Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 227184 - spamd avc connect to smtp for reporting spam
Summary: spamd avc connect to smtp for reporting spam
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 6
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-02-02 22:17 UTC by Michael De La Rue
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-08-22 14:03:05 UTC


Attachments (Terms of Use)

Description Michael De La Rue 2007-02-02 22:17:16 UTC
Description of problem:
When running spamc -C report < <email-in-file>
selinux denies are generated as follows

type=AVC msg=audit(1170454005.846:70): avc:  denied  { name_connect } for 
pid=8951 comm="spamd" dest=587 scontext=system_u:system_r:spamd_t:s0-s0:c0.c1023
tcontext=system_u:object_r:smtp_port_t:s0 tclass=tcp_socket


Version-Release number of selected component (if applicable):
selinux-policy-2.4.6-27.fc6
spamassassin-3.1.7-5.fc6

How reproducible:
every time

Steps to Reproduce:
1. service spamd start
2. spamc -C report < <spam-email>
3.
  
Actual results:
the report fails and spamd gives an error like so in /var/log/maillog
Feb  2 22:50:53 telesfor spamd[8951]: spamd: setuid to mikedlr succeeded 
Feb  2 22:50:54 telesfor spamd[8951]: reporter: SpamCop report to
vmx1.spamcop.net failed: Net::SMTP error 
Feb  2 22:50:54 telesfor spamd[8951]: reporter: SpamCop report to
vmx2.spamcop.net failed: Net::SMTP error 
Feb  2 22:50:54 telesfor spamd[8951]: reporter: could not report spam to SpamCop 
Feb  2 22:50:54 telesfor spamd[8951]: reporter: no reporting methods available,
so couldn't report 


Expected results:
maillog should show something like this (which was created with setenforce 0)
Feb  2 23:06:45 telesfor spamd[8951]: spamd: connection from
localhost.localdomain [127.0.0.1] at port 46803 
Feb  2 23:06:45 telesfor spamd[8951]: spamd: setuid to mikedlr succeeded 
Feb  2 23:06:51 telesfor spamd[8951]: reporter: spam reported to SpamCop 
Feb  2 23:06:51 telesfor spamd[8951]: spamd: Tell: Setting remote for
mikedlr:500 in 6.4 seconds, 2457 bytes 


Additional info:
work around: use "spamassassin --report" instead

Comment 1 Daniel Walsh 2007-02-05 20:40:26 UTC
Fixed in selinux-policy-2.4.6-36

Comment 2 Daniel Walsh 2007-08-22 14:03:05 UTC
Closed as all fixes are in the current release


Note You need to log in before you can comment on or make changes to this bug.