Denis78 0 Posted December 2, 2020 Share Posted December 2, 2020 Hi, Configured as written herehttps://help.eset.com/ems_linux/4/en-US/setting_esets_postfix.html?setting_esets_exim4.html But I have this error when I receive an incoming email 2020-12-02 16:11:00 1kkRuH-0003Zd-1T == name@mydomain R=esets_router T=esets_transport defer (0): Child process of esets_transport transport returned 75 (could mean temporary error) from command: /opt/eset/esets/bin/esets_mda The reason is selinux: SELinux is preventing /opt/eset/esets/bin/esets_mda from unix_write access on the message queue labeled unconfined_service_t. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that esets_mda should be allowed unix_write access on msgq labeled unconfined_service_t by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'esets_mda' --raw | audit2allow -M my-esetsmda # semodule -i my-esetsmda.pp Additional Information: Source Context system_u:system_r:exim_t:s0 Target Context system_u:system_r:unconfined_service_t:s0 Target Objects Unknown [ msgq ] Source esets_mda Source Path /opt/eset/esets/bin/esets_mda Port <Unknown> Host <Unknown> Source RPM Packages esets-4.5.16-0.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-268.el7_9.2.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name myhost Platform Linux myhost 3.10.0-1160.6.1.el7.x86_64 #1 SMP Tue Nov 17 13:59:11 UTC 2020 x86_64 x86_64 Alert Count 7 First Seen 2020-12-02 16:08:24 MSK Last Seen 2020-12-02 16:11:00 MSK Local ID dafbccf4-a8dc-4a7c-affa-48c38c361358 how can I fix this? This: # ausearch -c 'esets_mda' --raw | audit2allow -M my-esetsmda # semodule -i my-esetsmda.pp doesn't help Link to comment Share on other sites More sharing options...
FHolzer 0 Posted December 2, 2020 Share Posted December 2, 2020 what was the output of ausearch -c 'esets_mda' --raw | audit2allow -M my-esetsmda semodule -i my-esetsmda.pp ? Link to comment Share on other sites More sharing options...
Denis78 0 Posted December 2, 2020 Author Share Posted December 2, 2020 # ausearch -c 'esets_mda' --raw | audit2allow -M my-esetsmda ******************** IMPORTANT *********************** To make this policy package active, execute: semodule -i my-esetsmda.pp # semodule -i my-esetsmda.pp no message Link to comment Share on other sites More sharing options...
Denis78 0 Posted December 3, 2020 Author Share Posted December 3, 2020 selinux has nothing to do with it. When selinux is disabled, the same error occurs in the logs: R=esets_router T=esets_transport defer (0): Child process of esets_transport transport returned 75 (could mean temporary error) from command: /opt/eset/esets/bin/esets_mda Link to comment Share on other sites More sharing options...
Denis78 0 Posted December 3, 2020 Author Share Posted December 3, 2020 The error occurred only when the server was restarted. The letters left, but later. It was solved by correcting the order of launching services in systemd. /usr/lib/systemd/system/ exim.service [Unit] After=network.target esets.service fail2ban.service [Unit] After=network.target iptables.service firewalld.service ip6tables.service ipset.service nftables.service exim.service dovecot.service esets.service Link to comment Share on other sites More sharing options...
Recommended Posts