Okay, we have a classic setup where we use Postfix and Dovecot together to handle your mail.
For storing your mail you use Maildir, which basically puts all the mail related business in a home directory under Maildir/
Now, you want to be secure and use SELinux. But wait… There are no booleans for postfix_use_homedir or dovecot_use_homedir! Well, hopefully I can help you a bit in the way and give you a working solution:
First we make a security policy module for postfix:
|
1 2 3 4 5 6 7 8 9 10 11 12 |
mkdir ~/postfix_selinux cd ~/postfix_selinux cat > postfix_maildir_access.te module postfix_maildir_access 1.0; require { type postfix_local_t; type home_root_t; class dir { write read create add_name remove_name }; class file { rename read lock create write getattr link unlink open append }; } ^D # This means CTRL-D make -f /usr/share/selinux/devel/Makefile |
Now you have a few files. The .pp is the binary representation of the .te you can use to add to the SELinux policy modules.
|
1 |
semodule -i postix_maildir_access.pp |
Now we do somekind the same for dovecot:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
mkdir ~/dovecot_selinux cd ~/dovecot_selinux cat > dovecot_maildir_access.te module dovecot_maildir_access 1.0; require { type dovecot_t; type home_root_t; class dir { write read create add_name remove_name }; class file { rename read lock create write getattr link unlink open append }; } ^D make -f /usr/share/selinux/devel/Makefile semodule -i dovecot_maildir_access.pp |
Now dovecot and postfix are allowed to use the homedir with Maildir. Hopes this helps… If you have any questions please drop a comment! Thanx!
Leave a Reply