Solved

php mail function on selinux enabled server

Posted on 2010-08-16
6
976 Views
Last Modified: 2013-12-18
I use php mail function to send emails on different RHEL server without a problem.

When I try to use the same script on RHEL server with selinux enabled I get following error.

 (reason: 550 5.7.1 Unable to relay for person@company.com)

Sendmail is working on this server, internal emails are getting sent to root and user1 etc.  They just don't make it to the regular email addresses.

With semanage I see:
smtp_port_t                    tcp      25


with iptables I see:

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:smtp


0
Comment
Question by:mcgilljd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 78

Expert Comment

by:arnold
ID: 33448233
The issue is not with selinux but with the configuration of the mail server.
You using an SMTP session to send an email through a mail server.
This seems to be a limit on the mail server that you use.   I.e. how you connect to the mail server process it does not have your system's IP as allowed to relay.

Check the /var/log/maillog to see whether your mailing attempt is seen as coming from an IP that is not allowed to relay.
Check the /etc/mail configuration and you would either need to make sure that you grant the IP relay rights or configure your mailing function to use the localhost IPversus the LAN IP.
Or better still pipe the message into sendmail.
0
 

Author Comment

by:mcgilljd
ID: 33448288
I am using php  mail($to_input,$subject,$message,$headers);

On the other server, it looks like it is coming from apache.
0
 

Author Comment

by:mcgilljd
ID: 33448354
How do I ?

"Or better still pipe the message into sendmail."
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 78

Expert Comment

by:arnold
ID: 33448971
Ok, Do you get the 571 error message in the bounce (NDR)?

I.e. your local server takes the message and then tried to either send it through another server where it does not have relay rights.

You need to check the configuration of the local sendmail i.e. does it use a smarthost and if so, is the referneced smarthost configured to allow the webserver to relay?

http://www.w3schools.com/PHP/php_ref_mail.asp
I.e. web server/local smtp
Check the /var/log/maillog on the web server to see what happens to the message.
Based on the system to which it connects, you need to check it if it is internal. IF it is external I.E. ISP's Mailserver, you need to check why the web server's IP is not allowed to relay.

I believe that the issue is with the sendmail configuration/setup versus selinux.

For selinux, the mailing would not even be delivered to the sendmail process, and you would have sealert messages in /var/log/messages. as well as /var/log/audit/audit.log or /var/log/security/audit.log depending on your Linux distribution.
0
 

Author Comment

by:mcgilljd
ID: 33455673
You are on the right track, it doesn't look like selinux is the problem.

It looks like my specific problem is caused by the smarthost not recognizing the domain name.  It sees it as:      user1@machine1.mycompany.com    

If it saw it as user1@mycompany.com , I think it would work.

The smarthost is picking that up from somewhere, it is not what I am using as my $from: in the php script.

How do I get it to see me as  user1@mycompany.com
0
 
LVL 78

Accepted Solution

by:
arnold earned 500 total points
ID: 33455953
This means that the smarthost is not configured to allow this host to relay.  All host when properly configured, accept emails destined for domains that they serve.

The smarthost is rearely configured to allow relaying based on the sender's email since there is no real way to verify the sender during an SMTP session.

The sender email is determined by From: and you may need to include it in the $headers that contains lines of additional headers.
Reerence: Example 2:
http://www.w3schools.com/PHP/func_mail_mail.asp


The other issue is that the From: header entry is not necessarily always the sender i.e. the email seen by the mail server as the sender (envelope sender).  This is a parameter set using the -f option passed to sendmail.




0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
managed Distribution list in postfix 2 20
Linux 3 38
Shrink Linux Swap File Size CentOS 10 33
How to fix Dual Server Conflict GitLab vs Apache2 3 23
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question