[SOLVED] Strange Postfix Errors

mcresist · 11-17-2014, 07:56 AM

Howdy,

Xpost from the Enterprise Forum, thought I'd give Linux-Server forum a try.

I've got a CentOS 6 server (with SELinux enabled) running Postfix. Postfix is just relaying emails generated from bash scripts on the system to an exchange server.

Every once in a while this message shows up in the maillog:

Quote:

Nov 13 16:17:02 generic_server_name postfix/sendmail[25203]: warning: command "/usr/sbin/postdrop -r" exited with status 25
Nov 13 16:17:02 generic_server_name postfix/sendmail[25203]: fatal: root(0): unable to execute /usr/sbin/postdrop -r: Success

This does appear to coincide with messages not sending for a while. I haven't been able to track down the reason for this message.

I've tried disabling SELinux just in case, but the message persists.

Here's the output from postfix check:

Quote:

[root@generic_server_name ~]# postfix check
[root@generic_server_name ~]#

I've also run postfix set-permissions a couple times, it hasn't helped.

Here's the postfix version:

Quote:

[root@generic_server_name ~]# rpm -qa | grep -i postfix
postfix-2.6.6-6.el6_5.x86_64
[root@generic_server_name ~]#

Anybody have any thoughts on this one?

Thanks in advance.

markotitel · 11-19-2014, 09:45 AM

Have you tried to run postdrop manually? What selinux log says just in case?

mcresist · 11-25-2014, 01:06 PM

Hi There,

Thanks for the reply, I swear i checked this before but I clearly missed this message in /var/log/audit/audit.log:

Quote:

type=ANOM_ABEND msg=audit(1416942182.304:69620): auid=0 uid=0 gid=0 ses=8927 sub
j=system_u:system_r

ostfix_postdrop_t:s0-s0:c0.c1023 pid=18544 comm="postdrop"
sig=25

I've never seen a AMOM_ABEND type before, I'm doing the google thing trying to figure out what that means. I ran the 'sealert' tool against /var/log/audit/audit.log and it didn't find anything regarding postfix.

Edit:

I've also tried swapping out /etc/postfix/* from a working postfix installation (didn't work).

I did try to run postdrop -r, it doesn't log the same message in the log:

Quote:

[root@generic_server_name ~]# echo "hello" | postdrop -r
queue_id461CD3FF91postdrop: warning: stdin: unexpected EOF in data, record type 104 length 101
postdrop: fatal: uid=0: malformed input
[root@generic_server_name ~]#

mcresist · 01-20-2015, 02:12 PM

Issue is now Resolved.

Throwing this out there in case there are any other poor souls suffering from this situation.

So, the problem went away when SELinux was disabled or in PERMISSIVE mode. Leading me to believe this was an SELinux issue (duh). However, I was exceptionally confused until I read this document here: https://wiki.gentoo.org/wiki/SELinux...Hidden_denials which specifies that it is possible for SELinux to block a thing from happening and not log it.

I disabled the 'dontaudit' statements like so:

Code:

semodule --disable_dontaudit --build

And then attempted to send a message like so:

Code:

echo "Hello" | mail -s "test subject" user@domain.com

The email message didn't in my inbox and I was greeted with the same error message in /var/log/maillog as noted in my first post.

Ok, so I check the audit.log file and find these:

Code:

[root@generic_server_name ~]# grep postdrop /var/log/audit/audit.log | grep avc
type=AVC msg=audit(1421781841.991:97817): avc:  denied  { rlimitinh } for  pid=5272 comm="postdrop" scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 tcontext=system_u:system_r:postfix_postdrop_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1421781841.991:97817): avc:  denied  { siginh } for  pid=5272 comm="postdrop" scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 tcontext=system_u:system_r:postfix_postdrop_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1421781841.991:97817): avc:  denied  { noatsecure } for  pid=5272 comm="postdrop" scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 tcontext=system_u:system_r:postfix_postdrop_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1421781842.049:97819): avc:  denied  { rlimitinh } for  pid=5274 comm="postdrop" scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 tcontext=system_u:system_r:postfix_postdrop_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1421781842.049:97819): avc:  denied  { siginh } for  pid=5274 comm="postdrop" scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 tcontext=system_u:system_r:postfix_postdrop_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1421781842.049:97819): avc:  denied  { noatsecure } for  pid=5274 comm="postdrop" scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 tcontext=system_u:system_r:postfix_postdrop_t:s0-s0:c0.c1023 tclass=process
[root@generic_server_name ~]#

Then, the way forward became clear:

I used the audit2allow command:

Code:

grep postdrop /var/log/audit/audit.log | grep avc | audit2allow -M postfix_fix.pp

And inserted the SELinux module that was created:

Code:

semodule -i postfix_fix.pp

The issue is resolved.