EL5.4, SELinux, and postfix Oh My!

Be forewarned that if you run postfix and install the latest SELinux errata, your system will no longer send mail with SELinux in enforcing mode.

All of my Linux systems running CentOS 5.4 and using postfix as an MTA have been rendered incapable of sending some email by the latest SELinux errata (selinux-policy-2.4.6-255.el5_4.3). You may first notice that something is wrong by the lack of email that the system is sending, primarily the daily logwatch emails. Luckily I also have daily tripwire messages and the below output made me start looking for a problem:


sendmail: warning: premature end-of-input on /usr/sbin/postdrop -r while reading
input attribute name
sendmail: fatal: root(0): unable to execute /usr/sbin/postdrop -r: Success

I manged to first find information on this bug on the CentOS forums. There is a workaround at the RedHat Bugzilla. Red Hat, unfortunately, seems to think that your system being unable to send mail is something that can wait for an SELinux policy fix until EL5.5.