SpamAssassin Vs. SELinux

Home » CentOS » SpamAssassin Vs. SELinux
CentOS 1 Comment

Hi,

I just installed SpamAssassin on two servers running CentOS 7 and Postfix. One is my sandbox server for experimenting, the other one is the server that hosts my company’s web site, blog, mail, etc.

So far, SpamAssassin seems to work as expected. I sent a test mail, which was duly flagges as [SPAM], and I already see the odd incoming spam message correctly flagged as [SPAM].

For testing purposes, I switched SELinux to permissive mode (usually I
activate SELinux for everything).

It looks like it’s causing a bit of a problem here.

# sealert -a /var/log/audit/audit.log

And here’s what I get.

–8<------------------------------------------------------ SELinux is preventing /usr/bin/perl from create access on the directory .spamassassin. ***** Plugin catchall (100. confidence) suggests ********* If you believe that perl should be allowed create access on the .spamassassin directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c '7370616D64206368696C64' --raw | audit2allow -M my-7370616D64206368696C64 # semodule -i my-7370616D64206368696C64.pp ... --8<------------------------------------------------------ Usually sealert's suggestions are to the point and work perfectly. Except in this case it doesn't. Here's what I get: # ausearch -c '7370616D64206368696C64' --raw | audit2allow -M my-7370616D64206368696C64 Nothing to do Any suggestions? Cheers from the sunny South of France, Niki Kovacs -- Microlinux - Solutions informatiques durables 7, place de l'église - 30730 Montpezat Web : http://www.microlinux.fr Mail : info@microlinux.fr Tél. : 04 66 63 10 32

One thought on - SpamAssassin Vs. SELinux

  • Le 06/10/2017 à 08:50, Nicolas Kovacs a écrit :

    I’ll answer that myself, since I just found the culprit.

    # setsebool -P spamd_enable_home_dirs 1

    Boolean did the trick. Looks like this is not in setroubleshoot’s database.

    Cheers,

    Niki


    Microlinux – Solutions informatiques durables
    7, place de l’église – 30730 Montpezat Web : http://www.microlinux.fr Mail : info@microlinux.fr Tél. : 04 66 63 10 32