mail() not working when executed by web server

StackOverflow https://stackoverflow.com/questions/23567167

  •  19-07-2023
  •  | 
  •  

Question

Details:

  • OS: CentOS
  • Web Server: apache 2.2
  • PHP version: 5.3.3
  • MTA: Postfix

sendmail.php:

<?php
    mail('example@example.com','subject','message');
?>

When I type the command php sendmail.php, this function is working normal, but when executed by web server through brower, mail() is not working.

Why is it happening?

Was it helpful?

Solution

Typically, when working on Centos and I have issues where things work on the command line and not in browser it is a SELinux issue. Trying checking the status of SELinux by typeing

getenforce

If SELinux is enforcing, temporarily set it to permissive mode by typing

setenforce 0

Retry the mail function. If it succeeds you've got issues with SELinux labeling.

Here are two links to help you with that.

https://wiki.gentoo.org/wiki/SELinux/Tutorials/Permissive_versus_enforcing http://wiki.centos.org/HowTos/SELinux

Basically you'll need to relabel the processes that the browser is trying to use to 'httpd_sys_content_t' you can check the current labels by listing the directory where your php file is residing. with the Z option

cd /var/www/html/    
ls -lahZ

your label should like something like this:

-rwxrwx-rx. root apache(whatever your apache user  group is) unconfined_u:object_r:httpd_sys_content_t:s0

If it doesn't look like that, apache can't execute the file and that's why it's not sending.

To change the label you need to execute chcon on the file(s) that are giving you issues:

cd /var/www/html/project_directory
chcon -v --type=httpd_sys_content_t sendmail.php

Also note that setenforce 0 will not persist a reboot and you should turn SELinux back to enforcing with

setenforce 1

After proving that the mail will send in SELinux permissive mode, if the above does not fix your problem, the next issue could be SELinux booleans. you can see a list of all the booleans with this command:

getsebool -a

This is a pretty daunting list, and we only want the booleans dealing with apache, httpd. So lets grep for that and pipe it through less.

getsebool -a | grep 'httpd' | less

That gives us a much more manageable list. You should see a boolean called 

httpd_can_sendmail

It probably looks like this:

httpd_can_sendmail --> off

We want that to be turned on. You do that with this command

setsebool -P httpd_can_sendmail on

Note the -P, that makes this change persist a machine reboot. http://wiki.centos.org/TipsAndTricks/SelinuxBooleans

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top