Apache, php, email and SELinux

Ah what fun it was, I thought I was going mad, then again perhaps I was. I’d mostly installed a utility on my local webserver; three php pages. All it had to do was talk to my MySQL server and send a mail out to subscribers. My maillog looked like this:

Jan 15 19:43:53 host postfix/sendmail[4993]: fatal: open /etc/postfix/main.cf: Permission denied
Jan 15 22:21:30 host postfix/sendmail[5305]: fatal: open /etc/postfix/main.cf: Permission denied
Jan 15 22:27:39 host postfix/sendmail[5321]: fatal: open /etc/postfix/main.cf: Permission denied

No matter what I did with postfix’s config it wouldn’t send mail. Yet I could send mail from the command line. After a loooong web search I discovered that SELinux is the culprit, yet again. A temporay disable of selinux using:setenforce permissive proved the point. But this is a web facing server and I didn’t want to disable SELinux and let all those nasty crackers get into my server. Oh what to do. Of the many command I tried it seems to be
setsebool -P httpd_can_sendmail on
that fixes it.
Along the way I also did:
setsebool -P httpd_can_network_connect=on
semanage port -a -t http_port_t -p tcp 25

But I’m not sure these were the critical commands to get this working.

Eventually I’ll have to migrate this to a real server. What a fun day that will be.

This entry was posted in Uncategorized. Bookmark the permalink.