2016-12-22 18:30:26 |
Nathaniel Homier |
description |
Installing Postfix and Dovecot and setting them up as explained at https://help.ubuntu.com/lts/serverguide/postfix.html
Then setting all apparmor profiles including Postfix and Dovecot to enforce mode.
Postfix fails to send a TLS protected email because Dovecot can't connect to /var/spool/postfix/auth/private because when Dovecot's apparmor profile is set to enforce mode, apparmor denies Dovecot access to /var/spool/postfix/auth/private.
Syslog
apparmor="DENIED" operation="connect" profile="/usr/lib/dovecot/auth" name="/run/dovecot/anvil-auth-penalty" pid=8251 comm="auth" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
apparmor="DENIED" operation="open" profile="/usr/lib/dovecot/auth" name="/run/dovecot/stats-user" pid=8251 comm="auth" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
apparmor="DENIED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 profile="/usr/lib/dovecot/log" name="run/systemd/journal/dev-log" pid=8093 comm="log" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
apparmor="DENIED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 profile="/usr/lib/dovecot/log" name="run/systemd/journal/dev-log" pid=8093 comm="log" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
apparmor="DENIED" operation="file_perm" profile="/usr/lib/dovecot/auth" name="/var/spool/postfix/private/auth" pid=8251 comm="auth" requested_mask="w" denied_mask="w" fsuid=129 ouid=130
apparmor="DENIED" operation="file_perm" profile="/usr/lib/dovecot/auth" name="/var/spool/postfix/private/auth" pid=8251 comm="auth" requested_mask="w" denied_mask="w" fsuid=129 ouid=130
Dec 22 10:38:20 frontier postfix/master[1516]: warning: process /usr/lib/postfix/sbin/smtpd pid 8248 exit status 1 |
lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.10
Release: 16.10
Codename: yakkety
Installing Postfix and Dovecot and setting them up as explained at https://help.ubuntu.com/lts/serverguide/postfix.html
Then setting all apparmor profiles including Postfix and Dovecot to enforce mode.
Postfix fails to send a TLS protected email because Dovecot can't connect to /var/spool/postfix/auth/private because when Dovecot's apparmor profile is set to enforce mode, apparmor denies Dovecot access to /var/spool/postfix/auth/private.
Syslog
apparmor="DENIED" operation="connect" profile="/usr/lib/dovecot/auth" name="/run/dovecot/anvil-auth-penalty" pid=8251 comm="auth" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
apparmor="DENIED" operation="open" profile="/usr/lib/dovecot/auth" name="/run/dovecot/stats-user" pid=8251 comm="auth" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
apparmor="DENIED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 profile="/usr/lib/dovecot/log" name="run/systemd/journal/dev-log" pid=8093 comm="log" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
apparmor="DENIED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 profile="/usr/lib/dovecot/log" name="run/systemd/journal/dev-log" pid=8093 comm="log" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
apparmor="DENIED" operation="file_perm" profile="/usr/lib/dovecot/auth" name="/var/spool/postfix/private/auth" pid=8251 comm="auth" requested_mask="w" denied_mask="w" fsuid=129 ouid=130
apparmor="DENIED" operation="file_perm" profile="/usr/lib/dovecot/auth" name="/var/spool/postfix/private/auth" pid=8251 comm="auth" requested_mask="w" denied_mask="w" fsuid=129 ouid=130
Dec 22 10:38:20 frontier postfix/master[1516]: warning: process /usr/lib/postfix/sbin/smtpd pid 8248 exit status 1 |
|