[GF-Users] Postfix TLSRPT
Michael Webb
michael.webb at integrilog.com
Tue Jun 17 02:11:15 MST 2025
Peter. Agreed, thank you. 0777 is a bad idea, but my point was more that there is something else going on beyond regular file permissions preventing the socket connection on your build. I have since found that selinux is blocking the connection.
>From my selinux audit log:
------------------------------------
type=AVC msg=audit(1750140768.442:846): avc: denied { write } for pid=3168 comm="smtp" name="tlsrpt-collectd.socket" dev="tmpfs" ino=1223 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file permissive=0
I then confirmed postfix_smtp_t is the culprit
audit2allow -a
#============= postfix_smtp_t ==============
allow postfix_smtp_t unconfined_service_t:unix_dgram_socket sendto;
allow postfix_smtp_t var_run_t:sock_file write;
#After setting the following, the gf postfix connection is working normally (with 0660) (and I can retire my custom build, yay)
semanage permissive -a postfix_smtp_t
Thanks also for sharing your compiler info in previous email. It was very informative to see how much more you are doing with your build, folder path selection and how you also use it to make the build rpm ready. I truly appreciate how much TLC that has gone into the project. Huge thank you!
Mike
-----Original Message-----
From: users-bounces at lists.ghettoforge.org <users-bounces at lists.ghettoforge.org> On Behalf Of Peter
Sent: Monday, June 16, 2025 10:40 PM
To: users at lists.ghettoforge.org
Subject: Re: [GF-Users] Postfix TLSRPT
On 17/06/25 16:23, Peter wrote:
>> Coincidentally I got the same error in my self-compiled system and I resolved by setting "socketmode = 0777" in collectd.cfg but it does not seem to help on the gf postfix install. I will keep looking and testing and report back if I find anything.
>
> It's generally not a good idea to set perms to 777, we should look at
> the user and group settings on the socket and go from there.
Try this:
socketmode = 0660
socketgroup = postfix
socketuser = tlsrpt
...also try with 0666 and 0770 and let me know which combinations work.
Peter
_______________________________________________
users mailing list
users at lists.ghettoforge.org
http://lists.ghettoforge.org/mailman/listinfo/users
More information about the users
mailing list