Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Red Hat Enterprise Linux 9 Essentials Book now available.

Purchase a copy of Red Hat Enterprise Linux 9 (RHEL 9) Essentials

Red Hat Enterprise Linux 9 Essentials Print and eBook (PDF) editions contain 34 chapters and 298 pages

Preview Book

13.4. Configuration Examples

13.4.1. SpamAssassin and Postfix

From the SpamAssassin project page:
"Open Source mail filter, written in Perl, to identify spam using a wide range of heuristic tests on mail headers and body text. Free software."
When using Red Hat Enterprise Linux, the spamassassin package provides SpamAssassin. Run rpm -q spamassassin to see if the spamassassin package is installed. If it is not installed, run the following command as the root user to install it:
yum install spamassassin
SpamAssassin operates in tandom with a mailer such as Postfix to provide spam-filtering capabilities. In order for SpamAssassin to effectively intercept, analyze and filter mail, it must listen on a network interface. The default port for SpamAssassin is TCP/783, however this can be changed. The following example provides a real-world demonstration of how SELinux complements SpamAssassin by only allowing it access to a certain port by default. This example will then demonstrate how to change the port and have SpamAssassin operate on a non-default port.
Note that this is an example only and demonstrates how SELinux can affect a simple configuration of SpamAssassin. Comprehensive documentation of SpamAssassin is beyond the scope of this document. Refer to the official SpamAssassin documentation for further details. This example assumes the spamassassin is installed, that any firewall has been configured to allow access on the ports in use, that the SELinux targeted policy is used, and that SELinux is running in enforcing mode:
Running SpamAssassin on a non-default port
  1. Run the semanage command to show the port that SELinux allows spamd to listen on by default:
    # semanage port -l | grep spamd
spamd_port_t            tcp     783
    This output shows that TCP/783 is defined in spamd_port_t as the port for SpamAssassin to operate on.
  2. Edit the /etc/sysconfig/spamassassin configuration file and modify it so that it will start SpamAssassin on the example port TCP/10000:
    # Options to spamd
SPAMDOPTIONS="-d -p 10000 -c m5 -H"
    This line now specifies that SpamAssassin will operate on port 10000. The rest of this example will show how to modify SELinux policy to allow this socket to be opened.
  3. Start SpamAssassin and an error message similar to the following will appear:
    # service spamassassin start
Starting spamd: [2203] warn: server socket setup failed, retry 1: spamd: could not create INET socket on 127.0.0.1:10000: Permission denied
[2203] warn: server socket setup failed, retry 2: spamd: could not create INET socket on 127.0.0.1:10000: Permission denied
[2203] error: spamd: could not create INET socket on 127.0.0.1:10000: Permission denied
spamd: could not create INET socket on 127.0.0.1:10000: Permission denied
                                                           [FAILED]
    This output means that SELinux has blocked access to this port.
  4. A denial similar to the following will be logged by SELinux:
    SELinux is preventing the spamd (spamd_t) from binding to port 10000.
  5. As the root user, run the semanage command to modify SELinux policy in order to allow SpamAssassin to operate on the example port (TCP/10000):
    semanage port -a -t spamd_port_t -p tcp 10000
  6. Confirm that SpamAssassin will now start and is operating on TCP port 10000:
    # service spamassassin start
Starting spamd:                                 [ OK ]

# netstat -lnp | grep 10000
tcp     0       0 127.0.0.1:10000       0.0.0.0:*       LISTEN  2224/spamd.pid
  7. At this point, spamd is properly operating on TCP port 10000 as it has been allowed access to that port by SELinux policy.

  
 
  Published under the terms of the Creative Commons License Design by Interspire