Resolving mail issues with web applications

I was asked to put a server together to host a library application called Guide on the Side.  All it requires is a basic LAMP stack platform.  The application was written with the CakePHP framework (kind of like Rails for Ruby).  One of the functions of the app is to allow the results of the user’s session to be e-mailed once complete.  But it wasn’t working.

I checked to make sure that I could send e-mail using the OS with:

 cat /etc/hosts | mailx -s "Test message" me@myemailaddress

This worked fine. I received a message in my work inbox almost instantly. So then I thought I should check to see if I could send mail with PHP using PHP's mail function. I used the following script:

ini_set( 'display_errors', 1 );
error_reporting( E_ALL );
$from = "";
$to = "";
$subject = "Test from php";
$message = "This is a test message";
$headers = "From:" . $from; mail($to, $subject, $message, $headers);
echo "Email sent";;

And this worked fine too. So next I decided to look in the /var/log/maillog to see what was going on. This system is running a Red Hat type distro, specifically, Oracle Linux 6.5. I suspected it might be an issue with SElinux and sure enough, that's what I found. Inside the maillog there was a message that showed:

Jan 14 17:07:31 - postfix/sendmail[1951]: fatal: chdir /var/spool/postfix: Permission denied

Looks like an SElinux problem. Essentially SElinux is preventing the Apache user from sending mail. To verify SElinux status generally use the sestatus command or to look specifically for whether or not the Apache user can send mail use the command getsebool. Like this:

[root@server]# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 28
Policy from config file: targeted

[root@server]# getsebool httpd_can_sendmail
httpd_can_sendmail --> on

I knew that my system was running with SElinux enabled and set to enforcing. But when I first ran the getsebool command, my system was set for "httpd_can_sendmail" to off. I needed to set it "on" to allow the e-mail function of the application to work. Like this:

[root@server]# setsebool -P httpd_can_sendmail 1

The "-P" argument makes the change persistent across reboots. Once it was set my application was able to e-mail just fine.

Tagged with: , , , , ,

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.