[Dovecot] Fwd: Dovecot cannot connect to PostgreSQL server

Chris Vaas chrisvaas at gmail.com
Mon Apr 28 07:08:05 UTC 2014 

On Mon, Apr 28, 2014 at 8:51 AM, Chris Vaas <chrisvaas at gmail.com> wrote:

> On Mon, Apr 28, 2014 at 8:43 AM, Steffen Kaiser <
> skdovecot at smail.inf.fh-brs.de> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On Sun, 27 Apr 2014, Chris Vaas wrote:
>>
>> [fixed ugly top posting]
>>
>>  On Sat, Apr 26, 2014 at 11:39 PM, Steffen <skdovecot at smail.inf.fh-brs.de
>>> >wrote:
>>>
>>>  -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>>
>>>> Chris Vaas wrote:
>>>>
>>>>> I am currently facing the following log output:
>>>>>
>>>>> Apr 26 16:40:28 h2290750 dovecot: auth: Error: pgsql(localhost):
>>>>> Connect failed to database mail: could not connect to server:
>>>>> Permission denied Apr 26 16:40:28 h2290750 dovecot: auth: Error:
>>>>> #011Is the server running on host "localhost" (::1) and accepting
>>>>> Apr 26 16:40:28 h2290750 dovecot: auth: Error: #011TCP/IP
>>>>> connections on port 5432?
>>>>>
>>>>> I have double checked the database. It is listening correctly and I
>>>>> can connect to it via
>>>>>
>>>>> psql -U mailreader mail
>>>>>
>>>>> I provided all necessary information to dovecot via this
>>>>> configuration snippet:
>>>>>
>>>>> driver = pgsql connect = host=localhost dbname=mail user=mailreader
>>>>> password=secret default_pass_scheme = SHA512
>>>>>
>>>>
>>>> does Postgres allow connections on "host ::1" for user mailreader ?
>>>> Actually I wonder, because I thought the Postgres lib defaults to
>>>> "local" (socket) by default on localhost -> does Postgres allow
>>>> connections on "local" for mailreader? Permissions are configured in
>>>> pg_hba.conf, but -> Does Postgres logs something? It should if PG
>>>> denies the connection.
>>>>
>>>
>>  I set the host to 127.0.0.1 now. And my pg_hba.conf looks like that:
>>>
>>> # TYPE  DATABASE        USER            ADDRESS                 METHOD
>>> # Mail stuff
>>> host    mail            mailreader      127.0.0.1/32            md5
>>> host    mail            mailreader      ::1/128                 md5
>>> local   all             all                                     md5
>>> host    all             all             127.0.0.1/32            ident
>>> host    all             all             ::1/128                 ident
>>>
>>
>> What about the "Does Postgres logs something?"
>>
>
> The log under /var/logs/pgsql is completely empty.
>
>>
>>  Do you have SELinux or something like that running?
>>>>
>>>
>> What about this question?
>>
>
> I do have a SELinux up and running, yeah.
>
>>
>>
>
>>  I remember that I had a server that had wrong permissions on:
>>>>
>>>> ls -al /var/run/postgresql
>>>>
>>>> drwxrwsr-x  2 postgres postgres 4096 Feb 10 07:32 ./
>>>> srwxrwxrwx  1 postgres postgres    0 Apr 26 23:15 .s.PGSQL.5432=
>>>>
>>>> the .s.PGSQL. socket is the local socket usually used for localhost
>>>> connections and automatically found by libpg.
>>>>
>>>
>>  The folder /var/run/postgresql is not existing on my machine.
>>>
>>
>> - -- Steffen Kaiser
>
>
> - Chris
>
>
I just looked into my SELinux audit log and found the following denial.

type=AVC msg=audit(1398609990.493:280): avc:  denied  { name_connect } for
 pid=5964 comm="auth" dest=5432
scontext=unconfined_u:system_r:dovecot_auth_t:s0
tcontext=system_u:object_r:postgresql_port_t:s0 tclass=tcp_socket

There seems to be a good chance, that this is my problem, doesn't it? But
how can I allow the connection?

Cheers
Chris

More information about the dovecot mailing list