Red Hat SummitEste contenido no está disponible en el idioma seleccionado.
23.4. Configuration Examples
23.4.1. SpamAssassin and Postfix
Copiar enlaceEnlace copiado en el portapapeles!
SpamAssasin is an open-source mail filter that provides a way to filter unsolicited email (spam messages) from incoming email.[23]
When using Red Hat Enterprise Linux, the spamassassin package provides SpamAssassin. Enter the following command to see if the spamassassin package is installed:
rpm -q spamassassin
~]$ rpm -q spamassassin
package spamassassin is not installed
If it is not installed, use the
yum utility as root to install it:
yum install spamassassin
~]# yum install spamassassin
SpamAssassin operates in tandem with a mailer such as Postfix to provide spam-filtering capabilities. In order for SpamAssassin to effectively intercept, analyze and filter mail, it must listen on a network interface. The default port for SpamAssassin is TCP/783, however this can be changed. The following example provides a real-world demonstration of how SELinux complements SpamAssassin by only allowing it access to a certain port by default. This example will then demonstrate how to change the port and have SpamAssassin operate on a non-default port.
Note that this is an example only and demonstrates how SELinux can affect a simple configuration of SpamAssassin. Comprehensive documentation of SpamAssassin is beyond the scope of this document. See the official SpamAssassin documentation for further details. This example assumes the spamassassin is installed, that any firewall has been configured to allow access on the ports in use, that the SELinux targeted policy is used, and that SELinux is running in enforcing mode:
Procedure 23.1. Running SpamAssassin on a non-default port
- Use the
semanageutility as root to show the port that SELinux allows thespamddaemon to listen on by default:semanage port -l | grep spamd
~]# semanage port -l | grep spamd spamd_port_t tcp 783Copy to Clipboard Copied! Toggle word wrap Toggle overflow This output shows that TCP/783 is defined inspamd_port_tas the port for SpamAssassin to operate on. - Edit the
/etc/sysconfig/spamassassinconfiguration file and modify it so that it will start SpamAssassin on the example port TCP/10000:Options to spamd
# Options to spamd SPAMDOPTIONS="-d -p 10000 -c m5 -H"Copy to Clipboard Copied! Toggle word wrap Toggle overflow This line now specifies that SpamAssassin will operate on port 10000. The rest of this example will show how to modify the SELinux policy to allow this socket to be opened. - Start SpamAssassin and an error message similar to the following will appear:
systemctl start spamassassin.service
~]# systemctl start spamassassin.service Job for spamassassin.service failed. See 'systemctl status spamassassin.service' and 'journalctl -xn' for details.Copy to Clipboard Copied! Toggle word wrap Toggle overflow This output means that SELinux has blocked access to this port. - A denial message similar to the following will be logged by SELinux:
SELinux is preventing the spamd (spamd_t) from binding to port 10000.
SELinux is preventing the spamd (spamd_t) from binding to port 10000.Copy to Clipboard Copied! Toggle word wrap Toggle overflow - As root, run
semanageto modify the SELinux policy in order to allow SpamAssassin to operate on the example port (TCP/10000):semanage port -a -t spamd_port_t -p tcp 10000
~]# semanage port -a -t spamd_port_t -p tcp 10000Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Confirm that SpamAssassin will now start and is operating on TCP port 10000:
systemctl start spamassassin.service netstat -lnp | grep 10000
~]# systemctl start spamassassin.service ~]# netstat -lnp | grep 10000 tcp 0 0 127.0.0.1:10000 0.0.0.0:* LISTEN 2224/spamd.pidCopy to Clipboard Copied! Toggle word wrap Toggle overflow - At this point,
spamdis properly operating on TCP port 10000 as it has been allowed access to that port by the SELinux policy.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}