On Thu, 2012-05-03 at 10:33 +0100, Colin Coles wrote: > On Wednesday 02 May 2012, Alan M. Evans wrote: > > Hello all... > > > > I maintain an amateurish email list for my wife's website on my CentOS 6 > > server. Once-a-month, she sends mail to "mylistaddr at mydomain.com" and > > the /etc/aliases file redirects that to my script: > > > > mylistaddr: "| /usr/bin/php-cgi /var/www/html/mydomain/email-cgi.php" > > > > The script, in turn, reads the recipient addresses out of a DB and > > composes and sends the mails. This all worked great until this month's > > mailing. > > > > Now sendmail just bounces the mail back "554 5.3.0 unknown mailer error > > 255". When I see programs complaining about "unknown" conditions, I > > usually suspect SELinux first, and sure enough... > > > > setenforce 0 > > > > then everything works like a charm. I wonder what changed between last > > month and this month? > > > > Anyway, I checked the audit.log file and found the relevant AVC denials. > > I created a local policy (audit2allow) to circumvent the denials, which > > helpfully prevented the denial messages in audit.log. But the maillist > > script still fails identically as long as SELinux is enforcing. And now > > nothing shows up in audit.log. > > > > So SELinux is preventing sendmail from calling my maillist script and > > not reporting the reason. How do I go about figuring out what's broken > > and how to fix it? > > Do you have the httpd_can_sendmail boolean on? Yes. -- Mae fy hofrenfad i yn llawn llysywod