[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: oddity with postfix delivering to homedir

Manuel Wolfshant wrote:

On 02/17/2009 07:59 PM, Daniel J Walsh wrote:

Manuel Wolfshant wrote:

Daniel J Walsh wrote:

Manuel Wolfshant wrote:

Daniel J Walsh wrote:

Manuel Wolfshant wrote:

hello
I have migrated a working mailserver from Centos 4.7 to Centos 5.2. 
The system uses postfix to receive messages from a mail relay and is
supposed to deliver them to folders named after the users, following 
the /home/firstname lastname domain template. Authentication is
done via
mysql against a db running on another system.
   New accounts are created automatically when a mail has to be
delivered to an user which has never been seen before.
   For the users which existed before migration, everything is fine.
However, for non-existing (i.e. to be created) users the homedir is
created with wrong contexts, which prohibit postfix to finalize the
delivery. Once a message is received for a new user, the following is 
created:

   [root imap2 ~]# ll -Zl /home/gigi test\ nobugconsulting ro/ -R
/home/gigi test nobugconsulting ro/:                          total
8                                                       drwx------ 2
root:object_r:home_root_t postfix postfix 4096 Feb 17 01:05 tmp 

/home/gigi test nobugconsulting ro/tmp:
total 4                               -rw------- 1
root:object_r:home_root_t        postfix postfix 0 Feb 17 01:05
1234825528.P26797.imap2
After that postfix tries to do stuff on the newly created file and 
selinux kicks in and denies access.
   Running restorecon at this point fixes things:

   [root imap2 ~]# restorecon -v -R
/home/gigi test nobugconsulting ro restorecon reset /home/gigi test nobugconsulting ro context 
root:object_r:home_root_t:s0->user_u:object_r:user_home_dir_t:s0
restorecon reset /home/gigi test nobugconsulting ro/tmp context
root:object_r:home_root_t:s0->user_u:object_r:user_home_t:s0
restorecon reset
/home/gigi test nobugconsulting ro/tmp/1234825528.P26797.imap2 context root:object_r:home_root_t:s0->user_u:object_r:user_home_t:s0 


   I am running the following versions of packages:

[root imap2 ~]# rpm -qa kernel\* \*selinux\* postfix\*
kernel-xen-2.6.18-92.1.22.el5
libselinux-utils-1.33.4-5.1.el5
selinux-policy-targeted-2.4.6-203.el5
libselinux-1.33.4-5.1.el5
libselinux-python-1.33.4-5.1.el5
selinux-policy-2.4.6-203.el5
postfix-2.3.3-2.1.centos.mysql_pgsql

   Selinux related packages have been upgraded last night in the
hope to
fix the problem, postfix is almost stock centosplus 5.2, recompiled
with
support for mysql but without postgresql- support.

   Obviously I no not want to follow the result of  audit2allow,
home_root_t:dir should not be there in the first place:
[root imap2 ~]# grep avc /var/log/audit/audit.log|audit2allow

#============= postfix_virtual_t ==============
allow postfix_virtual_t home_root_t:dir { write remove_name create
add_name };
allow postfix_virtual_t home_root_t:file { write create unlink link
getattr };
allow postfix_virtual_t postfix_private_t:dir search;
allow postfix_virtual_t postfix_private_t:sock_file write;
allow postfix_virtual_t usr_t:file { read getattr };

   Correct access rights and contexts seem to be:
[root imap2 ~]# ls -l /home/ -dZ
drwxr-xr-x+ postfix postfix system_u:object_r:home_root_t    /home/
[root imap2 ~]# ls -l /home/gigi test\ nobugconsulting ro/ -dZ
drwx------  postfix postfix user_u:object_r:user_home_dir_t
/home/gigi test nobugconsulting ro/

   The only user on the system (beside root) is postfix:
[root imap2 ~]# getent passwd postfix
postfix:x:89:89::/var/spool/postfix:/sbin/nologin

[...]

   My questions are
a) why does postfix create the initial home directories with a wrong
context ? Note this only happens for NEW users, messages for the users which already existed [and have correct context] on the old system are 
perfectly fine.
Does postfix actually create the homedir or was the homedir created by an init script? postfix does not know anything about SELinux but there 
are rules about processes running as postfix_t creating files in
user_home_dir_t directories. In your case it seems that the directory 
was labeled home_root_t, which is where the problem is.


/home exists;  everything below it is created (and should be created
with correct contexts) by postfix in real time


Why is postfix creating a homedir?

Because that's where all the virtual users have their mails.



   I have never seen this before.
That is where the problem is, selinux policy does not allow postfix to
create directories under /home (home_root_t), so it is being blocked.


I am sorry, I do not remember from which site was the setup taken. 4
years or so since I installed it the first time in Centos 4.2, but if I
am not mistaken it's an almost exact replica of the setup suggested by
postfixadmin



So postfix_virtual creates the homedir just to put a file in it and then
 send  it somewhere else?

If this is standard I can allow it, although it seems pretty strange.
To be honest, I am not 100% sure how standard that is, although I am pretty sure that delivering to home dirs is not uncommon. Fact is that (in my case) postfix is the only user on the box and owns all the directories created below /home. Technically I presume that the whole structure could be moved anywhere else, but 4 years ago /home seemed a logical place, even if all users are virtual and defined in mysql. Basically when doing a deliver, postfix uses maildirmake to create the top-level directory assigned to any specific user, leading to a tree like this: 
   /home
   /home/specific.user
   /home/specific.user/cur  (cur stands for current)
   /home/specific.user/tmp
   /home/specific.user/new
The structure gets created when the very first message for a user is received. As far as I have understood (it always "just worked" so I never did in-depth digging), messages are first created in /home/specific.user/tmp and after that copied to the final delivery place i.e. /home/specific.user/new. Once the user reads the message (via an imap / pop daemon), the message is transferred to /home/specific.user/cur (or to other folders, created via the IMAP daemon, but all of them placed below /home/specific.user)
This looks like standard delivery to maildir operation, with the addition of having the mailboxes in virtual user home directories under /home that are auto-created when necessary.
Given that there are no other users on the system, I wonder if everything would work smoothly if you made /home and everything underneath it mail_spool_t ? 

Paul.
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]