<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:12pt">Finally fixed the last two issues, both SELinux related. I was missing httpd_ssi_exec but this caused more AVCs which needed to be added to my local policy. The corrupted "reply-to" address on the picked up email is now fixed.<br><br><pre>setsebool -P httpd_can_sendmail 1
setsebool -P httpd_enable_cgi 1
setsebool -P httpd_ssi_exec 1</pre><br>cat postgreylocal.te<br><br>module postgreylocal 1.4;<br><br>require {<br> type httpd_sys_script_t;<br> type clamscan_exec_t;<br> type clamd_var_run_t;<br> type httpd_sys_rw_content_t;<br> type clamd_t;<br> type httpd_t;<br> type default_t;<br> type clamscan_t;<br> class file { getattr read open };<br> class process sigchld;<br> class unix_stream_socket { connectto read write };<br> class fifo_file write;<br> class sock_file write;<br> class dir { search getattr };<br>}<br><br>#============= clamd_t ==============<br>allow clamd_t default_t:dir search;<br>allow clamd_t httpd_sys_rw_content_t:file { read getattr open };<br><br>#============= clamscan_t
==============<br>allow clamscan_t default_t:dir search;<br>allow clamscan_t httpd_sys_rw_content_t:file getattr;<br>allow clamscan_t httpd_t:fifo_file write;<br>allow clamscan_t httpd_t:process sigchld;<br>allow clamscan_t httpd_t:unix_stream_socket { read write };<br><br>#============= httpd_sys_script_t ==============<br>allow httpd_sys_script_t default_t:dir search;<br><br>#============= httpd_t ==============<br>allow httpd_t clamd_t:unix_stream_socket connectto;<br>allow httpd_t clamd_var_run_t:dir search;<br>allow httpd_t clamd_var_run_t:sock_file write;<br>allow httpd_t clamscan_exec_t:file { read getattr open };<br>allow httpd_t default_t:dir { search getattr };<br><br></div></body></html>