Symptoms
-
Unable to send and email to [email protected], below error can be found in
/var/log/maillog
:Apr 24 21:29:57 mail postfix/cleanup[327]: warning: read TCP map reply from 127.0.0.1:12346: malformed reply: Unable to open file /var/lib/plesk/mail/srs/secret: Permission denied
Apr 24 21:29:57 mail postfix/cleanup[327]: warning: tcp:127.0.0.1:12346 lookup error for "[email protected]"
Apr 24 21:29:57 mail postfix/cleanup[327]: warning: 12604E131B: recipient_canonical_maps map lookup problem for [email protected] -- message not accepted, try again later -
In
/var/log/audit/audit.log
below denied message can be found:type=AVC msg=audit(1524598331.078:35761): avc: denied { read } for pid=450 comm="postfix-srs" name="secret" dev=dm-0 ino=136160 scontext=unconfined_u:system_r:postfix_master_t:s0 tcontext=unconfined_u:object_r:mail_spool_t:s0 tclass=file
type=AVC msg=audit(1564497699.202:58977): avc: denied { open } for pid=2514 comm="postfix-srs" name="secret" dev=sda3 ino=788679 scontext=unconfined_u:system_r:postfix_master_t:s0 tcontext=unconfined_u:object_r:mail_spool_t:s0 tclass=file
Cause
Invalid SELinux policies.
Resolution
-
Connect to the server via SSH
-
Install
audit2allow
utility:# yum install policycoreutils-python
-
Create allow policy for postfix-srs:
Note: If the error persists, run again the following commands
# grep postfix-srs /var/log/audit/audit.log | grep denied | audit2allow -M postfix-srs
# semodule -i postfix-srs.pp