The following log file arises off my current maillog:
Apr 24 17:44:48 h2290750 dovecot: auth: Error: pgsql: Connect failed to mail: could not connect to server: Permission denied
Apr 24 17:44:48 h2290750 dovecot: auth: Error: #011Is the server running on host "localhost" (::1) and accepting
Apr 24 17:44:48 h2290750 dovecot: auth: Error: #011TCP/IP connections on port 5432?
Apr 24 17:44:48 h2290750 dovecot: auth: Error: could not connect to server: Permission denied
Apr 24 17:44:48 h2290750 dovecot: auth: Error: #011Is the server running on host "localhost" (127.0.0.1) and accepting
Apr 24 17:44:48 h2290750 dovecot: auth: Error: #011TCP/IP connections on port 5432?
I checked that the postgresql server is listening on port 5432. And my pg_hba.conf looks like this.
# TYPE DATABASE USER ADDRESS METHOD
# Mail stuff
host mail mailreader 127.0.0.1/32 md5
host mail mailreader ::1/128 md5
# "local" is for Unix domain socket connections only
local all all md5
# IPv4 local connections:
host all all 127.0.0.1/32 ident
# IPv6 local connections:
host all all ::1/128 ident
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication postgres peer
#host replication postgres 127.0.0.1/32 ident
#host replication postgres ::1/128 ident
The connection configuration of my dovecot-sql.conf:
driver = pgsql
connect = host=localhost dbname=mail user=mailreader password=secret
default_pass_scheme = SHA512
password_query = SELECT email as user, password, 'maildir:/home/mail'||maildir as userdb_mail FROM users WHERE email = '%u'
Any suggestions? Maybe I need to hash the secret, so that dovecot pushes a md5-hashed password to pgsql?
Edit: psql -U mailreader -d mail
leaves me with a SQL prompt within database mail
Best Answer
was actually hinting at a SELinux problem. After examining the audit.log I found the following line, repeatedly appearing.
After havning installed the policy core utils using this command:
I was able to create an excpetion for SELinux with the audit2allow command:
Thereafter the exception can be loaded into SELinux using:
And thats it. Running like a charm.