lejeczek via Postfix-users:
> hi guys.
> All these SELinux denials were caused by an external tool
> (part of the HA management actually & running on the same
> box as postfix), a script which part is:
>
> ??????? sendmail)
> ??????????? sendmail -t -r "${email_sender}" <<__EOF__
> From: ${email_sender}
> To: ${email_recipient}
> Return-Path: ${email_sender}
> Subject: ${email_subject}
>
> ${email_body}
> __EOF__
>
> Would somebody care to comment as to whether:
> a) is there anything on postfix's end exclusively, that
> could be "fixed in" to mitigate such a scenario where
> external tool does "circumvent" mail delivery?
The Postfix sendmail command reads message input from stdin. Postfix
MUST NOT care whether the input does or does not come from the
/usr/bin/mail command.
Apparently, the "fifo write" operation referred to in the SeLinux
error message happens when the postdrop command transmit status
information to the sendmail command over an in-process duplex pipe
or UNIX-domain socket. If that write operation triggers an SeLinux
rule violation, then that must be an an oversight in SeLinux rules,
and must be fixed there.
> b) what to "fix" on "external" mail tools' end in order to
> adhere to system's default mail delivery?
Fis the SeLinux rules.
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
