Issue Emails cannot be sent and received, when SELinux is enabled: Temporary lookup failure

[Jeroen Bl]

Hi Guys,

I've been having this p(l)sky problem since an update (Version 17.5.3 Update #46) where my email doesn't send showing the error "Temporary Lookup Failure".

I have been reading the following article: Emails cannot be sent and received, when SELinux is enabled: Temporary lookup failure

However, it seems my SELinux policy is installed as opposed to the symptom in point 3 of the article.

I've tried:

• "repair mail"
• "reinstalling postfix"
• "recreating config files for postfix"
• "switching to Qmail and back"
• "changing the Nameservers in resolve.conf to Google DNS"

I am at a loss here. Any help would be greatly appreciated.

 

[Bitblade]

We are experiencing the same problem and have attempted the same fixes (except for changing nameservers). No luck here either.

As for Jeroen, the problem started this night with update #46. However, we have SELinux disabled, so this cannot be the problem for us.

A sample of our logs:

apr 24 12:07:09 [hostname] postfix/cleanup[1641]: error: unsupported dictionary type: tcp
apr 24 12:07:09 [hostname] postfix/pickup[1635]: 5E96F17880513: uid=10000 from=<[FROM]>
apr 24 12:07:09 [hostname] postfix/cleanup[1641]: warning: tcp:127.0.0.1:12346 is unavailable. unsupported dictionary type: tcp
apr 24 12:07:09 [hostname] postfix/cleanup[1641]: warning: tcp:127.0.0.1:12346 lookup error for "[TO]"
apr 24 12:07:09 [hostname] postfix/cleanup[1641]: warning: 5E96F17880513: recipient_canonical_maps map lookup problem for [TO] -- message not accepted, try again later

 

[IgorG]

warning: tcp:127.0.0.1:12346 is unavailable.

Make sure that port 12346 is opened with:

# lsof -i tcp:12346
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
master 10308 root 84u IPv4 331985937 0t0 TCP localhost:12346 (LISTEN)

If not, check that you have following lines in Postfix config files:

# grep 12346 /etc/postfix/*
/etc/postfix/main.cf:recipient_canonical_maps = tcp:127.0.0.1:12346
/etc/postfix/master.cf:127.0.0.1:12346 inet n n n - - spawn user=popuseropuser argv=/usr/lib64/plesk-9.0/postfix-srs

 

[Timo002]

Some issue here!

Port 12346 is open, also postfix config files contains the lines mentioned.

Edit:
I updated to Plesk Onyx 17.8.11, problem still exists.

Edit:
I followed this article, not working either.
Emails cannot be sent and received, when SELinux is in enforcing mode on a Plesk server: Temporary lookup failure

 

[Timo002]

I think some urgency is required since my customers aren't able to send any e-mails.

 

[Timo002]

Setting SELinux to permissive mode seems to fix the issue. But this is probably not the way we want to configure it!

 

[G J Piper]

Setting SELinux to permissive mode seems to fix the issue. But this is probably not the way we want to configure it!

Do you have the setroubleshoot-server part of SELinux installed? The way to tell is to look in your /var/log/messages and see if there are any entries from selinux. If there aren't, install it using this:

yum install setroubleshoot-server

Then, even with SELinux in permissive mode, restart your email server components and see what messages show up in the messages log. There will be specific instructions for how to add custom rules in there for SELinux. This is what I had to do with my CentOS 7/Plesk server. Just keep checking your /var/log/messages log to see what appears in there for a day or so, adding rules as it dictates, until it is running clean. Once it gives no new messages, you can set SELinux to "enforcing" mode and be good to go.

PS: @IgorG: I think the SELinux setroubleshoot-server should maybe be preinstalled by Plesk on servers that have SELinux included, so people can set these custom SELinux rulesets easily. It literally tells the user what commands to do to make the rulsets it needs. I had to make about a dozen to get postfix and dovecot running smoothly on my machine.

 

[Ian Robinson]

Just discovered this issue on my VPS, also update 46. Thank you all for letting me know all the things you've tried that haven't fixed it as it saves me a lot of time going through the same thing. Anyone know if there is a bug tracking link for this so we can know when to get the update that fixes it? Or at least to say they are aware of the issue?

