> > >> >>> Checking outgoing mail service.... >>> >>> ERROR: Error connecting to SMTP server "A.B.C.D:25".Server error: >>> (111) Connection refused >>> >>> NOTE: I obfuscated my internal ip network addresses above... >>> >>> I can't find anything wrong with my postfix config, telnet works just fine >>> on port 25. >>> >>> I currently have selinux in 'permissive' mode as in 'Enforcing' mode I was >>> not able to write to the attachment directory (maybe I have a >>> bigger issue here). >>> >>> Could I need to adjust the firewall rules?? >> >> Take a look at them and make sure. >> >> Make sure you are telnetting from the same place SquirrelMail is running and >> that the address is exactly the same. If that works, sudo telnet as the same user apache is running as, since maybe apache user is prevented from connecting on the network. >> >> -- >> Paul Lesniewski >> SquirrelMail Team >> Please support Open Source Software by donating to SquirrelMail! >> http://squirrelmail.org/donate_paul_lesniewski.php >> > > Paul, > > I have adjusted by firewall rules. How does the following look to you? > > [root@kevla conf.d]# firewall-cmd --list-all --permanent > public > target: default > icmp-block-inversion: no > interfaces: > sources: > services: cockpit dhcpv6-client http https imap smtp ssh > ports: 80/tcp 443/tcp > protocols: > forward: yes > masquerade: no > forward-ports: > source-ports: > icmp-blocks: > rich rules: > > If I need to adjust something, please let me know what, and how to go about > it... > > About this error: > ERROR: Error connecting to SMTP server "A.B.C.D:25".Server error: > > I am configuring this box 'offline' and no direct connection to an outgoing > relay (as of yet). Could that be part of my problem? IOW, is this an internal only issue or could it be related to no forwarding relay server? > > Jay > Paul,
I've dug a bit deeper here. Firewall configs are now... [root@kevla share]# firewall-cmd --list-all --permanent public target: default icmp-block-inversion: no interfaces: sources: services: cockpit dhcpv6-client http https imap imaps smtp ssh ports: 80/tcp 443/tcp 25/tcp 993/tcp 143/tcp 587/tcp protocols: forward: yes masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: I've ruled out the firewall being a possibility of the issue. I think my main problem seems to be shown below from the messages log file. I get these every time I run configtest.php and get the SMTP server above: Dec 30 16:04:32 kevla setroubleshoot[37707]: SELinux is preventing /usr/sbin/php-fpm from open access on the file /usr/share/squirrelmail/plugins/compatibility/functions.php.#012#012***** Plugin restorecon (92.2 confidence) suggests ************************#012#012If you want to fix the label. #012/usr/share/squirrelmail/plugins/compatibility/functions.php default label should be usr_t.#012Then you can run restorecon. The access attempt may have been stopped due to insufficient permissions to access a parent directory in which case try to change the following command accordingly.#012Do#012# /sbin/restorecon -v /usr/share/squirrelmail/plugins/compatibility/functions.php#012#012***** Plugin catchall_boolean (7.83 confidence) suggests ******************#012#012If you want to allow httpd to read user content#012Then you must tell SELinux about this by enabling the 'httpd_read_user_content' boolean.#012#012Do#012setsebool -P httpd_read_user_content 1#012#012***** Plugin catchall (1.41 confidence) suggests **************************#012#012If you believe that php-fpm should be allowed open access on the functions.php file by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'php-fpm' --raw | audit2allow -M my-phpfpm#012# semodule -X 300 -i my-phpfpm.pp#012 Here are the permissions for that particular file. [root@kevla log]# ls -lZ /usr/share/squirrelmail/plugins/compatibility/functions.php -rw-r--r--. 1 root root unconfined_u:object_r:user_home_t:s0 30611 Dec 6 2009 /usr/share/squirrelmail/plugins/compatibility/functions.php Looking at the plugin directories, and running 'ls -lZ', I see a mixture of permissions, such as: calendar: total 76 -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0 6541 Dec 28 18:51 calendar_data.php -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0 6770 Dec 28 18:51 calendar.php -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0 6128 Dec 28 18:51 day.php -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0 6716 Dec 28 18:51 event_create.php -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0 5851 Dec 28 18:51 event_delete.php -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0 12887 Dec 28 18:51 event_edit.php -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0 5291 Dec 28 18:51 functions.php -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0 499 Dec 28 18:51 index.php -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0 887 Dec 28 18:51 README -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0 700 Dec 28 18:51 setup.php compatibility: total 68 drwxr-xr-x. 2 root root unconfined_u:object_r:user_home_t:s0 84 Dec 6 2009 docs -rw-r--r--. 1 root root unconfined_u:object_r:user_home_t:s0 30611 Dec 6 2009 functions.php drwxr-xr-x. 31 root root unconfined_u:object_r:user_home_t:s0 4096 Dec 6 2009 includes -rw-r--r--. 1 root root unconfined_u:object_r:user_home_t:s0 466 Jan 2 2009 index.php drwxr-xr-x. 2 root root unconfined_u:object_r:user_home_t:s0 79 Nov 1 2009 locale -rwxr--r--. 1 root root unconfined_u:object_r:user_home_t:s0 5928 Nov 1 2009 make_release.sh drwxr-xr-x. 2 root root unconfined_u:object_r:user_home_t:s0 4096 Nov 1 2009 patches drwxr-xr-x. 2 root root unconfined_u:object_r:user_home_t:s0 4096 Nov 1 2009 patches.old -rw-r--r--. 1 root root unconfined_u:object_r:user_home_t:s0 53 Nov 1 2009 README -rw-r--r--. 1 root root unconfined_u:object_r:user_home_t:s0 2096 Dec 6 2009 setup.php -rw-r--r--. 1 root root unconfined_u:object_r:user_home_t:s0 21 Dec 6 2009 version I ASSUME I need to change everything in /usr/share/squirrelmail to ''object_r:usr_t? If not, what SHOULD THEY be? Jay ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: [email protected] List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
