On Tuesday 20 December 2005 18:29, Alexey Tarasov <glorg@xxxxx> wrote: > Problem 1. > Installed: sendmail-8.3.14, milter-greylist-2.0.2, > selinux-policy-targeted-1.27.2-19 > > starting sendmail from init results in: > maillog > --- > sendmail[1997]: NOQUEUE: SYSERR(root): /etc/mail/sendmail.cf: line 1674: > Xgreylist: local socket name /var/milter-greylist/milter-greylist.sock > unsafe: Permission denied The problem here is that there is no policy for greylist-milter (or any other milter for that matter). Currently there is policy for postgrey (the Postfix greylisting daemon which uses an interface that's conceptually identical to milter). I considered changing that to a greylisting policy, but that doesn't seem to be the correct solution. I am thinking of now writing a milter policy that is not specific to mail servers (which means I can't call it a "milter" policy as the term "milter" is specific to Sendmail - I need to find a suitable generic term for a MTA helper program). The idea is that the generic mta-helper policy will initially support postgrey and greylist-milter (the two I'm most aware of) and with small modifications to the fc file most milter-type programs. I'm sure that some milters will have different requirements, but a policy for generic milters won't preclude having specific policies for milters that need it. Of course this would mean that you can have a set of milters that all have access to interfere with each other, is it common to have multiple milters running in a situation where there is a great need to isolate them from each other? With the Postfix policy I used many domains, but I don't want to always be so free with creating new domains. With Postfix there is a limit to how many domains will be needed. But the number of milter programs can grow without limit (there's even a blog at http://www.milter.org/ to inform us about all the new milters that are being written). So we want to restrict the number of milters that get specific policy both to limit the size of the policy and the difficulty of users getting working systems. Comments? -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
