On 21/12/24 12:37, E R via Postfix-users wrote:
Curious if there are others using the maillog_file setting who have
found that "out of the box" RHEL 8+ or 9+ will not allow Postfix to
start? I worked around the issue by creating a policy module for
testing purposes thanks to the help the SELInux Tool gave me (#sealert
-l "*") with the suggestion to create a module for the exception. I
have reached out to Red Hat to see if they might agree this is a bug
in the SELinux policy. If Red Hat does not agree I might convert my
setup to use the default syslog method for logging since I prefer to
limit any non-standard setups that might be prone to issues down the
road when apps/OS are updated.
maillog_file = /var/log/maillog
Helpful documentation from Postfix at
https://www.postfix.org/MAILLOG_README.html on this setting as well as
how to rotate logs using the Postfix logging system.
This is not going to be considered a bug. The configuration shipped
with the postfix package from RHEL uses syslog to log to the maillog
file and it's expected that if you change that then you'll be
responsible for configuring selinux to allow this. Consider that under
normal circumstances allowing various different programs to directly
write to maillog can be a major security hole. This is not very
difficult to do, just run audit2why against your audit.log file with the
denials in it and it will tell you exactly what you need to do to allow
this.
Peter
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
