Sendmail Errors when Sending via PHP

Question

I'm trying to setup a new help desk program (Kayako), but I'm having problems relaying the mail to our mail server.

Here's the error I'm getting:

sendmail[2371]: NOQUEUE: SYSERR(apache): can not chdir(/var/spool/clientmqueue/): Permission denied

I changed ownership on the clientmqueue folder to smmsp:apache with the same 770 permissions as it normally has, however the error still occurs.

score 0 · Answer 1 · answered Jul 25 '12 at 22:35

0

According to the "bat book" (4th edition, page 168) the recommended permissions for the directory are:

chown smmsp:smmsp clientmqueue
chmod 0770 clientmqueue

answered Jul 25 '12 at 22:35

adamo

6,925
3
30
58

That's what I had them set to originally, but I changed it because of the error I keep getting. I'm assuming the 'Permission denied' error was because Apache didn't have ownership. Turning off SELinux enforcement didn't help, either. – tacotuesday Jul 25 '12 at 23:22
Did you reboot the machine after turning SELinux off? – adamo Jul 26 '12 at 06:08
[Here's how someone else solved this](http://dailyweedhound.blogspot.gr/2010/05/noqueue-syserrapache-can-not.html) *sudo setsebool -P httpd_can_sendmail on* – adamo Jul 26 '12 at 06:09
Interesting. I'll have to try that tomorrow. Thanks! – tacotuesday Jul 26 '12 at 07:42

tylerl · Answer 2 · 2012-07-26T00:53:02.907

0

Sendmail should be running setgid, otherwise the mail queue would have to be writable by PHP. It sounds like this is not the case on your server.

edited Jul 26 '12 at 00:53

answered Jul 25 '12 at 23:46

tylerl

15,055
7
51
72

Sounds like a major security risk to me. – tacotuesday Jul 26 '12 at 00:12
`-rwxr-sr-x. 1 root smmsp 839880 Jun 25 11:31 /usr/sbin/sendmail.sendmail` – Michael Hampton Jul 26 '12 at 00:41
1

@nojak well then, if you know what you're doing then you set it up however you want. – tylerl Jul 26 '12 at 00:52
I was just wondering if there was any other way to get it working. I appreciate the response, but it sounds risky. If you would like to clarify why it's not a potential security risk, or if that's the only way to get it working, that would be much more appreciate than a snide remark. – tacotuesday Jul 26 '12 at 01:58
Unfortunately the suggestion didn't work... Same error. Thanks again for the response, though. Much appreciated. – tacotuesday Jul 26 '12 at 02:04
Do you restart sendmail after your changes? – adamo Jul 26 '12 at 06:07
@adamo Yeah, I restarted it. – tacotuesday Jul 26 '12 at 07:40

score 0 · Accepted Answer · answered Aug 09 '12 at 16:14

So, I ended up starting from scratch, just to make sure I only had the minimal install on there, and that there weren't any conflicting packages.

SELinux was still keeping me from connecting to the external mail server, however.

I would receive warnings like this:

[Warning]: stream_socket_client(): unable to connect to mail.mydomain.com:25 (Permission denied) (Transport/StreamBuffer.php:263)

I found that I needed to allow HTTPD scripts and modules to connect to the network by setting an SELinux boolean for httpd_can_network_connect to on.

I did this by running the following command: setsebool -P httpd_can_network_connect on

If you don't use the -P flag, the change is not saved to the policy file, and will not persist through reboots.

Just thought I'd post this for anyone else that runs into a similar issue. I believe that httpd_can_network_connect not being set to on was causing the sendmail error as well.

Sendmail Errors when Sending via PHP

3 Answers3