[CentOS] Recommend Mail Server
Thomas Harold
thomas-lists at nybeta.com
Wed Nov 25 18:51:37 UTC 2009
On 11/23/2009 2:21 PM, John R. Dennison wrote:
> On Mon, Nov 23, 2009 at 01:59:40PM -0500, Robert Moskowitz wrote:
>>
>> It points you to:
>> http://howtoforge.net/virtual-users-domains-postfix-courier-mysql-squirrelmail-fedora-10
>>
>> Now granted this is for FC10, but I suspect it would be easy to fit into
>> Centos.
>
> Please, for the love of god and country, do not follow garbage
> like this. Under "1. Preliminary Note" is this text:
>
> "You should make sure that the firewall is off (at least for
> now) and that SELinux is disabled (this is important!)".
>
> Documents that advocate disabling SELinux should be tossed
> in a pile and set on fire. Documents that tell you to
> disable your firewall with no mention in the remaining
> portion of the document to reenable it post install or
> how to properly configure it should join the burn pile.
>
+1... While SELinux can be a PITA at times, it's not going to go away
anytime soon, so a smart sysadmin needs to learn to work with it rather
then against it. HowTos that tell me to disable SELinux or a firewall
are held at arms length and never to be followed literally. (They might
contain some useful commands or configuration options... maybe.)
(personal rant)
You can do a lot of SELinux workarounds with brute-force egrep'ing of
the audit log combined with audit2allow. It's not the best way to do
it. If you have mislabeled files that are labeled with a generic var_t
label, and you grant processes access to those files with blind
acceptance of what audit2allow says, you're also granting access to
every other file that is labeled as var_t. (Better choice would be to
properly label the files that didn't get labeled correctly.)
But even a brute-force application of audit2allow is still a step up
from disabling SELinux entirely.
(I have a love/hate relationship at times with SELinux. I need to spend
another weekend reading up on it again and figuring out some of the
things that I'm not sure about yet.)
More information about the CentOS
mailing list