Page 4 of 4

Re: EFA 4 beta

Posted: 27 Jan 2019 18:43
by vervoto1
found another one..

Setting the 7) Mail Settings --> 1) Outbound smart relay network doesnt work if you select e.g. 10.0.0.0/24 to allow your local network to send.

The postfix file master.cf does not contain the 'permit_mynetworks' in smtpd_client_restrictions hence does not relay for the local network, even if it's correctly defined in main.cf as the user interface does correctly.

add that permit_mynetworks in master.cf and it works.

Re: EFA 4 beta

Posted: 28 Jan 2019 16:02
by henk
Changed postfix master.cf (noanaonymous to noanonymous) and the 'permit_mynetworks' in smtpd_client_restrictions as mentioned

Update with yum: OK

Updated: 4:perl-macros-5.16.3-294.el7_6.x86_64
Updated: 4:perl-libs-5.16.3-294.el7_6.x86_64
Updated: 4:perl-5.16.3-294.el7_6.x86_64
Updated: perl-ExtUtils-Install-1.58-294.el7_6.noarch
Updated: 4:perl-devel-5.16.3-294.el7_6.x86_64
Updated: 1:perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.noarch
Updated: 1:perl-IO-Zlib-1.10-294.el7_6.noarch
Updated: 1:perl-Package-Constants-0.02-294.el7_6.noarch
Updated: 1:perl-Pod-Escapes-1.04-294.el7_6.noarch
Updated: perl-CPAN-1.9800-294.el7_6.noarch
Updated: 1:perl-Module-CoreList-2.76.02-294.el7_6.noarch
Updated: 1:perl-Locale-Maketext-Simple-0.21-294.el7_6.noarch
Updated: 1:clamav-unofficial-sigs-5.6.2-4.eFa.el7.x86_64
Updated: 1:MailWatch-1.2.12-6.eFa.el7.x86_64
Updated: 1:eFa-4.0.0-10.eFa.el7.x86_64


test Gui
Download geoip db via->tools->Update GeoIp database
Downloading file, please wait...
Unable to read or write to the /var/www/html/mailscanner/temp/ directory.

Code: Select all

ls -l /var/www/html/mailscanner/temp
total 3460
-rw-r--r--. 1 php-fpm php-fpm 3541688 Jan 24 16:52 GeoLite2-Country.mmdb
-rwxrwxr-x. 1 root apache 0 Dec 30 23:38 index.html

As the /var/www/html/mailscanner/temp group was apache changed it to php-fpm

Code: Select all

chown root:php-fpm /var/www/html/mailscanner/temp/
Todo: ( meaning do not know how to solve it :cry: )
Running Tools AND Links--> MailScanner Lint (Test)

Code: Select all

 cat /var/log/secure
sudo: php-fpm : TTY=unknown ; PWD=/var/www/html/mailscanner ; USER=root ; COMMAND=/usr/sbin/MailScanner --lint
sudo: pam_systemd(sudo:session): Failed to connect to system bus: Permission denied
sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
sudo: pam_unix(sudo:session): session closed for user root

Audit.log
type=AVC msg=audit(1548693651.204:1670): avc: denied { connectto } for pid=21264 comm="sudo" path="/run/dbus/system_bus_socket" scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=unix_stream_socket permissive=0

Code: Select all

 ll -Z /var/run/dbus/system_bus_socket
srw-rw-rw-. root root system_u:object_r:system_dbusd_var_run_t:s0 /var/run/dbus/system_bus_socket

Code: Select all

semanage export
boolean -D
login -D
interface -D
user -D
port -D
node -D
fcontext -D
module -D
boolean -m -1 antivirus_can_scan_system
boolean -m -1 antivirus_use_jit
boolean -m -1 daemons_enable_cluster_mode
boolean -m -1 httpd_can_network_connect
boolean -m -1 httpd_read_user_content
boolean -m -1 httpd_ssi_exec
boolean -m -1 httpd_unified
boolean -m -1 nis_enabled
boolean -m -1 rsync_full_access
fcontext -a -f a -t antivirus_log_t '/var/log/clamd.scan'
fcontext -a -f a -t net_conf_t '/etc/sysconfig/network-scripts.bak'
fcontext -a -f a -t antivirus_var_run_t '/var/run/clamd.socket'

Temp disable SELinux until knowing how to solve it

Code: Select all

setenforce 0 
Result in Secure.log
sudo: php-fpm : TTY=unknown ; PWD=/var/www/html/mailscanner ; USER=root ; COMMAND=/usr/sbin/MailScanner --lint
sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
sudo: pam_unix(sudo:session): session closed for user root

Re: EFA 4 beta

Posted: 28 Jan 2019 18:31
by Alleyviper
Hi there,

Is there a way to keep updating build.sh on existing Efa4 testing from yum update or other procedure?

Do I need to keep rebuilding from scratch?

Re: EFA 4 beta

Posted: 28 Jan 2019 21:41
by shawniverson
@henk, thank you for testing. I will flag these to fix. They are related to the new events mpm module, so we need to move everything from the apache user to the php-fpm user and adjust SELinux policies accordingly.

Re: EFA 4 beta

Posted: 28 Jan 2019 21:42
by shawniverson
@Alleyviper "yum update," or just let yum-cron do its nightly thing.

No need to keep rebuilding. I am incrementing package updates in the testing repo now.