Matt Kinni <matt@xxxxxxxxxxx> writes: > Hello, I run a Fedora 35 server and would like setroubleshootd to send email alerts for avc denials, but I'm having trouble configuring this due to the apparent lack of support for configuring an smtp password. > > The out of the box setroubleshoot.conf sets >> smtp_host = localhost >> smtp_port = 25 >> from_address = SELinux_Troubleshoot > , but there is no config parameter for smtp password. > > For this to actually work on a machine acting as an MTA (I have postfix running locally), the mail server would have to be configured to allow unauthenticated port 25 connections to masquerade as any local system user, which no decent postfix setup would allow. > > I am not a python programmer, but in my reading of https://pagure.io/setroubleshoot/blob/main/f/framework/src/setroubleshoot/email_alert.py, it doesn't appear there is any built in way to support authenticated email sending despite the underlying smtplib being able to do it. > > I would suggest either a) adding password support for smtplib, or/and b) adding an option to send mail using the sendmail binary, which allows postfix to recognize the running user without any password needed. > > Has anyone else run into problems deploying the setroubleshootd email alerts in practice? email_alert.py appears simple enough to hack in password support, but I feel a security oriented project like selinux shouldn't require an insecure mail setup in order to send its alerts. > Hello, I'd rather avoid storing or using passwords directly in setroubleshoot but it's simple to add another option to setroubleshoot.conf which would enforce using local 'sendmail' binary instead of smtp_host. Please take a look at https://gitlab.com/setroubleshoot/setroubleshoot/-/merge_requests/15 and let me know if this would be acceptable for you. Thanks, Petr _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
