LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 09-07-2005, 05:03 PM   #1
jusme
LQ Newbie
 
Registered: Sep 2005
Posts: 14

Rep: Reputation: 0
PHP Mail() Problem w/ Sendmail


Hi all,

I'll try to post as many details as possible so people don't have to reply back thousands of times asking for more info and what the permissions are for this or that. Basically here's what happens, the mail() function in PHP doesn't work, the outgoing mail doesn't go anywhere.

The sendmail error log shows:
Code:
Sep  7 14:52:38 jusme sendmail[26105]: NOQUEUE: SYSERR(apache): can not write to queue directory /var/spool/clientmqueue/ (RunAsGid=48, required=51): Permission denied
Here are the details you should need:
Httpd is running as apache/apache.
I have added apache as part of the smmsp group in /etc/group.

Permissions for /var/spool/clientmqueue:
Code:
drwxrwx---   2 smmsp  smmsp     4096 Sep  7 14:36 clientmqueue
For some reason, even though httpd should be running as apache/apache, but apache is also part of the smmsp group, it should have write permissions on the clientmqueue directory. If I just make the directory permissions 0777 then I get these errors in the log:
Code:
Sep  7 14:55:45 jusme sendmail[26159]: dangerous permissions=40777 on queue directory /var/spool/clientmqueue/
Sep  7 14:55:45 jusme sendmail[26159]: j87LtjT9026159: SYSERR(apache): collect: Cannot write ./dfj87LtjT9026159 (bfcommit, uid=48, gid=48): Permission denied
Sep  7 14:55:45 jusme sendmail[26159]: j87LtjT9026159: from=apache, size=39, class=0, nrcpts=1, relay=apache@localhost
Sep  7 14:55:45 jusme sendmail[26159]: j87LtjT9026159:   0: fl=0x0, mode=10600: FIFO: dev=0/7, ino=319044, nlink=1, u/gid=48/48, size=0
Sep  7 14:55:45 jusme sendmail[26159]: j87LtjT9026159:   1: fl=0x1, mode=20666: CHR: dev=0/13, ino=1989, nlink=1, u/gid=0/0, size=0
Sep  7 14:55:45 jusme sendmail[26159]: j87LtjT9026159:   2: fl=0x2, mode=20666: CHR: dev=0/12, ino=444, nlink=1, u/gid=0/0, size=0
Sep  7 14:55:45 jusme sendmail[26159]: j87LtjT9026159:   3: fl=0x2, mode=140777: SOCK localhost->[[UNIX: /dev/log]]
Sep  7 14:55:45 jusme sendmail[26159]: j87LtjT9026159:   4: fl=0x1, mode=20666: CHR: dev=0/13, ino=1989, nlink=1, u/gid=0/0, size=0
Sep  7 14:55:45 jusme sendmail[26159]: j87LtjT9026159: SYSERR(apache): queueup: cannot create queue file ./qfj87LtjT9026159, euid=48, fd=-1, fp=0x0: Permission denied
If anyone needs more info, or needs to see my submit.cf or something I can post further details. I've seen this problem posted about 100 different times on different forums but I have yet to find a solution. Most people just go "oh, I forgot to check permissions on clientmqueue, now it works!" But my permissions match the sendmail install, and also apache is part of the smmsp group as I have it configured so permissions of 770 should allow httpd running as apache/apache to write to that directory, but it can't even chdir to it. Permissions of 777 will allow httpd to chdir, but it can't write anything. It makes no sense whatsoever. I figure it probably has something to do with my submit.cf, so if someone needs to see a part of that I'll post it, but I haven't messed with it from the initial install I don't think.

Oh, also here's a snippet from my /etc/passwd and /etc/group files unless you don't believe my configuration posted above or something:
Code:
#grep smmsp /etc/passwd /etc/group
/etc/passwd:smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
/etc/group:smmsp:x:51:apache

Thanks for your replies,
Ross
 
Old 09-08-2005, 11:42 AM   #2
jusme
LQ Newbie
 
Registered: Sep 2005
Posts: 14

Original Poster
Rep: Reputation: 0
Ok I solved my problem, I'll try to provide as much details as I can about what was happening. First let me preface this by saying that in the process I upgraded sendmail, httpd, and php (in that order) to their newest versions and then replaced the conf files with the original backed-up ones to make sure it wasn't a version mismatch. With stuff like this though (and the errors I was getting) it almost never turns out to be an error mismatch.

