Articles in this section

Unable to receive email on a Linux Plesk server: Can't connect to local server through socket

Daniel Yordanov
Updated
Plesk for Linux kb: technical

Applicable to:

  • Plesk for Linux

Symptoms

  • Unable to receive email on a Linux Plesk server that has the Plesk Email Security extension installed and enabled, with errors such as the following visible in the /var/log/maillog:

    CONFIG_TEXT: amavis[2267186]: (2267186-01) (!)connect_to_sql: unable to connect to DSN 'DBI:mysql:database=emailsecurity;host=localhost;port=3306': Can't connect to local server through socket '/var/lib/mysql/mysql.sock' (13)
    amavis[2267186]: (2267186-01) (!!)TROUBLE in process_request: connect_to_sql: unable to connect to any dataset at /usr/share/perl5/vendor_perl/Amavis/Out/SQL/Connection.pm line 255.
    amavis[2267186]: (2267186-01) (!)Requesting process rundown after fatal error
    postfix/smtp[2268836]: CC4398025F029: to=<plesk_test@example.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.8, delays=0.75/0/0/0.05, dsn=4.3.2, status=deferred (host 127.0.0.1[127.0.0.1] said: 421 4.3.2 Service shutting down, closing channel (in reply to RCPT TO command))

  • The following error is found in /var/log/messages:

    CONFIG_TEXT: setroubleshoot[2299429]: SELinux is preventing /usr/bin/perl from connect to access on the unix_stream_socket /var/lib/mysql/mysql.sock. For complete SELinux messages run: sealert -l 400ae53f-8200-4fa8-8090-54fa37196b53

  • Commonly the used OS is AlmaLinux 9, while the MariaDB version is 10.11s, however this may appear in other Linux OS and MariaDB combinations.

Cause

The current SELinux policy prevents /usr/sbin/amavi from accessing the /var/lib/mysql/mysql.sock file, due to which the Amavis filter cannot function.

Resolution

Use the the ID of the alert that you saw in the /var/log/messages error message (it would be similar to 400ae53f-8200-4fa8-8090-54fa37196b53) and add the necessary exceptions to SELinux by :

1. Connect to the server via SSH

2. Check the contents of the alert:

Note: Make sure to replace 400ae53f-8200-4fa8-8090-54fa37196b53 with the exact alert ID that you found in found in /var/log/messages

# sealert -l 400ae53f-8200-4fa8-8090-54fa37196b53

3. Run the commands from the output that you got in the previous step, they would be similar to the following:

# ausearch -c '/usr/sbin/amavi' --raw | audit2allow -M my-usrsbinamavi

# semodule -X 300 -i my-usrsbinamavi.pp

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.