EL5.4, SELinux, and postfix Oh My!

Be forewarned that if you run postfix and install the latest SELinux errata, your system will no longer send mail with SELinux in enforcing mode.

All of my Linux systems running CentOS 5.4 and using postfix as an MTA have been rendered incapable of sending some email by the latest SELinux errata (selinux-policy-2.4.6-255.el5_4.3). You may first notice that something is wrong by the lack of email that the system is sending, primarily the daily logwatch emails. Luckily I also have daily tripwire messages and the below output made me start looking for a problem:

/etc/cron.daily/0logwatch:

sendmail: warning: premature end-of-input on /usr/sbin/postdrop -r while reading
input attribute name
sendmail: fatal: root(0): unable to execute /usr/sbin/postdrop -r: Success

I manged to first find information on this bug on the CentOS forums. There is a workaround at the RedHat Bugzilla. Red Hat, unfortunately, seems to think that your system being unable to send mail is something that can wait for an SELinux policy fix until EL5.5.

Advertisements

About Michael Arnold
This is where I write about all of my unix hacking experiences so that you may be able to learn from my troubles.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: