> > >> >>> Checking outgoing mail service.... >>> >>> ERROR: Error connecting to SMTP server "A.B.C.D:25".Server error: >>> (111) Connection refused >>> >>> NOTE: I obfuscated my internal ip network addresses above... >>> >>> I can't find anything wrong with my postfix config, telnet works just fine >>> on port 25. >>> >>> I currently have selinux in 'permissive' mode as in 'Enforcing' mode I was >>> not able to write to the attachment directory (maybe I have a >>> bigger issue here). >>> >>> Could I need to adjust the firewall rules?? >> >> Take a look at them and make sure. >> >> Make sure you are telnetting from the same place SquirrelMail is running >> and that the address is exactly the same. If that works, sudo telnet as >> the same user apache is running as, since maybe apache user is prevented >> from connecting on the network. >> >> -- >> Paul Lesniewski >> SquirrelMail Team >> Please support Open Source Software by donating to SquirrelMail! >> http://squirrelmail.org/donate_paul_lesniewski.php >> > > Paul, > > I have adjusted by firewall rules. How does the following look to you? > > [root@kevla conf.d]# firewall-cmd --list-all --permanent > public > target: default > icmp-block-inversion: no > interfaces: > sources: > services: cockpit dhcpv6-client http https imap smtp ssh > ports: 80/tcp 443/tcp > protocols: > forward: yes > masquerade: no > forward-ports: > source-ports: > icmp-blocks: > rich rules: > > If I need to adjust something, please let me know what, and how to go about > it... > > About this error: > ERROR: Error connecting to SMTP server "A.B.C.D:25".Server error: > > I am configuring this box 'offline' and no direct connection to an outgoing > relay (as of yet). Could that be part of my problem? IOW, is > this an internal only issue or could it be related to no forwarding relay > server? > > Jay > Paul,
I've dug a bit deeper here. Firewall configs are now... [root@kevla share]# firewall-cmd --list-all --permanent public target: default icmp-block-inversion: no interfaces: sources: services: cockpit dhcpv6-client http https imap imaps smtp ssh ports: 80/tcp 443/tcp 25/tcp 993/tcp 143/tcp 587/tcp protocols: forward: yes masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: I've ruled out the firewall being a possibility of the issue. I think my main problem seems to be shown below from the messages log file. I get these every time I run configtest.php and get the SMTP server above: Dec 30 16:04:32 kevla setroubleshoot[37707]: SELinux is preventing /usr/sbin/php-fpm from open access on the file /usr/share/squirrelmail/plugins/compatibility/functions.php.#012#012***** Plugin restorecon (92.2 confidence) suggests ************************#012#012If you want to fix the label. #012/usr/share/squirrelmail/plugins/compatibility/functions.php default label should be usr_t.#012Then you can run restorecon. The access attempt may have been stopped due to insufficient permissions to access a parent directory in which case try to change the following command accordingly.#012Do#012# /sbin/restorecon -v /usr/share/squirrelmail/plugins/compatibility/functions.php#012#012***** Plugin catchall_boolean (7.83 confidence) suggests ******************#012#012If you want to allow httpd to read user content#012Then you must tell SELinux about this by enabling the 'httpd_read_user_content' boolean.#012#012Do#012setsebool -P httpd_read_user_content 1#012#012***** Plugin catchall (1.41 confidence) suggests **************************#012#012If you believe that php-fpm should be allowed open access on the functions.php file by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'php-fpm' --raw | audit2allow -M my-phpfpm#012# semodule -X 300 -i my-phpfpm.pp#012 Here are the permissions for that particular file. [root@kevla log]# ls -lZ /usr/share/squirrelmail/plugins/compatibility/functions.php -rw-r--r--. 1 root root unconfined_u:object_r:user_home_t:s0 30611 Dec 6 2009 /usr/share/squirrelmail/plugins/compatibility/functions.php Looking at the plugin directories, and running 'ls -lZ', I see a mixture of permissions, such as: calendar: total 76 -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0 6541 Dec 28 18:51 calendar_data.php -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0 6770 Dec 28 18:51 calendar.php -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0 6128 Dec 28 18:51 day.php -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0 6716 Dec 28 18:51 event_create.php -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0 5851 Dec 28 18:51 event_delete.php -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0 12887 Dec 28 18:51 event_edit.php -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0 5291 Dec 28 18:51 functions.php -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0 499 Dec 28 18:51 index.php -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0 887 Dec 28 18:51 README -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0 700 Dec 28 18:51 setup.php compatibility: total 68 drwxr-xr-x. 2 root root unconfined_u:object_r:user_home_t:s0 84 Dec 6 2009 docs -rw-r--r--. 1 root root unconfined_u:object_r:user_home_t:s0 30611 Dec 6 2009 functions.php drwxr-xr-x. 31 root root unconfined_u:object_r:user_home_t:s0 4096 Dec 6 2009 includes -rw-r--r--. 1 root root unconfined_u:object_r:user_home_t:s0 466 Jan 2 2009 index.php drwxr-xr-x. 2 root root unconfined_u:object_r:user_home_t:s0 79 Nov 1 2009 locale -rwxr--r--. 1 root root unconfined_u:object_r:user_home_t:s0 5928 Nov 1 2009 make_release.sh drwxr-xr-x. 2 root root unconfined_u:object_r:user_home_t:s0 4096 Nov 1 2009 patches drwxr-xr-x. 2 root root unconfined_u:object_r:user_home_t:s0 4096 Nov 1 2009 patches.old -rw-r--r--. 1 root root unconfined_u:object_r:user_home_t:s0 53 Nov 1 2009 README -rw-r--r--. 1 root root unconfined_u:object_r:user_home_t:s0 2096 Dec 6 2009 setup.php -rw-r--r--. 1 root root unconfined_u:object_r:user_home_t:s0 21 Dec 6 2009 version I ASSUME I need to change everything /usr/share/squirrelmail to ''object_r:usr_t? If not, what SHOULD THEY be? Jay ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: [email protected] List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
