spamass-milter packages here are designed to work with my
milter SELinux policy, which is included in upstream reference policy,
and came into Fedora during the Fedora 11 development cycle. I also raised
Bug #483849 to get it backported
into the Fedora 9 and 10
I have subsequently updated the policy to add a new type and interface
in order to support the use of the milter with a single site-wide
configuration and bayes database common to all users (Bug #489995).
The patch has been submitted upstream
but hasn't been merged at the time of writing. Once it's merged, I'll try to get
it backported into Fedora too (this is already happening - see Bug #492550).
The policy files here provide support for
Red Hat Enterprise Linux 5 and compatible distributions, and consist of three
modules. For those unfamilar with how to build and install SELinux policy
modules, see my
guide to building SELinux policy modules.
The policy is split into three modules:
milter- almost unchanged
milterpolicy module from upstream; the only changes are related to interface changes that have happened upstream since Red Hat Enterprise Linux 5
milter-extras- additional rules for other SELinux domains that provide support for MTAs to communicate with milter applications
spamassassin-client- the spamassassin client policy, which provides the system
spamc_tdomain and an interface to it used by the
milterpolicy; this policy was developed after the release of Red Hat Enterprise Linux 5. However, Red Hat Enterprise Linux 5.3 now includes the client policy so this module is not needed for RHEL 5.3 onwards.
Create a directory
/root/selinux.local and copy the policy files from here into that directory.
Then build and install the modules
(you'll need the
selinux-policy-devel packages installed first).
# cd /root/selinux.local # chcon -R -t usr_t . # ln -s /usr/share/selinux/devel/Makefile . # make # semodule -i spamassassin-client.pp milter.pp milter-extras.pp
spamassassin-client.pp for RHEL 5.3 onwards)
If you have already installed the
spamass-milter package, you'll need to fix up the file contexts:
# restorecon -rvF $(rpm -ql spamass-milter)
Paul Howarth <firstname.lastname@example.org>