[CentOS] Recommend Mail Server

Thomas Harold thomas-lists at nybeta.com
Wed Nov 25 18:51:37 UTC 2009

On 11/23/2009 2:21 PM, John R. Dennison wrote:
> On Mon, Nov 23, 2009 at 01:59:40PM -0500, Robert Moskowitz wrote:
>> It points you to:
>> http://howtoforge.net/virtual-users-domains-postfix-courier-mysql-squirrelmail-fedora-10
>> Now granted this is for FC10, but I suspect it would be easy to fit into
>> Centos.
> 	Please, for the love of god and country, do not follow garbage
> 	like this.  Under "1. Preliminary Note" is this text:
> 	"You should make sure that the firewall is off (at least for
> 	now) and that SELinux is disabled (this is important!)".
> 	Documents that advocate disabling SELinux should be tossed
> 	in a pile and set on fire.  Documents that tell you to
> 	disable your firewall with no mention in the remaining
> 	portion of the document to reenable it post install or
> 	how to properly configure it should join the burn pile.

+1... While SELinux can be a PITA at times, it's not going to go away 
anytime soon, so a smart sysadmin needs to learn to work with it rather 
then against it.  HowTos that tell me to disable SELinux or a firewall 
are held at arms length and never to be followed literally.  (They might 
contain some useful commands or configuration options... maybe.)

(personal rant)

You can do a lot of SELinux workarounds with brute-force egrep'ing of 
the audit log combined with audit2allow.  It's not the best way to do 
it.  If you have mislabeled files that are labeled with a generic var_t 
label, and you grant processes access to those files with blind 
acceptance of what audit2allow says, you're also granting access to 
every other file that is labeled as var_t.  (Better choice would be to 
properly label the files that didn't get labeled correctly.)

But even a brute-force application of audit2allow is still a step up 
from disabling SELinux entirely.

(I have a love/hate relationship at times with SELinux.  I need to spend 
another weekend reading up on it again and figuring out some of the 
things that I'm not sure about yet.)

More information about the CentOS mailing list