POSTFIX main.cf permission denied

Question

I am trying to set up a postfix server for smtp relay. Centos 5.5

I have followed http://mhawthorne.net/posts/postfix-configuring-gmail-as-relay.html but am getting a FAILED error when trying to restart or reload postfix.

When I do:

cat maillog

I get:

fatal: open /etc/postfix/main.cf: Permission denied

Here is what I have tried:

chown postfix /etc/postfix/main.cf
chmod u+rwx /etc/postfix/main.cf

After that, I do:

ls -l /etc/postfix/main.cf

Which gives me:

-rwx------. 1 postfix anotheruser 27531 Apf 29 12:19 /etc/postfix/main.cf

No dice. Same error. I even tried temporarily doing chmod 777 but got same error.

Any ideas on the permissions problem? I am assuming it is running the service as the postfix user.

Thanks

score 18 · Answer 1 · answered Jan 20 '15 at 19:50

18

In my case, the other answers didn't helped me, because I already had the context for those files correctly. Even if the file's correct context are applied, you'll also need to be sure the Apache user has SELinux permission to send mails. Specifically there is a SELinux configuration that need to be turned on.

Verify if the setting is on or off: getsebool httpd_can_sendmail
If you got httpd_can_sendmail --> off you can enable this setting this way: sudo setsebool -P httpd_can_sendmail 1

-P in the above command means Persistent (across reboots)

answered Jan 20 '15 at 19:50

Metafaniel

353
3
8

4

This was exactly the issue in my LEMP stack! – Andrew White May 01 '16 at 02:17
1

Cheers. This solved my problem too. – James Shields Feb 05 '21 at 21:56
1

Bingo! ran into this when setting up a new Rocky Linux 9 server. This instruction should be a part of all postfix setup instructions where SELinux is used. – Jimbo Jun 22 '23 at 15:04

score 11 · Accepted Answer · answered Apr 29 '13 at 18:21

11

Almost certainly to do with SELinux. I bet you moved your main.cf into that location.

Try running restorecon -v /etc/postfix/main.cf to fix the labelling.

answered Apr 29 '13 at 18:21

Matthew Ife

23,357
3
55
72

2

To do a fast verification if SELinux it's the cause, disable it temporarily like this: `sudo setenforce 0` If now everything works then SELinux it's the cause. Run `sudo setenforce 1` to enable SELinux again and solve the problem as suggested – Metafaniel Jan 20 '15 at 19:26
I had to fix the SELinux context manually. This can be done using sudo chcon -v -u system_u -r object_r -t postfix_etc_t /etc/postfix/main.cf As it was: -rw-r--r--. root root unconfined_u:object_r:user_tmp_t:s0 main.cf This was before I realised I had to do the restorecon with '-r' or on a specific file. – gkephorus Jul 09 '19 at 10:36

score 4 · Answer 3 · answered Apr 29 '13 at 19:01

This is most likely related to SELinux access control. CentOS has "Enforcing" SELinux mode by default. Please check the status of SELinux with comnand:

# sestatus

If the output something like this:

SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

You need to to change security context for main.cf and probably other postfix configuration flies. On my machine it is set to:

-rw-r--r--. root root system_u:object_r:postfix_etc_t:s0 /etc/postfix/main.cf

Try these to set proper context:

 # chcon -v -u system_u -r object_r -t postfix_etc_t /etc/postfix/main.cf
 # restorecon -v -R  /etc/postfix/

To verify:

 # ls -Z /etc/postfix/

score 1 · Answer 4 · answered Sep 27 '20 at 03:21

1

In my case was because selinux didn't allow apache (PHP) to send emails. Fixed with:

setsebool -P httpd_can_sendmail=1

answered Sep 27 '20 at 03:21

Samo

119
2

Why the down point? I had the same problem and found a way to fix it... – Samo Feb 18 '21 at 18:59

POSTFIX main.cf permission denied

4 Answers4

Linked

Related