On 29/01/25 12:56, E R via Postfix-users wrote:
Yes, I wholeheartedly agree. Even if I disagreed, it would not be one of the rare Postfix bugs. 8-) As I wrote in another post, I do think it might be helpful to mention the downside of not using the default of syslog as I did.
While I don't have an issue with mentioning this in the docs as you suggest, there are actually a very large number of postfix settings that will be affected by SELinux, AppArmour, and other similar security hardening techniques. This ranges from the maillog_file settings that you discovered to locations of db files to additional or changed ports, the list goes on and on. It would be a massive repetitive task to make a note in the docs for every setting that can be affected by some security setting on your system.
I learned there are dontaudit rules that can suppress some messages so I needed to temporarily set those to off in order to get denial messages.
Indeed, although it's quite rare for one of these rules to cause an issue it does happen. I had it happen to me once a number of years ago and it took me ages to figure out.
At the end of the day you can always run `setenforce 0` and if something that wasn't working magically starts working then you know it's selinux. If there's no denial entries in the audit log then it will indeed be one of those "hidden" log entries and you will need to run a command like you mentioned to be able to see them and fix the issue.
Peter _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
