Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

php mail function on selinux enabled server

Posted on 2010-08-16
6
Medium Priority
?
995 Views
Last Modified: 2013-12-18
I use php mail function to send emails on different RHEL server without a problem.

When I try to use the same script on RHEL server with selinux enabled I get following error.

 (reason: 550 5.7.1 Unable to relay for person@company.com)

Sendmail is working on this server, internal emails are getting sent to root and user1 etc.  They just don't make it to the regular email addresses.

With semanage I see:
smtp_port_t                    tcp      25


with iptables I see:

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:smtp


0
Comment
Question by:mcgilljd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 80

Expert Comment

by:arnold
ID: 33448233
The issue is not with selinux but with the configuration of the mail server.
You using an SMTP session to send an email through a mail server.
This seems to be a limit on the mail server that you use.   I.e. how you connect to the mail server process it does not have your system's IP as allowed to relay.

Check the /var/log/maillog to see whether your mailing attempt is seen as coming from an IP that is not allowed to relay.
Check the /etc/mail configuration and you would either need to make sure that you grant the IP relay rights or configure your mailing function to use the localhost IPversus the LAN IP.
Or better still pipe the message into sendmail.
0
 

Author Comment

by:mcgilljd
ID: 33448288
I am using php  mail($to_input,$subject,$message,$headers);

On the other server, it looks like it is coming from apache.
0
 

Author Comment

by:mcgilljd
ID: 33448354
How do I ?

"Or better still pipe the message into sendmail."
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
LVL 80

Expert Comment

by:arnold
ID: 33448971
Ok, Do you get the 571 error message in the bounce (NDR)?

I.e. your local server takes the message and then tried to either send it through another server where it does not have relay rights.

You need to check the configuration of the local sendmail i.e. does it use a smarthost and if so, is the referneced smarthost configured to allow the webserver to relay?

http://www.w3schools.com/PHP/php_ref_mail.asp
I.e. web server/local smtp
Check the /var/log/maillog on the web server to see what happens to the message.
Based on the system to which it connects, you need to check it if it is internal. IF it is external I.E. ISP's Mailserver, you need to check why the web server's IP is not allowed to relay.

I believe that the issue is with the sendmail configuration/setup versus selinux.

For selinux, the mailing would not even be delivered to the sendmail process, and you would have sealert messages in /var/log/messages. as well as /var/log/audit/audit.log or /var/log/security/audit.log depending on your Linux distribution.
0
 

Author Comment

by:mcgilljd
ID: 33455673
You are on the right track, it doesn't look like selinux is the problem.

It looks like my specific problem is caused by the smarthost not recognizing the domain name.  It sees it as:      user1@machine1.mycompany.com    

If it saw it as user1@mycompany.com , I think it would work.

The smarthost is picking that up from somewhere, it is not what I am using as my $from: in the php script.

How do I get it to see me as  user1@mycompany.com
0
 
LVL 80

Accepted Solution

by:
arnold earned 2000 total points
ID: 33455953
This means that the smarthost is not configured to allow this host to relay.  All host when properly configured, accept emails destined for domains that they serve.

The smarthost is rearely configured to allow relaying based on the sender's email since there is no real way to verify the sender during an SMTP session.

The sender email is determined by From: and you may need to include it in the $headers that contains lines of additional headers.
Reerence: Example 2:
http://www.w3schools.com/PHP/func_mail_mail.asp


The other issue is that the From: header entry is not necessarily always the sender i.e. the email seen by the mail server as the sender (envelope sender).  This is a parameter set using the -f option passed to sendmail.




0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question