Problem configuring Postfix for multiple smtp relay hosts

[rcerecedar]

Hi,
I'm have an enormous headache with what may be a very simple problem. I am trying to migrate a mail server that I have in Ubuntu, to another one in CentoS. I used Postfix in Ubuntu with the options:

smtp_sender_dependent_authentication = yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =

sender_dependent_relayhost_maps = hash:/buzones2/postfix/relayhost_map
smtp_sasl_password_maps = hash:/buzones2/postfix/passwd

and it worked perfectly.

When I put the same parameters in another computer, with CentoS, it works fine without the smtp map options, but when I add the previous lines, it seems that can't access the db files I've made with postmap. I've tried it with different owners, permissions,...

I get this errors:

In /var/log/maillog:

Dec 10 19:45:55 localhost postfix/trivial-rewrite[11058]: fatal: open database /buzones2/postfix/relayhost_map.db: Permission denied
Dec 10 19:45:56 localhost postfix/master[10908]: warning: process /usr/libexec/postfix/trivial-rewrite pid 11058 exit status 1
Dec 10 19:45:56 localhost postfix/master[10908]: warning: /usr/libexec/postfix/trivial-rewrite: bad command startup -- throttling


The errors printed in /var/log/audit/audit.log are:
(when the owner of the file is "postfix")
type=AVC msg=audit(1323541225.528:1019): avc: denied { read } for pid=10798 comm="trivial-rewrite" name="relayhost_map.db" dev=sda2 ino=38712 scontext=unconfined_u:system_r: postfix_master_t:s0 tcontext=unconfined_u: object_r:default_t:s0 tclass=file

type=SYSCALL msg=audit(1323541225.528:1019): arch=40000003 syscall=5 success=no exit=-13 a0=1cd42d0 a1=8000 a2=0 a3=0 items=0 ppid=10793 pid=10798 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=11 comm="trivial-rewrite" exe="/usr/libexec/postfix/trivial-rewrite" subj=unconfined_u:system_r: postfix_master_t:s0 key=(null)

(when the owner is root)
type=AVC msg=audit(1323541413.078:1023): avc: denied { read } for pid=10913 comm="trivial-rewrite" name="relayhost_map.db" dev=sda2 ino=38712 scontext=unconfined_u:system_r: postfix_master_t:s0 tcontext=unconfined_u: object_r: default_t:s0 tclass=file

type=SYSCALL msg=audit(1323541413.078:1023): arch=40000003 syscall=5 success=no exit=-13 a0=2b092d0 a1=8000 a2=0 a3=0 items=0 ppid=10908 pid=10913 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=11 comm="trivial-rewrite" exe="/usr/libexec/postfix/trivial-rewrite" subj=unconfined_u:system_r: postfix_master_t:s0 key=(null)

Can anybody give me hand on this?

Thanks in advance,
Rafael

[rcerecedar]

After looking for solutions, someone suggested me to try to see if the problem may be in SElinux.
When I disbled it completely (not only set it to permissive mode), it worked perfectly. So the problem was there.
The way to go through it, it's been:

1. Install audit2allow (I have centos 6)
yum install policycoreutils-python

2. To allow the access to relay_hosts_db.db.
grep postfix_master_t /var/log/audit/audit.log | audit2allow -M postgreylocal
semodule -i postgreylocal.pp

3. Afterwards, I had a similar problem with the access to the file with the passwords for each sender. To allow the access to passwd.db
grep postfix_smtp_t /var/log/audit/audit.log | audit2allow -M postgreylocal
semodule -i postgreylocal.pp

Now, it works! audit2allow is fantastic!

I hope this may help other people.