Use Maildir with Postfix and Dovecot AND SELinux!

Okay, we have a classic setup where we use Postfix and Dovecot together to handle your mail.

For storing your mail you use Maildir, which basically puts all the mail related business in a home directory under Maildir/

Now, you want to be secure and use SELinux. But wait… There are no booleans for postfix_use_homedir or dovecot_use_homedir! Well, hopefully I can help you a bit in the way and give you a working solution:

First we make a security policy module for postfix:

mkdir ~/postfix_selinux
cd ~/postfix_selinux
cat > postfix_maildir_access.te
module postfix_maildir_access 1.0;
require {
 type postfix_local_t;
 type home_root_t;
 class dir { write read create add_name remove_name };
 class file { rename read lock create write getattr link unlink open append };
 }
^D # This means CTRL-D
make -f /usr/share/selinux/devel/Makefile

 

Now you have a few files. The .pp is the binary representation of the .te you can use to add to the SELinux policy modules.

semodule -i postix_maildir_access.pp

Now we do somekind the same for dovecot:

mkdir ~/dovecot_selinux
cd ~/dovecot_selinux
cat > dovecot_maildir_access.te
module dovecot_maildir_access 1.0;
require {
 type dovecot_t;
 type home_root_t;
 class dir { write read create add_name remove_name };
 class file { rename read lock create write getattr link unlink open append };
 }
^D
make -f /usr/share/selinux/devel/Makefile
semodule -i dovecot_maildir_access.pp

 

Now dovecot and postfix are allowed to use the homedir with Maildir. Hopes this helps… If you have any questions please drop a comment! Thanx!

 

 

About Esmé