EnGarde Secure Linux

[ram]

I have setup smtp with TLS, in permissive mode all works fine, but it just hanges on connect in enforceing. The Problem seems to be the SE permisssions to the cert file which I placed in /etc/postfix/tls. I have tried several different types, roles and context for this file. Should the cert be placed in a different directory and what shoud the user, role and type be set to.

[eric]

ram,

This is definitely a policy issue, but without recreating the situation on a test network, it is difficult to fix. It could either be a problem getting to the cert file or it could be an issue binding to the ssmtp port (465).

Can you open up a bug report (http://bugs.engardelinux.org/) and submit all the necessary information for us to reproduce it. Also please include the SELinux policy "permission denied" messages. Thanks.

Eric

[ram]

Ok,
Before I open a bug report, I will rebuild this server, its only a test server atm. Just to make sure it wasnt something else I did, and to make it easier for you guys. I am not running it on the smtps port 465, it is still running on the standard smtp port 25 but gives the 250 STARTTLS option on a EHLO. Not sure if that makes any difference.

ram

[eric]

ram,

It actually does make a difference. Since SELinux requires policies that allow for access to specific ports, There are no booleans that allow for postfix to bind to any other port besides 25. Therefore by you ensuring that postfix is only listening on port 25, that takes that variable out of the picture.

Eric

[ram]

Ok,
I submitted the bug report, the main problem seems to be tlsmgr access to /dev/urandom but there are some other erros in the logs as well. Hope the report is understandable.

[eric]

ram,

Thanks for the help. We will look into the issue as soon as possible and work to get it resolved.

Eric