Unable to send and email in Plesk on server with SELinux enabled: Unable to open file /var/lib/plesk/mail/srs/secret: Permission denied

Symptoms

• Unable to send and email to [email protected], below error can be found in /var/log/maillog:

  Apr 24 21:29:57 mail postfix/cleanup[327]: warning: read TCP map reply from 127.0.0.1:12346: malformed reply: Unable to open file /var/lib/plesk/mail/srs/secret: Permission denied
  Apr 24 21:29:57 mail postfix/cleanup[327]: warning: tcp:127.0.0.1:12346 lookup error for "[email protected]"
  Apr 24 21:29:57 mail postfix/cleanup[327]: warning: 12604E131B: recipient_canonical_maps map lookup problem for [email protected] -- message not accepted, try again later

• In /var/log/audit/audit.log below denied message can be found:

  type=AVC msg=audit(1524598331.078:35761): avc: denied { read } for pid=450 comm="postfix-srs" name="secret" dev=dm-0 ino=136160 scontext=unconfined_u:system_r:postfix_master_t:s0 tcontext=unconfined_u:object_r:mail_spool_t:s0 tclass=file

  type=AVC msg=audit(1564497699.202:58977): avc: denied { open } for pid=2514 comm="postfix-srs" name="secret" dev=sda3 ino=788679 scontext=unconfined_u:system_r:postfix_master_t:s0 tcontext=unconfined_u:object_r:mail_spool_t:s0 tclass=file

Cause

Invalid SELinux policies.

Resolution

1. Connect to the server via SSH

2. Install audit2allow utility:

   # yum install policycoreutils-python

3. Create allow policy for postfix-srs:

   Note: If the error persists, run again the following commands

   # grep postfix-srs /var/log/audit/audit.log | grep denied | audit2allow -M postfix-srs
   # semodule -i postfix-srs.pp