On 06/20/2014 03:15 PM, Chuck Campbell wrote:
I've built a new mail system with Centos 6.5, and I'm running fetchmail - sendmail - procmail to maildir. I have all of this working at the moment.(I know, postfix was the default, but for lots of other reasons, I switched, and that isn't an issue, I don't think).
I am using dovecot as an imap server. Procmail won't update indexes during email delivery, so I'm having some performance delays and lags when accessing the emails via imap. I would like to use dovecot-lda for delivery, but I get permission denied errors, and I don't know why or where they are coming from.
Here is the .procmailrc and procmail log file response when I try to use dovecot-lda from procmail:
.procmailrc
SHELL=/bin/sh PATH=$HOME/bin:/bin:/usr/bin:/usr/local/bin:/usr/contrib/bin:. # one page suggested MAILDIR has no trailing slash, but DEFAULT should have one MAILDIR=$HOME/Maildir/ # You'd better make sure it exists ' DEFAULT=$MAILDIR LOGFILE="$HOME/procmail_log" LOCKFILE="$HOME/.lockmail" LOCKEXT=.lock :0
- .
{ LOG="$NL default recipe using copy to .ham_to_learn/ (maildir version) $NL" } :0 c .ham_to_learn/ :0 | /usr/libexec/dovecot/deliver -m $DEFAULT
I get this in my log file:
procmail: [27709] Fri Jun 20 14:00:17 2014 default recipe using copy to .ham_to_learn/ (maildir version) procmail: Assigning "LASTFOLDER=.ham_to_learn/new/1403290809.27709_3.helium" procmail: Assigning "LASTFOLDER=/usr/libexec/dovecot/deliver -m /home/campbell/Maildir/" procmail: Notified comsat: "campbell@:/usr/libexec/dovecot/deliver -m /home/campbell/Maildir/"
From campbell@accelinc.com Fri Jun 20 14:00:06 2014
Subject: Re: Uruguay gravity model description Folder: /usr/libexec/dovecot/deliver -m /home/campbell/Maildir/ 10470 procmail: Unlocking "/home/campbell/.lockmail" procmail: Executing "/usr/libexec/dovecot/deliver,-m,/home/campbell/Maildir/" /bin/sh: /usr/libexec/dovecot/deliver: Permission denied
ls -laFZ /usr/libexec/
<snip> drwxr-xr-x. root root system_u:object_r:bin_t:s0 dovecot/ <snip>
ls -laFZ /usr/libexec/dovecot
<snip> lrwxrwxrwx. root root system_u:object_r:bin_t:s0 deliver -> dovecot-lda* -rwxr-xr-x. root root system_u:object_r:dovecot_deliver_exec_t:s0 dovecot-lda* <snip>
It doesn't matter whether I reference the link file, or dovecot-lda directly, I get the same result.
I'm not getting any AVC (SELinux) entries in my /var/log/audit/audit.log, so it doesn't appear to be unix permissions, or SELinux issues. How can I find out what permissions I need to change?
-chuck
current working (but not indexing) examples below here.
Two versions using procmail for delivery that succeed:
If my .procmailrc file that looks like this:
SHELL=/bin/sh PATH=$HOME/bin:/bin:/usr/bin:/usr/local/bin:/usr/contrib/bin:. # one page suggested MAILDIR has no trailing slash, but DEFAULT should have one MAILDIR=$HOME/Maildir/ # You'd better make sure it exists ' DEFAULT=$MAILDIR LOGFILE="$HOME/procmail_log" LOCKFILE="$HOME/.lockmail" LOCKEXT=.lock :0
- .
{ LOG="$NL default recipe using copy to .ham_to_learn/ (maildir version) $NL" } :0 c .ham_to_learn/
I get this in my log file:
procmail: [27580] Fri Jun 20 13:37:55 2014 default recipe using copy to .ham_to_learn/ (maildir version) procmail: Assigning "LASTFOLDER=.ham_to_learn/new/1403289475.27580_2.helium" procmail: Assigning "LASTFOLDER=/home/campbell/Maildir/new/1403289475.27580_3.helium" procmail: Notified comsat: "campbell@0:/home/campbell/Maildir/new/1403289475.27580_3.helium"
From campbell@accelinc.com Fri Jun 20 13:37:55 2014
Subject: t41 Folder: /home/campbell/Maildir/new/1403289475.27580_3.helium 4299 procmail: Unlocking "/home/campbell/.lockmail"
I get a copy in my inbox and a copy in my ham to learn folder. All appears OK
If I use this recipe:
SHELL=/bin/sh PATH=$HOME/bin:/bin:/usr/bin:/usr/local/bin:/usr/contrib/bin:. # one page suggested MAILDIR has no trailing slash, but DEFAULT should have one MAILDIR=$HOME/Maildir/ # You'd better make sure it exists ' DEFAULT=$MAILDIR LOGFILE="$HOME/procmail_log" LOCKFILE="$HOME/.lockmail" LOCKEXT=.lock :0
- .
{ LOG="$NL default recipe using copy to .ham_to_learn/ (maildir version) $NL" } :0 c .ham_to_learn/ :0 $DEFAULT
I get this in my log file (same as above, all is well):
procmail: [27646] Fri Jun 20 13:46:25 2014 default recipe using copy to .ham_to_learn/ (maildir version) procmail: Assigning "LASTFOLDER=.ham_to_learn/new/1403289985.27646_2.helium" procmail: Assigning "LASTFOLDER=/home/campbell/Maildir/new/1403289985.27646_3.helium" procmail: Notified comsat: "campbell@0:/home/campbell/Maildir/new/1403289985.27646_3.helium"
From campbell@accelinc.com Fri Jun 20 13:45:53 2014
Subject: t43 Folder: /home/campbell/Maildir/new/1403289985.27646_3.helium 4603 procmail: Unlocking "/home/campbell/.lockmail"
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
I think it could still be an SELinux issue. Does putting the machine in permissive mode, allow everything to work?
If so, then you might want to temporarily disable dontaudit rules to see if one of them is causing your issue.
semodule -DB
Run your test
You should see lots of AVC's now. Search for ones that match your tools.
semodule -B
Will turn dontaudit rules back on.