php mail function on selinux enabled server

I use php mail function to send emails on different RHEL server without a problem.

When I try to use the same script on RHEL server with selinux enabled I get following error.

 (reason: 550 5.7.1 Unable to relay for person@company.com)

Sendmail is working on this server, internal emails are getting sent to root and user1 etc.  They just don't make it to the regular email addresses.

With semanage I see:
smtp_port_t                    tcp      25


with iptables I see:

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:smtp


mcgilljdAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

arnoldCommented:
The issue is not with selinux but with the configuration of the mail server.
You using an SMTP session to send an email through a mail server.
This seems to be a limit on the mail server that you use.   I.e. how you connect to the mail server process it does not have your system's IP as allowed to relay.

Check the /var/log/maillog to see whether your mailing attempt is seen as coming from an IP that is not allowed to relay.
Check the /etc/mail configuration and you would either need to make sure that you grant the IP relay rights or configure your mailing function to use the localhost IPversus the LAN IP.
Or better still pipe the message into sendmail.
0
mcgilljdAuthor Commented:
I am using php  mail($to_input,$subject,$message,$headers);

On the other server, it looks like it is coming from apache.
0
mcgilljdAuthor Commented:
How do I ?

"Or better still pipe the message into sendmail."
0
Webinar: Miercom Evaluates Wi-Fi Security

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom how WatchGuard's Wi-Fi security stacks up against the competition in our upcoming webinar!

arnoldCommented:
Ok, Do you get the 571 error message in the bounce (NDR)?

I.e. your local server takes the message and then tried to either send it through another server where it does not have relay rights.

You need to check the configuration of the local sendmail i.e. does it use a smarthost and if so, is the referneced smarthost configured to allow the webserver to relay?

http://www.w3schools.com/PHP/php_ref_mail.asp
I.e. web server/local smtp
Check the /var/log/maillog on the web server to see what happens to the message.
Based on the system to which it connects, you need to check it if it is internal. IF it is external I.E. ISP's Mailserver, you need to check why the web server's IP is not allowed to relay.

I believe that the issue is with the sendmail configuration/setup versus selinux.

For selinux, the mailing would not even be delivered to the sendmail process, and you would have sealert messages in /var/log/messages. as well as /var/log/audit/audit.log or /var/log/security/audit.log depending on your Linux distribution.
0
mcgilljdAuthor Commented:
You are on the right track, it doesn't look like selinux is the problem.

It looks like my specific problem is caused by the smarthost not recognizing the domain name.  It sees it as:      user1@machine1.mycompany.com    

If it saw it as user1@mycompany.com , I think it would work.

The smarthost is picking that up from somewhere, it is not what I am using as my $from: in the php script.

How do I get it to see me as  user1@mycompany.com
0
arnoldCommented:
This means that the smarthost is not configured to allow this host to relay.  All host when properly configured, accept emails destined for domains that they serve.

The smarthost is rearely configured to allow relaying based on the sender's email since there is no real way to verify the sender during an SMTP session.

The sender email is determined by From: and you may need to include it in the $headers that contains lines of additional headers.
Reerence: Example 2:
http://www.w3schools.com/PHP/func_mail_mail.asp


The other issue is that the From: header entry is not necessarily always the sender i.e. the email seen by the mail server as the sender (envelope sender).  This is a parameter set using the -f option passed to sendmail.




0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Servers

From novice to tech pro — start learning today.