24.4. Configuration Examples
24.4.1. SpamAssassin and Postfix
rpm -q spamassassinpackage spamassassin is not installed
yumutility as root to install it:
yum install spamassassin
Procedure 24.1. Running SpamAssassin on a non-default port
- Use the
semanageutility as root to show the port that SELinux allows the
spamddaemon to listen on by default:
semanage port -l | grep spamdspamd_port_t tcp 783This output shows that TCP/783 is defined in
spamd_port_tas the port for SpamAssassin to operate on.
- Edit the
/etc/sysconfig/spamassassinconfiguration file and modify it so that it will start SpamAssassin on the example port TCP/10000:
# Options to spamd SPAMDOPTIONS="-d -p 10000 -c m5 -H"This line now specifies that SpamAssassin will operate on port 10000. The rest of this example will show how to modify the SELinux policy to allow this socket to be opened.
- Start SpamAssassin and an error message similar to the following will appear:
systemctl start spamassassin.serviceJob for spamassassin.service failed. See 'systemctl status spamassassin.service' and 'journalctl -xn' for details.This output means that SELinux has blocked access to this port.
- A denial message similar to the following will be logged by SELinux:
SELinux is preventing the spamd (spamd_t) from binding to port 10000.
- As root, run
semanageto modify the SELinux policy in order to allow SpamAssassin to operate on the example port (TCP/10000):
semanage port -a -t spamd_port_t -p tcp 10000
- Confirm that SpamAssassin will now start and is operating on TCP port 10000:
systemctl start spamassassin.service~]#
netstat -lnp | grep 10000tcp 0 0 127.0.0.1:10000 0.0.0.0:* LISTEN 2224/spamd.pid
- At this point,
spamdis properly operating on TCP port 10000 as it has been allowed access to that port by the SELinux policy.