[CentOS] SpamAssassin vs. SELinux

Fri Oct 6 06:50:48 UTC 2017
Nicolas Kovacs <info at microlinux.fr>


I just installed SpamAssassin on two servers running CentOS 7 and
Postfix. One is my sandbox server for experimenting, the other one is
the server that hosts my company's web site, blog, mail, etc.

So far, SpamAssassin seems to work as expected. I sent a test mail,
which was duly flagges as [SPAM], and I already see the odd incoming
spam message correctly flagged as [SPAM].

For testing purposes, I switched SELinux to permissive mode (usually I
activate SELinux for everything).

It looks like it's causing a bit of a problem here.

# sealert -a /var/log/audit/audit.log

And here's what I get.

SELinux is preventing /usr/bin/perl from create access on the directory

*****  Plugin catchall (100. confidence) suggests   *********

If you believe that perl should be allowed create access on the
.spamassassin directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
allow this access for now by executing:
# ausearch -c '7370616D64206368696C64' --raw | audit2allow -M
# semodule -i my-7370616D64206368696C64.pp

Usually sealert's suggestions are to the point and work perfectly.
Except in this case it doesn't. Here's what I get:

# ausearch -c '7370616D64206368696C64' --raw | audit2allow -M
Nothing to do

Any suggestions?

Cheers from the sunny South of France,

Niki Kovacs

Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Web  : http://www.microlinux.fr
Mail : info at microlinux.fr
Tél. : 04 66 63 10 32