Basically what it came down to seemingly was a combination of three things:
SELinux Security Policy was messed up on /usr/sbin/sendmail...solution: #restorecon /usr/sbin/sendmail
SELinux Security Policy was messed up on /var/spool/clientmqueue and /var/spool/mqueue...solution: #restorecon /var/spool/clientmqueue /var/spool/mqueue

Permissions for clientmqueue should still be exactly as in my previous post (at least for RH Fedora Core 3, but probably other distro's too), and permissions for mqueue should not need to be modified unless you are specifically using mqueue for your apache mail delivery system. Permissions on that folder are (and should remain):

Code:
drwx------   2 root   wheel     4096 Sep  8 09:34 mqueue
Basically what I found out from all this is that the file permissions are not the only thing controlling file permissions. I know that sounds like it doesn't make any sense, and it doesn't at first, which is why I said it made absolutely no sense in my previous post that even with 0777 permissions on clientmqueue, apache still could not write to it. Apparently SELinux is another security policy system, other than just the basic file permissions, that controls access as well. I'm not familiar with SELinux at all, otherwise I probably would have figured this out right away. Apparently just doing a #restorecon /path/to/file/or/folder will reset the security policy to whatever it needs to be. I don't know how to manually go in and set the security policy in the same way you can do a chmod with file permissions, and I'm also not sure how the security policy got changed. I don't think I ever tried to send mail via php on this system before though, so maybe the policy with my RH Fedora Core 3 install was just bad to begin with. If not then it's curious that the policy just changed on me. I saw other users mention that you can download an RPM with the newest security policy as well, but instead of doing that I just opted to repair the individual files in question with restorecon, and it worked for me.

If anyone has this same problem and hasn't found help in any of the other numerous discussions on this particular php/apache/sendmail permissions problem, I would be willing to help as much as I can. Since I've spent about two days on and off on this problem I feel pretty qualified to help other people with the same issues that I had. If you need help just reply to this post and I'll get an email because I'm subscribed to this post.

Thanks,
Ross
 
Old 09-15-2005, 11:23 AM   #3
csamcs
LQ Newbie
 
Registered: Sep 2005
Posts: 1

Rep: Reputation: 0
you rule.. i've been trying to figure this out on and off for about a week.

i still have other problems- but in all that I read this was the first thing that solved those permission denied queue errors right away.

I too wondered how it was possible to get permission denied on a directory that was set to +777....

thanks again.
 
Old 04-29-2008, 09:15 AM   #4
uranium237
LQ Newbie
 
Registered: Apr 2008
Posts: 2

Rep: Reputation: 1
Quote:
Originally Posted by jusme View Post
Hi all,

I'll try to post as many details as possible so people don't have to reply back thousands of times asking for more info and what the permissions are for this or that. Basically here's what happens, the mail() function in PHP doesn't work, the outgoing mail doesn't go anywhere.

The sendmail error log shows:
Code:
Sep  7 14:52:38 jusme sendmail[26105]: NOQUEUE: SYSERR(apache): can not write to queue directory /var/spool/clientmqueue/ (RunAsGid=48, required=51): Permission denied
Run the following command
Code:
getsebool httpd_can_sendmail
What is the result? It looks like selinux blocks access to sendmail for apache.
 
1 members found this post helpful.
Old 04-29-2008, 10:24 AM   #5
jusme
LQ Newbie
 
Registered: Sep 2005
Posts: 14

Original Poster
Rep: Reputation: 0
When I ran that command it returned an error that it couldn't find an active rule for httpd_can_sendmail. That's probably though because after the issue in my original post I just turned off SELinux completely. I don't really run a multi-user system so I don't have any need for fancy security policies that just serve to confuse me because it's not at all apparent what's happening with permissions behind the scenes. In Windows anyway I can always right-click and choose "Security" to see what the specific security policy is governing the file/folder in question. I'm willing to bet SELinux has a similar interface in Fedora but I'm command-line only so that doesn't help me much. I just like to keep things simple so I don't confuse myself.
 
Old 02-21-2011, 11:18 PM   #6
makavelistein
LQ Newbie
 
Registered: Aug 2010
Posts: 2

Rep: Reputation: 0
Quote:
Originally Posted by uranium237 View Post
Run the following command
Code:
getsebool httpd_can_sendmail
What is the result? It looks like selinux blocks access to sendmail for apache.
Yup it was the SEbool.

Thanks for the help!
 
Old 08-18-2012, 02:35 PM   #7
piradeep
LQ Newbie
 
Registered: May 2012
Distribution: RedHat/CentOS
Posts: 27

Rep: Reputation: Disabled
Thank you guys. your discussion solved my problem. Thanks again.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
problem with my sendmail and php nshoboul Linux - Networking 3 04-23-2007 02:25 AM
Sending mail with PHP and sendmail. davemar Linux - General 10 06-11-2004 04:48 PM
sendmail and PHP mail() function tudekoen Debian 1 05-09-2004 03:53 AM
sendmail and PHP mail() function tudekoen Linux - Software 0 05-08-2004 04:45 PM
sendmail - PHP problem munkus Linux - General 0 02-22-2003 05:55 PM


All times are GMT -5. The time now is 01:21 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration