode. After setup change to enforcing mode (setenforce 1)

Prerequisites: 

You need setools and at least setroubleshoot-server, optionally, if you use a GUI, the complete setroubleshoot .

sudo yum install setools setroubleshootserver

then check with 

sudo sealert -a /var/log/audit/audit.log

you will get e few entries with a description how to solve the conflict with selinux rules. Normally, this is quite straightforward and easy to understand.

As I remember, there were just a handful of rules that had to be adapted – following the how-to, provided directly by sealert!

You may have to repeat this step a few times, as the rules may need to be extended, e.g.: program x may read directory -> may read file -> may change file.

Hope this works for you ;-)

Best,

Michael

--

*******************************************************************

Michael Werzowa

A-1180 Wien, Alsegger Str 9

+43 664 302 4511,  fax +43 810 9554 185931

address@concealed

*******************************************************************

Am 25.10.2018 um 08:46 schrieb LOURDES REBOLLAR REIER <address@concealed>:

Good Morning Soji,

 

Thank you very much for your reply, it is solved. I disabled SELinux and the mail came out and I received the message correctly.

 

Best regards

 

Lourdes

 

De: Soji Ikeda [mailto:address@concealed] 
Enviado el: miércoles, 24 de octubre de 2018 15:12
Para: LOURDES REBOLLAR REIER <address@concealed>
CC: address@concealed; MARIA DE LAS NIEVES NIETO JIMENEZ <address@concealed>
Asunto: Re: [sympa-users] Permission denied

 

Hi Lourdes,

Is SELinux enabled on your server?  If you don’t need it, try disabling it:

 

    # setenforce 0

 

 

Regards,

— Soji

2018/10/23 21:20、LOURDES REBOLLAR REIER <address@concealed>のメール:

Hello,

 

We had installed  Sympa 6.2.37b.1 with Postfix 2.10.1 (Single domain setting) and RedHat 7.5. Everything is ok now but when we sent a mail to address@concealed with subject help to test the installation , the mail is queued and we get the following error:

 

# mailq

-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------

AA2776B41D     6378 Tue Oct 23 13:56:18  address@concealed

(temporary failure. Command output: /usr/libexec/sympa/queue: while opening queue file 'address@concealed.1540296095.11158': Permission denied)

                                         address@concealed

 

the queue executable file has the following security:

 

# ls -l /usr/libexec/sympa/queue

-rwsr-xr-x. 1 sympa sympa 24152 oct  6 12:51 /usr/libexec/sympa/queue

 

And the aliases file is :

 

 

# more /etc/sympa/aliases.sympa.postfix

# Robot aliases for Sympa.

sympa:                 "| /usr/libexec/sympa/queue address@concealed"

listmaster:            "| /usr/libexec/sympa/queue listmaster@ xxxxx.ucm.es"

bounce:                "| /usr/libexec/sympa/bouncequeue sympa@ xxxxx.ucm.es"

abuse-feedback-report: "| /usr/libexec/sympa/bouncequeue sympa@ xxxxx.ucm.es"

sympa-request:         postmaster

sympa-owner:           postmaster

 

Please any help? Must we modify master.cf file ?

 

Looking forward to your answer & Best regards

 

Lourdes Rebollar Reier

-------------------------------------------------------
Universidad Complutense

Centro de Proceso de Datos
Avda. Complutense S/N. 
28040 Madrid 
Tel: +34-91-3944769 

Fax: +34-91-3944773 
E-mail: lrebollar at ucm es 

P El consumo de papel es perjudicial para el medio ambiente. Por favor, téngalo en cuenta antes de imprimir este mensaje.

Paper waste harms our environment. Please bear this in mind before printing this message.