[Dovecot] Fwd: Dovecot cannot connect to PostgreSQL server

Chris Vaas chrisvaas at gmail.com
Mon Apr 28 07:15:48 UTC 2014


On Mon, Apr 28, 2014 at 9:11 AM, Steffen Kaiser <
skdovecot at smail.inf.fh-brs.de> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Mon, 28 Apr 2014, Chris Vaas wrote:
>
>  On Mon, Apr 28, 2014 at 8:43 AM, Steffen Kaiser <
>> skdovecot at smail.inf.fh-brs.de> wrote:
>>
>>  -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> On Sun, 27 Apr 2014, Chris Vaas wrote:
>>>
>>> [fixed ugly top posting]
>>>
>>>  On Sat, Apr 26, 2014 at 11:39 PM, Steffen <
>>> skdovecot at smail.inf.fh-brs.de
>>>
>>>> wrote:
>>>>>
>>>>
>>>>  -----BEGIN PGP SIGNED MESSAGE-----
>>>>
>>>>> Hash: SHA1
>>>>>
>>>>> Chris Vaas wrote:
>>>>>
>>>>>  I am currently facing the following log output:
>>>>>>
>>>>>> Apr 26 16:40:28 h2290750 dovecot: auth: Error: pgsql(localhost):
>>>>>> Connect failed to database mail: could not connect to server:
>>>>>> Permission denied Apr 26 16:40:28 h2290750 dovecot: auth: Error:
>>>>>> #011Is the server running on host "localhost" (::1) and accepting
>>>>>> Apr 26 16:40:28 h2290750 dovecot: auth: Error: #011TCP/IP
>>>>>> connections on port 5432?
>>>>>>
>>>>>> I have double checked the database. It is listening correctly and I
>>>>>> can connect to it via
>>>>>>
>>>>>> psql -U mailreader mail
>>>>>>
>>>>>> I provided all necessary information to dovecot via this
>>>>>> configuration snippet:
>>>>>>
>>>>>> driver = pgsql connect = host=localhost dbname=mail user=mailreader
>>>>>> password=secret default_pass_scheme = SHA512
>>>>>>
>>>>>>
>>>>> does Postgres allow connections on "host ::1" for user mailreader ?
>>>>> Actually I wonder, because I thought the Postgres lib defaults to
>>>>> "local" (socket) by default on localhost -> does Postgres allow
>>>>> connections on "local" for mailreader? Permissions are configured in
>>>>> pg_hba.conf, but -> Does Postgres logs something? It should if PG
>>>>> denies the connection.
>>>>>
>>>>>
>>>>   I set the host to 127.0.0.1 now. And my pg_hba.conf looks like that:
>>>
>>>>
>>>> # TYPE  DATABASE        USER            ADDRESS                 METHOD
>>>> # Mail stuff
>>>> host    mail            mailreader      127.0.0.1/32            md5
>>>> host    mail            mailreader      ::1/128                 md5
>>>> local   all             all                                     md5
>>>> host    all             all             127.0.0.1/32            ident
>>>> host    all             all             ::1/128                 ident
>>>>
>>>>
>>> What about the "Does Postgres logs something?"
>>>
>>>
>> The log under /var/logs/pgsql is completely empty.
>>
>
> In addition to Aleksandar's question: Does Postgres runs at all?
>
>
>>>  Do you have SELinux or something like that running?
>>> What about this question?
>>>
>>
>> I do have a SELinux up and running, yeah.
>>
>
> Did you've checked its logs, e.g. (pretty old):
> http://linux.derkeiler.com/Mailing-Lists/Fedora/2006-03/msg05342.html
>
- -- Steffen Kaiser
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
>
> iQEVAwUBU13/FXz1H7kL/d9rAQLjbQf+IQV/jSAj+fvxCaIgxgzktUuJenONp5Za
> LrxYEQ79YelD5ljH1Ms1cYyegp5+8ecHsp0Fc850ZBeEYsplfZjfvAoPP4lO+cdH
> GOPt3+zniEdeEVMVFfOokyTGjSPWbRrlb5r/wWYj6pU35pkw1pK3M6hPxF2Y6grm
> poLMdHvaktwIr9STtqu1JTOxRffLgW5qh1AcQwJ+BoNs+h0MKs7ddqgnfeV9bKZx
> rmyOuAU36QnNcv+LJQJSiJMFw1pejS+OBvI23xYsj/04dAAiTzNHGe3doz/sF1PX
> P2zroewTEEb+lkvjUkOmukLuTlLnCAVgdHyWZF37c5vML9HD7Xyqrg==
> =e13N
> -----END PGP SIGNATURE-----
>

It is running, yes. I can connect from my local machine to the server
without a flaw.

About SELinux:
I just looked into my SELinux audit log and found the following denial.

type=AVC msg=audit(1398609990.493:280): avc:  denied  { name_connect } for
 pid=5964 comm="auth" dest=5432
scontext=unconfined_u:system_r:dovecot_auth_t:s0
tcontext=system_u:object_r:postgresql_port_t:s0 tclass=tcp_socket

There seems to be a good chance, that this is my problem, doesn't it? But
how can I allow the connection?

Cheers
Chris


More information about the dovecot mailing list