[CentOS] mail delivery question

Daniel J Walsh dwalsh at redhat.com
Mon Jun 23 11:22:28 UTC 2014 

On 06/20/2014 03:15 PM, Chuck Campbell wrote:
> I've built a new mail system with Centos 6.5, and I'm running fetchmail -
> sendmail - procmail to maildir. I have all of this working at the moment.(I
> know, postfix was the default, but for lots of other reasons, I switched, and
> that isn't an issue, I don't think).
>
> I am using dovecot as an imap server. Procmail won't update indexes during email
> delivery, so I'm having some performance delays and lags when accessing the
> emails via imap. I would like to use dovecot-lda for delivery, but I get
> permission denied errors, and I don't know why or where they are coming from.
>
> Here is the .procmailrc and procmail log file response when I try to use
> dovecot-lda from procmail:
>
> .procmailrc
>
> SHELL=/bin/sh
> PATH=$HOME/bin:/bin:/usr/bin:/usr/local/bin:/usr/contrib/bin:.
> # one page suggested MAILDIR has no trailing slash, but DEFAULT should have one
> MAILDIR=$HOME/Maildir/  # You'd better make sure it exists '
> DEFAULT=$MAILDIR
> LOGFILE="$HOME/procmail_log"
> LOCKFILE="$HOME/.lockmail"
> LOCKEXT=.lock
> :0
> * .
> {
>  LOG="$NL default recipe using copy to .ham_to_learn/ (maildir version) $NL"
> }
>  :0 c
>  .ham_to_learn/
>  :0
>   | /usr/libexec/dovecot/deliver -m $DEFAULT
>
>
> I get this in my log file:
>
> procmail: [27709] Fri Jun 20 14:00:17 2014
>  default recipe using copy to .ham_to_learn/ (maildir version)
> procmail: Assigning "LASTFOLDER=.ham_to_learn/new/1403290809.27709_3.helium"
> procmail: Assigning "LASTFOLDER=/usr/libexec/dovecot/deliver -m
> /home/campbell/Maildir/"
> procmail: Notified comsat: "campbell@:/usr/libexec/dovecot/deliver -m
> /home/campbell/Maildir/"
> >From campbell at accelinc.com  Fri Jun 20 14:00:06 2014
>  Subject: Re: Uruguay gravity model description
>   Folder: /usr/libexec/dovecot/deliver -m /home/campbell/Maildir/         10470
> procmail: Unlocking "/home/campbell/.lockmail"
> procmail: Executing "/usr/libexec/dovecot/deliver,-m,/home/campbell/Maildir/"
> /bin/sh: /usr/libexec/dovecot/deliver: Permission denied
>
> ls -laFZ /usr/libexec/
> <snip>
> drwxr-xr-x. root root     system_u:object_r:bin_t:s0       dovecot/
> <snip>
>
> ls -laFZ /usr/libexec/dovecot
> <snip>
> lrwxrwxrwx. root root system_u:object_r:bin_t:s0       deliver -> dovecot-lda*
> -rwxr-xr-x. root root system_u:object_r:dovecot_deliver_exec_t:s0 dovecot-lda*
> <snip>
>
> It doesn't matter whether I reference the link file, or dovecot-lda directly, I
> get the same result.
>
> I'm not getting any AVC (SELinux) entries in my /var/log/audit/audit.log, so it
> doesn't appear to be unix permissions, or SELinux issues.
> How can I find out what permissions I need to change?
>
> -chuck
>
>
> --------------------------------------------------------------
> current working (but not indexing) examples below here.
>
> Two versions using procmail for delivery that succeed:
>
>
> If my .procmailrc file that looks like this:
>
> SHELL=/bin/sh
> PATH=$HOME/bin:/bin:/usr/bin:/usr/local/bin:/usr/contrib/bin:.
> # one page suggested MAILDIR has no trailing slash, but DEFAULT should have one
> MAILDIR=$HOME/Maildir/  # You'd better make sure it exists '
> DEFAULT=$MAILDIR
> LOGFILE="$HOME/procmail_log"
> LOCKFILE="$HOME/.lockmail"
> LOCKEXT=.lock
> :0
> * .
> {
>  LOG="$NL default recipe using copy to .ham_to_learn/ (maildir version) $NL"
> }
>  :0 c
>  .ham_to_learn/
>
>
> I get this in my log file:
>
> procmail: [27580] Fri Jun 20 13:37:55 2014
>  default recipe using copy to .ham_to_learn/ (maildir version)
> procmail: Assigning "LASTFOLDER=.ham_to_learn/new/1403289475.27580_2.helium"
> procmail: Assigning
> "LASTFOLDER=/home/campbell/Maildir/new/1403289475.27580_3.helium"
> procmail: Notified comsat:
> "campbell at 0:/home/campbell/Maildir/new/1403289475.27580_3.helium"
> >From campbell at accelinc.com  Fri Jun 20 13:37:55 2014
>  Subject: t41
>   Folder: /home/campbell/Maildir/new/1403289475.27580_3.helium             4299
> procmail: Unlocking "/home/campbell/.lockmail"
>
> I get a copy in my inbox and a copy in my ham to learn folder. All appears OK
>
> If I use this recipe:
>
> SHELL=/bin/sh
> PATH=$HOME/bin:/bin:/usr/bin:/usr/local/bin:/usr/contrib/bin:.
> # one page suggested MAILDIR has no trailing slash, but DEFAULT should have one
> MAILDIR=$HOME/Maildir/  # You'd better make sure it exists '
> DEFAULT=$MAILDIR
> LOGFILE="$HOME/procmail_log"
> LOCKFILE="$HOME/.lockmail"
> LOCKEXT=.lock
> :0
> * .
> {
>  LOG="$NL default recipe using copy to .ham_to_learn/ (maildir version) $NL"
> }
>  :0 c
>  .ham_to_learn/
>  :0
>   $DEFAULT
>
> I get this in my log file (same as above, all is well):
>
> procmail: [27646] Fri Jun 20 13:46:25 2014
>  default recipe using copy to .ham_to_learn/ (maildir version)
> procmail: Assigning "LASTFOLDER=.ham_to_learn/new/1403289985.27646_2.helium"
> procmail: Assigning
> "LASTFOLDER=/home/campbell/Maildir/new/1403289985.27646_3.helium"
> procmail: Notified comsat:
> "campbell at 0:/home/campbell/Maildir/new/1403289985.27646_3.helium"
> >From campbell at accelinc.com  Fri Jun 20 13:45:53 2014
>  Subject: t43
>   Folder: /home/campbell/Maildir/new/1403289985.27646_3.helium             4603
> procmail: Unlocking "/home/campbell/.lockmail"
>
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
I think it could still be an SELinux issue. Does putting the machine in
permissive mode, allow everything to work?

If so, then you might want to temporarily disable dontaudit rules to see
if one of them is causing your issue.

semodule -DB

Run your test

You should see lots of AVC's now.  Search for ones that match your tools.

semodule -B

Will turn dontaudit rules back on.

More information about the CentOS mailing list