[Dovecot] Fwd: Dovecot cannot connect to PostgreSQL server
Chris Vaas
chrisvaas at gmail.com
Mon Apr 28 07:15:48 UTC 2014
On Mon, Apr 28, 2014 at 9:11 AM, Steffen Kaiser <
skdovecot at smail.inf.fh-brs.de> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Mon, 28 Apr 2014, Chris Vaas wrote:
>
> On Mon, Apr 28, 2014 at 8:43 AM, Steffen Kaiser <
>> skdovecot at smail.inf.fh-brs.de> wrote:
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> On Sun, 27 Apr 2014, Chris Vaas wrote:
>>>
>>> [fixed ugly top posting]
>>>
>>> On Sat, Apr 26, 2014 at 11:39 PM, Steffen <
>>> skdovecot at smail.inf.fh-brs.de
>>>
>>>> wrote:
>>>>>
>>>>
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>
>>>>> Hash: SHA1
>>>>>
>>>>> Chris Vaas wrote:
>>>>>
>>>>> I am currently facing the following log output:
>>>>>>
>>>>>> Apr 26 16:40:28 h2290750 dovecot: auth: Error: pgsql(localhost):
>>>>>> Connect failed to database mail: could not connect to server:
>>>>>> Permission denied Apr 26 16:40:28 h2290750 dovecot: auth: Error:
>>>>>> #011Is the server running on host "localhost" (::1) and accepting
>>>>>> Apr 26 16:40:28 h2290750 dovecot: auth: Error: #011TCP/IP
>>>>>> connections on port 5432?
>>>>>>
>>>>>> I have double checked the database. It is listening correctly and I
>>>>>> can connect to it via
>>>>>>
>>>>>> psql -U mailreader mail
>>>>>>
>>>>>> I provided all necessary information to dovecot via this
>>>>>> configuration snippet:
>>>>>>
>>>>>> driver = pgsql connect = host=localhost dbname=mail user=mailreader
>>>>>> password=secret default_pass_scheme = SHA512
>>>>>>
>>>>>>
>>>>> does Postgres allow connections on "host ::1" for user mailreader ?
>>>>> Actually I wonder, because I thought the Postgres lib defaults to
>>>>> "local" (socket) by default on localhost -> does Postgres allow
>>>>> connections on "local" for mailreader? Permissions are configured in
>>>>> pg_hba.conf, but -> Does Postgres logs something? It should if PG
>>>>> denies the connection.
>>>>>
>>>>>
>>>> I set the host to 127.0.0.1 now. And my pg_hba.conf looks like that:
>>>
>>>>
>>>> # TYPE DATABASE USER ADDRESS METHOD
>>>> # Mail stuff
>>>> host mail mailreader 127.0.0.1/32 md5
>>>> host mail mailreader ::1/128 md5
>>>> local all all md5
>>>> host all all 127.0.0.1/32 ident
>>>> host all all ::1/128 ident
>>>>
>>>>
>>> What about the "Does Postgres logs something?"
>>>
>>>
>> The log under /var/logs/pgsql is completely empty.
>>
>
> In addition to Aleksandar's question: Does Postgres runs at all?
>
>
>>> Do you have SELinux or something like that running?
>>> What about this question?
>>>
>>
>> I do have a SELinux up and running, yeah.
>>
>
> Did you've checked its logs, e.g. (pretty old):
> http://linux.derkeiler.com/Mailing-Lists/Fedora/2006-03/msg05342.html
>
- -- Steffen Kaiser
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
>
> iQEVAwUBU13/FXz1H7kL/d9rAQLjbQf+IQV/jSAj+fvxCaIgxgzktUuJenONp5Za
> LrxYEQ79YelD5ljH1Ms1cYyegp5+8ecHsp0Fc850ZBeEYsplfZjfvAoPP4lO+cdH
> GOPt3+zniEdeEVMVFfOokyTGjSPWbRrlb5r/wWYj6pU35pkw1pK3M6hPxF2Y6grm
> poLMdHvaktwIr9STtqu1JTOxRffLgW5qh1AcQwJ+BoNs+h0MKs7ddqgnfeV9bKZx
> rmyOuAU36QnNcv+LJQJSiJMFw1pejS+OBvI23xYsj/04dAAiTzNHGe3doz/sF1PX
> P2zroewTEEb+lkvjUkOmukLuTlLnCAVgdHyWZF37c5vML9HD7Xyqrg==
> =e13N
> -----END PGP SIGNATURE-----
>
It is running, yes. I can connect from my local machine to the server
without a flaw.
About SELinux:
I just looked into my SELinux audit log and found the following denial.
type=AVC msg=audit(1398609990.493:280): avc: denied { name_connect } for
pid=5964 comm="auth" dest=5432
scontext=unconfined_u:system_r:dovecot_auth_t:s0
tcontext=system_u:object_r:postgresql_port_t:s0 tclass=tcp_socket
There seems to be a good chance, that this is my problem, doesn't it? But
how can I allow the connection?
Cheers
Chris
More information about the dovecot
mailing list