On 04/12/2023 19:44, Carsten Strotmann (sys4) via Postfix-users wrote:
Hi Dulux-Oz,
On 4 Dec 2023, at 9:20, duluxoz via Postfix-users wrote:
Hi All,
This issue is definitely SELinux related, because it only crops up when SELinux
is enabled.
I'm getting a `TLS handshake failed for service=smtp peer=[104.199.96.85]:587`
error when attempting to rely via mailjet (that's who's IP that is) and also
brevo/sendinblue.
Any one have any ideas (apart from disabling SELinux - that is *NOT* an option)
:-)
disabling SElinux is never a good option :)
On which Linux-Distro is this issue happening?
Can you send the SELinux messages from the Linux Audit Subsystem (where SELinux
send information about policy violations) from around the time the issue is
reported in the mail log? This would be the command:
ausearch -m avc -i --start <start-time> --end <end-time>
(see "man ausearch" for the syntax of the start- and end-times -- there might
be a large number of log entries -- try to limit the time to a few minutes before/after
the error occurred)
I suspect some files have the wrong SElinux security context label, but which
files that are will be told by the audit log messages.
Greetings
Carsten
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
Hi Carsten
Its Rocky v9.1
That's the funny thing: I've done an `audit2allow -a` and all of the
'errors' are accounted for by update policys, and the suggested
`ausearch` produces nothing - zip, narda, nil :-(
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
