On 04/28/2017 08:07 PM, me at tdiehl.org wrote: > On Fri, 28 Apr 2017, Gordon Messmer wrote: > >> On 04/28/2017 12:06 AM, Robert Moskowitz wrote: >>> >>> Here are the messages I got: >>> >>> type=AVC msg=audit(1493361695.041:49205): avc: denied { rlimitinh >>> } for >>> pid=3047 comm="cleanup" scontext=system_u:system_r:postfix_master_t:s0 >>> tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=process >>> permissive=1 >> >> >> My advice would be to slow down, and solve one problem at a time. We >> were talking about testing dovecot, and now you're testing postfix. >> I know you need them both to work, but these are separate services, >> with their own individual policies. If you're going to submit a bug >> report, you need to be able to specifically describe the problem and >> the solution. You're not going to do that by mixing different >> services together. >> >>> sendmail -i testit3 at test.htt-consult.com < >>> /usr/share/doc/amavisd-new-2.10.1/test-messages/README >>> >>> It failed accessing mysql with the following maillog messages: >> >> Yes, but the policy you added earlier only granted MySQL access to >> dovecot. For postfix, you'll want to check for booleans first and >> then create a policy (without debugging AVCs) if no boolean exists, >> and then look at debugging AVCs if there are still issues (which is >> *almost* never the case). >> >>> >>> When I get home Monday, I am going to rebuild the server. >> >> That would be good. Keep a log of *all* of the changes you make to >> the system, from the very beginning. Once you resolve the problem, >> rebuild the server again and follow your log. > > +1 to what Gordon said. It is the only way you are going to figure it > out. > > You could use something like Ansible so that you can rebuild the > server the > same way in about 20 minutes. Yes, it takes time to get Ansible or > something > similar to work but once you do, you can build the same thing as many > times > as you need and they are always the same. I think I have rather good instructions with which I can build the server quickly: http://medon.htt-consult.com/Centos7-mailserver.html Though I am going to drop mailgraph. At first, looking at another site using it, I was impressed. But not anymore. Plus the pages are in German, and I really can't do the translation.