I setup postfix/dovecot on a new machine and now all works well with the small exception of dovecot triggering selinux avc denials on some temp... files here is a sample alert:
Summary SELinux is preventing /usr/libexec/dovecot/deliver (dovecot_deliver_t) "link" to temp.localhost.678.40caaf5592891c46 (user_home_dir_t).
Detailed Description SELinux denied access requested by /usr/libexec/dovecot/deliver. It is not expected that this access is required by /usr/libexec/dovecot/deliver and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.
Allowing Access Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for temp.localhost.678.40caaf5592891c46, restorecon -v temp.localhost.678.40caaf5592891c46 If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.
Additional Information
Source Context user_u:system_r:dovecot_deliver_t Target Context user_u:object_r:user_home_dir_t Target Objects temp.localhost.678.40caaf5592891c46 [ file ] Affected RPM Packages dovecot-1.0.7-16.fc7 [application] Policy RPM selinux-policy-2.6.4-63.fc7 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name plugins.catchall_file Host Name localhost Platform Linux localhost 2.6.23.8-34.fc7 #1 SMP Thu Nov 22 23:05:33 EST 2007 i686 athlon Alert Count 1 First Seen Tue 01 Jan 2008 09:29:35 PM EST Last Seen Tue 01 Jan 2008 09:29:35 PM EST Local ID 507dd6a2-da46-4541-8c10-a0771bc85042 Line Numbers
Raw Audit Messages
avc: denied { link } for comm="deliver" dev=dm-0 egid=5000 euid=5000 exe="/usr/libexec/dovecot/deliver" exit=0 fsgid=5000 fsuid=5000 gid=5000 items=0 name="temp.localhost.678.40caaf5592891c46" pid=678 scontext=user_u:system_r:dovecot_deliver_t:s0 sgid=5000 subj=user_u:system_r:dovecot_deliver_t:s0 suid=5000 tclass=file tcontext=user_u:object_r:user_home_dir_t:s0 tty=(none) uid=5000
and 5000 is user vmail.
When I look for these files that it is complaining about they are never in the filesystem. I get about 8 alerts with every email that is delivered. Right now I have SELinux set to permissive so that the mail gets delivered but I would like to find the cause of this problem so that I can set it back to enforcing.
????
Gerry