 

[Ian Robinson]

Hold up, is this the resolution? Emails cannot be sent and received, when SELinux is in enforcing mode on a Plesk server: Temporary lookup failure

Gonna try that now.

 

[Ian Robinson]

Nope. It didn't work. I saw the article was only 9 hours old when I tried so felt lucky. But the article said that SELinux Policy would show as uninstalled. But mine was installed. I did an uninstall/reinstall of the SELinux policy and restarted Postfix but no joy.

 

[G J Piper]

Just discovered this issue on my VPS, also update 46. Thank you all for letting me know all the things you've tried that haven't fixed it as it saves me a lot of time going through the same thing. Anyone know if there is a bug tracking link for this so we can know when to get the update that fixes it? Or at least to say they are aware of the issue?

Pretty sure I gave the solution in my last post. You are experiencing SELinux working correctly — you just need to add your own server’s particular rules by following my instructions.

 

[Ian Robinson]

Pretty sure I gave the solution in my last post. You are experiencing SELinux working correctly — you just need to add your own server’s particular rules by following my instructions.

Thanks G J Piper.

While I was trawling through my logs this evening as per your suggestion (after putting SELinux into permissive mode to allow missed emails to come in for my clients and for me to send some emails), I gave up for a while and looked at the link provided by the OP again in case of an update.

Namely, this link: Emails cannot be sent and received, when SELinux is in enforcing mode on a Plesk server: Temporary lookup failure

I saw Plesk support added another link at the bottom that wasn't there before, or at least I hadn't noticed it - Unable to send and email: Unable to open file /var/lib/plesk/mail/srs/secret: Permission denied. Following the instructions to set an allow policy for postfix is what worked for me.

I set SELinux back to enforcing mode, getenforce shows as Enforcing, and I am still able to send and receive emails.

Now, I hope I don't have to eat my words later down the line in case I'm missing something or it stops working again for some reason.
Perhaps someone else could confirm (OP?)

 

[G J Piper]

I saw Plesk support added another link at the bottom that wasn't there before, or at least I hadn't noticed it - Unable to send and email: Unable to open file /var/lib/plesk/mail/srs/secret: Permission denied. Following the instructions to set an allow policy for postfix is what worked for me.

Yep, those Plesk support instructions are an example of what you will see in your /var/log/messages log when SELinux blocks any server action. If you have any other enforcement problems with the server, just look in the log and follow the instructions it puts there. Glad you found these specific instructions another way though.

 

[learning_curve]

...Do you have the setroubleshoot-server part of SELinux installed? The way to tell is to look in your /var/log/messages and see if there are any entries from selinux...

Great post @G J Piper We didn't have any mail problems, but we still took note of this when setting up our own SELinux and with regard to this ^^ particular bit, we also found THIS page guide equally helpful. It's very slightly different that your post and a little bit old now, but still worked perfectly for us (CentOS / Red Hat etc) so others may still want to have a read too

 

[Jeroen Bl]

Thanks G J Piper.

While I was trawling through my logs this evening as per your suggestion (after putting SELinux into permissive mode to allow missed emails to come in for my clients and for me to send some emails), I gave up for a while and looked at the link provided by the OP again in case of an update.

Namely, this link: Emails cannot be sent and received, when SELinux is in enforcing mode on a Plesk server: Temporary lookup failure

I saw Plesk support added another link at the bottom that wasn't there before, or at least I hadn't noticed it - Unable to send and email: Unable to open file /var/lib/plesk/mail/srs/secret: Permission denied. Following the instructions to set an allow policy for postfix is what worked for me.

I set SELinux back to enforcing mode, getenforce shows as Enforcing, and I am still able to send and receive emails.

Now, I hope I don't have to eat my words later down the line in case I'm missing something or it stops working again for some reason.
Perhaps someone else could confirm (OP?)

As I was in a bit of a pickle and had no idea about a quick fix after I posted this, I reverted back to a previous version and disabled automatic software updates for now. So I haven't been able to see if the proposed solution by @G J Piper and yourself would fix my problem as well.

It comforts me at least to know that I was not alone in this, so thank you for that

I will come back with my findings after a new effort.