Solved

php mail function on selinux enabled server

Posted on 2010-08-16
6
974 Views
Last Modified: 2013-12-18
I use php mail function to send emails on different RHEL server without a problem.

When I try to use the same script on RHEL server with selinux enabled I get following error.

 (reason: 550 5.7.1 Unable to relay for person@company.com)

Sendmail is working on this server, internal emails are getting sent to root and user1 etc.  They just don't make it to the regular email addresses.

With semanage I see:
smtp_port_t                    tcp      25


with iptables I see:

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:smtp


0
Comment
Question by:mcgilljd
  • 3
  • 3
6 Comments
 
LVL 77

Expert Comment

by:arnold
ID: 33448233
The issue is not with selinux but with the configuration of the mail server.
You using an SMTP session to send an email through a mail server.
This seems to be a limit on the mail server that you use.   I.e. how you connect to the mail server process it does not have your system's IP as allowed to relay.

Check the /var/log/maillog to see whether your mailing attempt is seen as coming from an IP that is not allowed to relay.
Check the /etc/mail configuration and you would either need to make sure that you grant the IP relay rights or configure your mailing function to use the localhost IPversus the LAN IP.
Or better still pipe the message into sendmail.
0
 

Author Comment

by:mcgilljd
ID: 33448288
I am using php  mail($to_input,$subject,$message,$headers);

On the other server, it looks like it is coming from apache.
0
 

Author Comment

by:mcgilljd
ID: 33448354
How do I ?

"Or better still pipe the message into sendmail."
0
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

 
LVL 77

Expert Comment

by:arnold
ID: 33448971
Ok, Do you get the 571 error message in the bounce (NDR)?

I.e. your local server takes the message and then tried to either send it through another server where it does not have relay rights.

You need to check the configuration of the local sendmail i.e. does it use a smarthost and if so, is the referneced smarthost configured to allow the webserver to relay?

http://www.w3schools.com/PHP/php_ref_mail.asp
I.e. web server/local smtp
Check the /var/log/maillog on the web server to see what happens to the message.
Based on the system to which it connects, you need to check it if it is internal. IF it is external I.E. ISP's Mailserver, you need to check why the web server's IP is not allowed to relay.

I believe that the issue is with the sendmail configuration/setup versus selinux.

For selinux, the mailing would not even be delivered to the sendmail process, and you would have sealert messages in /var/log/messages. as well as /var/log/audit/audit.log or /var/log/security/audit.log depending on your Linux distribution.
0
 

Author Comment

by:mcgilljd
ID: 33455673
You are on the right track, it doesn't look like selinux is the problem.

It looks like my specific problem is caused by the smarthost not recognizing the domain name.  It sees it as:      user1@machine1.mycompany.com    

If it saw it as user1@mycompany.com , I think it would work.

The smarthost is picking that up from somewhere, it is not what I am using as my $from: in the php script.

How do I get it to see me as  user1@mycompany.com
0
 
LVL 77

Accepted Solution

by:
arnold earned 500 total points
ID: 33455953
This means that the smarthost is not configured to allow this host to relay.  All host when properly configured, accept emails destined for domains that they serve.

The smarthost is rearely configured to allow relaying based on the sender's email since there is no real way to verify the sender during an SMTP session.

The sender email is determined by From: and you may need to include it in the $headers that contains lines of additional headers.
Reerence: Example 2:
http://www.w3schools.com/PHP/func_mail_mail.asp


The other issue is that the From: header entry is not necessarily always the sender i.e. the email seen by the mail server as the sender (envelope sender).  This is a parameter set using the -f option passed to sendmail.




0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Granting full access permission allows users to access mailboxes present in their database. By giving full access permission one can open and read the content of any mailbox but cannot send emails from that mailbox.
Fine Tune your automatic Updates for Ubuntu / Debian
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question