How can apache be allowed to send email?

php linux apache centos sendmail

38,506

Solution 1

First you have to check if permission are correct. Here is the permission below in my system

# ls -l /usr/sbin/sendmail.sendmail -r-xr-sr-x root smmsp /usr/sbin/sendmail.sendmail

# ls -l /var/spool/clientmqueue drwxrwx--- smmsp smmsp /var/spool/clientmqueue

If your permissions or ownership is wrong then change it using chown and chmod.

If the above is right then disable selinux or if you want selinux enabled use chcon to set the correct selinux context.

http://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html

For disabling selinux temporarily use #setenforce 0

Solution 2

Selinux may cause the issue, to verify run:

getsebool -a | grep mail

If it displays as bellow it is selinux:

allow_postfix_local_write_mail_spool --> off

You may disabled it, but if you want to keep it (and you should as it provides an extra layer of security) you should do something else:

setsebool -P httpd_can_sendmail on

This will allow the httpd to send emails, as when you use php mail().

Solution 3

Hate to necro this, but none of the solutions here worked for me. I know very little about SELinux, but I ended up discovering the problem with this (on CentOS 6):

getsebool httpd_can_sendmail

Which told me it's disabled. Fixed with

setsebool httpd_can_sendmail 1

Solution 4

You may have SELinux enabled.

http://selinuxproject.org/page/Main_Page

You can check SELinux status by doing:

sestatus

You should see something like:

SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

You can turn SELinux off temporarily via:

echo 0 >/selinux/enforce

and back on with

echo 1 >/selinux/enforce

If you do temp. turn it off, do not install RPMs or make changes. I find this can lead to problems with re-enabling it.

If you want to permanently disable SELinux, then try:

https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html

View more solutions

38,506

Author by

dev_willis

I manipulate multimedia metaphors.

Updated on March 16, 2020

Comments

dev_willis over 4 years
I have a CentOS 6.2 virtual machine running Apache 2.2 and PHP 5.3 that I'm trying to send email from via PHP's mail() function. I can send email from the CLI without problems but when PHP tries it fails. In the sendmail log is the following:
```
Oct  9 11:42:03 localhost sendmail[3080]: NOQUEUE: SYSERR(apache): can not chdir(/var/spool/clientmqueue/): Permission denied
```
It seems like Apache doesn't have permission to do this but I'm not sure how to fix it. I've found a lot discussion about this but nothing specific enough to what I'm doing that I could use. Any help would be appreciated. Thanks!
VSB almost 11 years

-P option make it permanent, so after reboot it will be on again :)
PookPook about 10 years

i only used "setsebool -P httpd_can_sendmail on" and solved the problem. Thanks
David Gardner over 7 years

Don't disable SELinux :( There's a boolean httpd_can_sendmail to allow the web-server to send mail which should work in this case. Set this with setsebool -P httpd_can_sendmail 1, and include the -P option to make it persistent across reboots.
robsch over 2 years

setsebool without -P will not survive a reboot. So -P should be used.