On Thu, 2012-05-03 at 06:54 -0700, Alan M. Evans wrote: > On Thu, 2012-05-03 at 10:33 +0100, Colin Coles wrote: > > On Wednesday 02 May 2012, Alan M. Evans wrote: > > > Hello all... > > > > > > I maintain an amateurish email list for my wife's website on my CentOS 6 > > > server. Once-a-month, she sends mail to "mylistaddr at mydomain.com" and > > > the /etc/aliases file redirects that to my script: > > > > > > mylistaddr: "| /usr/bin/php-cgi /var/www/html/mydomain/email-cgi.php" > > > > > > The script, in turn, reads the recipient addresses out of a DB and > > > composes and sends the mails. This all worked great until this month's > > > mailing. > > > > > > Now sendmail just bounces the mail back "554 5.3.0 unknown mailer error > > > 255". When I see programs complaining about "unknown" conditions, I > > > usually suspect SELinux first, and sure enough... > > > > > > setenforce 0 > > > > > > then everything works like a charm. I wonder what changed between last > > > month and this month? > > > > > > Anyway, I checked the audit.log file and found the relevant AVC denials. > > > I created a local policy (audit2allow) to circumvent the denials, which > > > helpfully prevented the denial messages in audit.log. But the maillist > > > script still fails identically as long as SELinux is enforcing. And now > > > nothing shows up in audit.log. > > > > > > So SELinux is preventing sendmail from calling my maillist script and > > > not reporting the reason. How do I go about figuring out what's broken > > > and how to fix it? > > > > Do you have the httpd_can_sendmail boolean on? > > Yes. Actually, just looking at my own description and I realize that the subject should read that SELinux is preventing my script from *receiving* mail, not sending mail. Various scripts on the site send mail all the time with no problem. It's the execution (via the aliases file) of email-cgi.php that fails. -Alan