问题
I have a CentOS 6.2 virtual machine running Apache 2.2 and PHP 5.3 that I'm trying to send email from via PHP's mail() function. I can send email from the CLI without problems but when PHP tries it fails. In the sendmail log is the following:
Oct 9 11:42:03 localhost sendmail[3080]: NOQUEUE: SYSERR(apache): can not chdir(/var/spool/clientmqueue/): Permission denied
It seems like Apache doesn't have permission to do this but I'm not sure how to fix it. I've found a lot discussion about this but nothing specific enough to what I'm doing that I could use. Any help would be appreciated. Thanks!
回答1:
First you have to check if permission are correct. Here is the permission below in my system
# ls -l /usr/sbin/sendmail.sendmail
-r-xr-sr-x root smmsp /usr/sbin/sendmail.sendmail
# ls -l /var/spool/clientmqueue
drwxrwx--- smmsp smmsp /var/spool/clientmqueue
If your permissions or ownership is wrong then change it using chown and chmod.
If the above is right then disable selinux or if you want selinux enabled use chcon to set the correct selinux context.
http://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html
For disabling selinux temporarily use #setenforce 0
回答2:
Selinux may cause the issue, to verify run:
getsebool -a | grep mail
If it displays as bellow it is selinux:
allow_postfix_local_write_mail_spool --> off
You may disabled it, but if you want to keep it (and you should as it provides an extra layer of security) you should do something else:
setsebool -P httpd_can_sendmail on
This will allow the httpd to send emails, as when you use php mail().
回答3:
Hate to necro this, but none of the solutions here worked for me. I know very little about SELinux, but I ended up discovering the problem with this (on CentOS 6):
getsebool httpd_can_sendmail
Which told me it's disabled. Fixed with
setsebool httpd_can_sendmail 1
回答4:
You may have SELinux enabled.
http://selinuxproject.org/page/Main_Page
You can check SELinux status by doing:
sestatus
You should see something like:
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted
You can turn SELinux off temporarily via:
echo 0 >/selinux/enforce
and back on with
echo 1 >/selinux/enforce
If you do temp. turn it off, do not install RPMs or make changes. I find this can lead to problems with re-enabling it.
If you want to permanently disable SELinux, then try:
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html
回答5:
getsebool -a | grep mail
allow_postfix_local_write_mail_spool --> off
setsebool -P httpd_can_sendmail on
This command working for me.
来源:https://stackoverflow.com/questions/12804841/how-can-apache-be-allowed-to-send-email