How can apache be allowed to send email?

Question

I have a CentOS 6.2 virtual machine running Apache 2.2 and PHP 5.3 that I'm trying to send email from via PHP's mail() function. I can send email from the CLI without problems but when PHP tries it fails. In the sendmail log is the following:

Oct  9 11:42:03 localhost sendmail[3080]: NOQUEUE: SYSERR(apache): can not chdir(/var/spool/clientmqueue/): Permission denied

It seems like Apache doesn't have permission to do this but I'm not sure how to fix it. I've found a lot discussion about this but nothing specific enough to what I'm doing that I could use. Any help would be appreciated. Thanks!

Answer 1

First you have to check if permission are correct. Here is the permission below in my system

# ls -l /usr/sbin/sendmail.sendmail -r-xr-sr-x root smmsp /usr/sbin/sendmail.sendmail

# ls -l /var/spool/clientmqueue drwxrwx--- smmsp smmsp /var/spool/clientmqueue

If your permissions or ownership is wrong then change it using chown and chmod.

If the above is right then disable selinux or if you want selinux enabled use chcon to set the correct selinux context.

http://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html

For disabling selinux temporarily use #setenforce 0

Answer 2

Selinux may cause the issue, to verify run:

getsebool -a | grep mail

If it displays as bellow it is selinux:

allow_postfix_local_write_mail_spool --> off

You may disabled it, but if you want to keep it (and you should as it provides an extra layer of security) you should do something else:

setsebool -P httpd_can_sendmail on

This will allow the httpd to send emails, as when you use php mail().

Answer 3

Hate to necro this, but none of the solutions here worked for me. I know very little about SELinux, but I ended up discovering the problem with this (on CentOS 6):

getsebool httpd_can_sendmail

Which told me it's disabled. Fixed with

setsebool httpd_can_sendmail 1

Answer 4

You may have SELinux enabled.

http://selinuxproject.org/page/Main_Page

You can check SELinux status by doing:

sestatus

You should see something like:

SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

You can turn SELinux off temporarily via:

echo 0 >/selinux/enforce

and back on with

echo 1 >/selinux/enforce

If you do temp. turn it off, do not install RPMs or make changes. I find this can lead to problems with re-enabling it.

If you want to permanently disable SELinux, then try:

https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html

Answer 5

getsebool -a | grep mail
allow_postfix_local_write_mail_spool --> off
setsebool -P httpd_can_sendmail on

This command working for me.