Problems with Postfix

[bmalek]

I tried following the directions about 'The Perfect Setup' for SuSE 10.1 for my email server and finally got it to work, but now I am having issues with error messages!!

In my /var/log/mail file I get tons of:
Jul 6 18:15:17 <server> postfix/qmgr[8226]: warning: connect to transport error: Operation not permitted

and in my /var/log/messages file I get tons of:
Jul 6 18:19:17 <server> kernel: audit(1183738757.049:122): REJECTING w access to /var/spool/postfix/private/error (qmgr(8226) profile /usr/lib/postfix
/qmgr active /usr/lib/postfix/qmgr)

I tried looking around on Google for some help, but I can't find anyone having issues with the 'error' part of postfix.

Anyone that can offer some advice would be greatly appreciated!

Thanks,
Brian

[mwatkins]

Seems likely to be an ownership/permissions issue. Are you running postfix as a specific user? (eg: postfix). Who owns the directory (and those below it) /var/spool/postfix ?

[bmalek]

The user is postfix in group postfix.

I tried:
chown -R postfix private
chgrp -R postfix private

And I get:
Jul 6 20:22:11 <server> kernel: audit(1183746131.482:251): REJECTING access to capability 'dac_override' (postqueue(12006) profile /usr/sbin/postqueue
active /usr/sbin/postqueue)
Jul 6 20:22:11 <server> kernel:
Jul 6 20:22:11 <server> kernel: audit(1183746131.482:252): REJECTING access to capability 'dac_read_search' (postqueue(12006) profile /usr/sbin/postqu
eue active /usr/sbin/postqueue)
Jul 6 20:22:11 <server> kernel:
Jul 6 20:22:11 <server> kernel: audit(1183746131.578:253): REJECTING w access to /var/spool/postfix/private/error (qmgr(12002) profile /usr/lib/postfi
x/qmgr active /usr/lib/postfix/qmgr)

[bmalek]

Interesting!

I can get it to work by stopping AppArmor (not even sure what that is!!).

rcapparmor stop - restart postfix, and no more error messages!

[mwatkins]

AppArmor - not familiar with it - ought to permit the postfix user to access files it owns.

Perhaps you should double check that Postfix is indeed running as the postfix user. Try this:

% ps axu | grep qmgr

Code:

postfix  97645  0.0  0.1  3804 1612  ??  S    28Jun07   0:06.19 qmgr -l -t fifo -u

If postfix is in the first column, then it is indeed running as that user. If not, there's something to follow up on.

[bmalek]

postfix 14249 0.0 0.1 24080 2256 ? S 20:54 0:00 qmgr -l -t fifo -u

It is running with the postfix user...

I found another thread on a website that suggested the AppArmor fix. It seems it is something that comes with SuSE.

[mwatkins]

Perhaps its a localized permissions issue then. Looking at one of the error messages you posted, we could start looking at the private/error dir and related. What are the file permissions and ownership of /var/spool/private/ and below? Mine:

Code:

...
srw-rw-rw-  1 postfix  wheel  0 Jun 25 06:52 discard
srw-rw-rw-  1 postfix  wheel  0 Jun 25 06:52 error
srw-rw-rw-  1 postfix  wheel  0 Jun 25 06:52 ifmail
srw-rw-rw-  1 postfix  wheel  0 Jun 25 06:52 lmtp
srw-rw-rw-  1 postfix  wheel  0 Jun 25 06:52 local
...

The user postfix belongs to both postfix and mail groups on my systems.

If that isn't it, then I guess you'll have to chase down the apparmour folks.

[bmalek]

All of mine are:
srw-rw-rw- 1 postfix postfix 0 2007-07-06 20:54 error

*shrug* - I don't pretend to understand sometimes