linux

When installing opendkim on a Centos 5.7 or 5.9 system following the wonderful howto by Steven Jenkins mail stops going out and the maillog shows:

May 23 12:55:53 her9 postfix/cleanup[4836]: warning: cannot receive milters via service cleanup socket socket
May 23 12:55:53 her9 postfix/smtpd[4832]: warning: premature end-of-input on public/cleanup socket while reading input attribute name
May 23 12:55:53 her9 postfix/smtpd[4832]: warning: cannot send milters to service public/cleanup socket
May 23 12:55:53 her9 postfix/smtpd[4832]: 8DBDB4D48004: client=localhost.localdomain[127.0.0.1]
May 23 12:55:53 her9 postfix/master[4824]: warning: process /usr/libexec/postfix/cleanup pid 4836 killed by signal 11
May 23 12:55:53 her9 postfix/master[4824]: warning: /usr/libexec/postfix/cleanup: bad command startup -- throttling

The syslog is even scarier:

May 23 12:55:53 her9 kernel: cleanup[4836]: segfault at 0000000000000008 rip 00002b152350db10 rsp 00007fff855746e8 error 6

Yes, a segfault. Things work better when SELinux gets disabled.
Without going deeply into the reason of this incompatibility the following commands make opendkim work while SELinux is still active.

This command will show you what did cause trouble today, and convert it already in to the syntax for an ‘allow’:

ausearch -m avc -ts today | audit2allow


If what you see is indeed only about opendkim you then can go ahead and install this:
ausearch -m avc -ts today | audit2allow -M yourdesiredmodulename
semodule -i yourdesiredmodulename.pp

Things work much better then.

The Centos SELinux How To is a helpful resource for this kind of thing.