I was asked to put a server together to host a library application called Guide on the Side. All it requires is a basic LAMP stack platform. The application was written with the CakePHP framework (kind of like Rails for Ruby). One of the functions of the app is to allow the results of the user’s session to be e-mailed once complete. But it wasn’t working.
I checked to make sure that I could send e-mail using the OS with:
cat /etc/hosts | mailx -s "Test message" me@myemailaddress
This worked fine. I received a message in my work inbox almost instantly. So then I thought I should check to see if I could send mail with PHP using PHP's mail function. I used the following script:
?php ini_set( 'display_errors', 1 ); error_reporting( E_ALL ); $from = "email@example.com"; $to = "firstname.lastname@example.org"; $subject = "Test from php"; $message = "This is a test message"; $headers = "From:" . $from; mail($to, $subject, $message, $headers); echo "Email sent";; ?>
And this worked fine too. So next I decided to look in the /var/log/maillog to see what was going on. This system is running a Red Hat type distro, specifically, Oracle Linux 6.5. I suspected it might be an issue with SElinux and sure enough, that's what I found. Inside the maillog there was a message that showed:
Jan 14 17:07:31 - server.mydomain.edu postfix/sendmail: fatal: chdir /var/spool/postfix: Permission denied
Looks like an SElinux problem. Essentially SElinux is preventing the Apache user from sending mail. To verify SElinux status generally use the sestatus command or to look specifically for whether or not the Apache user can send mail use the command getsebool. Like this:
[root@server]# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 28 Policy from config file: targeted
[root@server]# getsebool httpd_can_sendmail httpd_can_sendmail --> on
I knew that my system was running with SElinux enabled and set to enforcing. But when I first ran the getsebool command, my system was set for "httpd_can_sendmail" to off. I needed to set it "on" to allow the e-mail function of the application to work. Like this:
[root@server]# setsebool -P httpd_can_sendmail 1
The "-P" argument makes the change persistent across reboots. Once it was set my application was able to e-mail just fine.