On Mon, Apr 28, 2014 at 8:51 AM, Chris Vaas <[email protected]> wrote:
> On Mon, Apr 28, 2014 at 8:43 AM, Steffen Kaiser < > [email protected]> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On Sun, 27 Apr 2014, Chris Vaas wrote: >> >> [fixed ugly top posting] >> >> On Sat, Apr 26, 2014 at 11:39 PM, Steffen <[email protected] >>> >wrote: >>> >>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> >>>> Chris Vaas wrote: >>>> >>>>> I am currently facing the following log output: >>>>> >>>>> Apr 26 16:40:28 h2290750 dovecot: auth: Error: pgsql(localhost): >>>>> Connect failed to database mail: could not connect to server: >>>>> Permission denied Apr 26 16:40:28 h2290750 dovecot: auth: Error: >>>>> #011Is the server running on host "localhost" (::1) and accepting >>>>> Apr 26 16:40:28 h2290750 dovecot: auth: Error: #011TCP/IP >>>>> connections on port 5432? >>>>> >>>>> I have double checked the database. It is listening correctly and I >>>>> can connect to it via >>>>> >>>>> psql -U mailreader mail >>>>> >>>>> I provided all necessary information to dovecot via this >>>>> configuration snippet: >>>>> >>>>> driver = pgsql connect = host=localhost dbname=mail user=mailreader >>>>> password=secret default_pass_scheme = SHA512 >>>>> >>>> >>>> does Postgres allow connections on "host ::1" for user mailreader ? >>>> Actually I wonder, because I thought the Postgres lib defaults to >>>> "local" (socket) by default on localhost -> does Postgres allow >>>> connections on "local" for mailreader? Permissions are configured in >>>> pg_hba.conf, but -> Does Postgres logs something? It should if PG >>>> denies the connection. >>>> >>> >> I set the host to 127.0.0.1 now. And my pg_hba.conf looks like that: >>> >>> # TYPE DATABASE USER ADDRESS METHOD >>> # Mail stuff >>> host mail mailreader 127.0.0.1/32 md5 >>> host mail mailreader ::1/128 md5 >>> local all all md5 >>> host all all 127.0.0.1/32 ident >>> host all all ::1/128 ident >>> >> >> What about the "Does Postgres logs something?" >> > > The log under /var/logs/pgsql is completely empty. > >> >> Do you have SELinux or something like that running? >>>> >>> >> What about this question? >> > > I do have a SELinux up and running, yeah. > >> >> > >> I remember that I had a server that had wrong permissions on: >>>> >>>> ls -al /var/run/postgresql >>>> >>>> drwxrwsr-x 2 postgres postgres 4096 Feb 10 07:32 ./ >>>> srwxrwxrwx 1 postgres postgres 0 Apr 26 23:15 .s.PGSQL.5432= >>>> >>>> the .s.PGSQL. socket is the local socket usually used for localhost >>>> connections and automatically found by libpg. >>>> >>> >> The folder /var/run/postgresql is not existing on my machine. >>> >> >> - -- Steffen Kaiser > > > - Chris > > I just looked into my SELinux audit log and found the following denial. type=AVC msg=audit(1398609990.493:280): avc: denied { name_connect } for pid=5964 comm="auth" dest=5432 scontext=unconfined_u:system_r:dovecot_auth_t:s0 tcontext=system_u:object_r:postgresql_port_t:s0 tclass=tcp_socket There seems to be a good chance, that this is my problem, doesn't it? But how can I allow the connection? Cheers Chris
