EFA 4 beta

Testing of eFa 4
vervoto1
Posts: 4
Joined: 24 Feb 2015 07:17

Re: EFA 4 beta

Post by vervoto1 » 27 Jan 2019 18:43

found another one..

Setting the 7) Mail Settings --> 1) Outbound smart relay network doesnt work if you select e.g. 10.0.0.0/24 to allow your local network to send.

The postfix file master.cf does not contain the 'permit_mynetworks' in smtpd_client_restrictions hence does not relay for the local network, even if it's correctly defined in main.cf as the user interface does correctly.

add that permit_mynetworks in master.cf and it works.

henk
Posts: 387
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: EFA 4 beta

Post by henk » 28 Jan 2019 16:02

Changed postfix master.cf (noanaonymous to noanonymous) and the 'permit_mynetworks' in smtpd_client_restrictions as mentioned

Update with yum: OK

Updated: 4:perl-macros-5.16.3-294.el7_6.x86_64
Updated: 4:perl-libs-5.16.3-294.el7_6.x86_64
Updated: 4:perl-5.16.3-294.el7_6.x86_64
Updated: perl-ExtUtils-Install-1.58-294.el7_6.noarch
Updated: 4:perl-devel-5.16.3-294.el7_6.x86_64
Updated: 1:perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.noarch
Updated: 1:perl-IO-Zlib-1.10-294.el7_6.noarch
Updated: 1:perl-Package-Constants-0.02-294.el7_6.noarch
Updated: 1:perl-Pod-Escapes-1.04-294.el7_6.noarch
Updated: perl-CPAN-1.9800-294.el7_6.noarch
Updated: 1:perl-Module-CoreList-2.76.02-294.el7_6.noarch
Updated: 1:perl-Locale-Maketext-Simple-0.21-294.el7_6.noarch
Updated: 1:clamav-unofficial-sigs-5.6.2-4.eFa.el7.x86_64
Updated: 1:MailWatch-1.2.12-6.eFa.el7.x86_64
Updated: 1:eFa-4.0.0-10.eFa.el7.x86_64


test Gui
Download geoip db via->tools->Update GeoIp database
Downloading file, please wait...
Unable to read or write to the /var/www/html/mailscanner/temp/ directory.

Code: Select all

ls -l /var/www/html/mailscanner/temp
total 3460
-rw-r--r--. 1 php-fpm php-fpm 3541688 Jan 24 16:52 GeoLite2-Country.mmdb
-rwxrwxr-x. 1 root apache 0 Dec 30 23:38 index.html

As the /var/www/html/mailscanner/temp group was apache changed it to php-fpm

Code: Select all

chown root:php-fpm /var/www/html/mailscanner/temp/
Todo: ( meaning do not know how to solve it :cry: )
Running Tools AND Links--> MailScanner Lint (Test)

Code: Select all

 cat /var/log/secure
sudo: php-fpm : TTY=unknown ; PWD=/var/www/html/mailscanner ; USER=root ; COMMAND=/usr/sbin/MailScanner --lint
sudo: pam_systemd(sudo:session): Failed to connect to system bus: Permission denied
sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
sudo: pam_unix(sudo:session): session closed for user root

Audit.log
type=AVC msg=audit(1548693651.204:1670): avc: denied { connectto } for pid=21264 comm="sudo" path="/run/dbus/system_bus_socket" scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=unix_stream_socket permissive=0

Code: Select all

 ll -Z /var/run/dbus/system_bus_socket
srw-rw-rw-. root root system_u:object_r:system_dbusd_var_run_t:s0 /var/run/dbus/system_bus_socket

Code: Select all

semanage export
boolean -D
login -D
interface -D
user -D
port -D
node -D
fcontext -D
module -D
boolean -m -1 antivirus_can_scan_system
boolean -m -1 antivirus_use_jit
boolean -m -1 daemons_enable_cluster_mode
boolean -m -1 httpd_can_network_connect
boolean -m -1 httpd_read_user_content
boolean -m -1 httpd_ssi_exec
boolean -m -1 httpd_unified
boolean -m -1 nis_enabled
boolean -m -1 rsync_full_access
fcontext -a -f a -t antivirus_log_t '/var/log/clamd.scan'
fcontext -a -f a -t net_conf_t '/etc/sysconfig/network-scripts.bak'
fcontext -a -f a -t antivirus_var_run_t '/var/run/clamd.socket'

Temp disable SELinux until knowing how to solve it

Code: Select all

setenforce 0 
Result in Secure.log
sudo: php-fpm : TTY=unknown ; PWD=/var/www/html/mailscanner ; USER=root ; COMMAND=/usr/sbin/MailScanner --lint
sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
sudo: pam_unix(sudo:session): session closed for user root

Alleyviper
Posts: 71
Joined: 16 Oct 2018 05:55
Location: Portugal

Re: EFA 4 beta

Post by Alleyviper » 28 Jan 2019 18:31

Hi there,

Is there a way to keep updating build.sh on existing Efa4 testing from yum update or other procedure?

Do I need to keep rebuilding from scratch?

User avatar
shawniverson
Posts: 2827
Joined: 13 Jan 2014 23:30
Location: Rushville, Indiana, USA
Contact:

Re: EFA 4 beta

Post by shawniverson » 28 Jan 2019 21:41

@henk, thank you for testing. I will flag these to fix. They are related to the new events mpm module, so we need to move everything from the apache user to the php-fpm user and adjust SELinux policies accordingly.
Version eFa 4.0.0 RC3 now available in testing repo. Come join us in advancing eFa!

User avatar
shawniverson
Posts: 2827
Joined: 13 Jan 2014 23:30
Location: Rushville, Indiana, USA
Contact:

Re: EFA 4 beta

Post by shawniverson » 28 Jan 2019 21:42

@Alleyviper "yum update," or just let yum-cron do its nightly thing.

No need to keep rebuilding. I am incrementing package updates in the testing repo now.
Version eFa 4.0.0 RC3 now available in testing repo. Come join us in advancing eFa!

Post Reply