-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/03/2012 10:02 AM, Alan M. Evans wrote: > On Thu, 2012-05-03 at 06:54 -0700, Alan M. Evans wrote: >> On Thu, 2012-05-03 at 10:33 +0100, Colin Coles wrote: >>> On Wednesday 02 May 2012, Alan M. Evans wrote: >>>> Hello all... >>>> >>>> I maintain an amateurish email list for my wife's website on my >>>> CentOS 6 server. Once-a-month, she sends mail to >>>> "mylistaddr at mydomain.com" and the /etc/aliases file redirects that to >>>> my script: >>>> >>>> mylistaddr: "| /usr/bin/php-cgi >>>> /var/www/html/mydomain/email-cgi.php" >>>> >>>> The script, in turn, reads the recipient addresses out of a DB and >>>> composes and sends the mails. This all worked great until this >>>> month's mailing. >>>> >>>> Now sendmail just bounces the mail back "554 5.3.0 unknown mailer >>>> error 255". When I see programs complaining about "unknown" >>>> conditions, I usually suspect SELinux first, and sure enough... >>>> >>>> setenforce 0 >>>> >>>> then everything works like a charm. I wonder what changed between >>>> last month and this month? >>>> >>>> Anyway, I checked the audit.log file and found the relevant AVC >>>> denials. I created a local policy (audit2allow) to circumvent the >>>> denials, which helpfully prevented the denial messages in audit.log. >>>> But the maillist script still fails identically as long as SELinux is >>>> enforcing. And now nothing shows up in audit.log. >>>> >>>> So SELinux is preventing sendmail from calling my maillist script >>>> and not reporting the reason. How do I go about figuring out what's >>>> broken and how to fix it? >>> >>> Do you have the httpd_can_sendmail boolean on? >> >> Yes. > > Actually, just looking at my own description and I realize that the subject > should read that SELinux is preventing my script from *receiving* mail, not > sending mail. Various scripts on the site send mail all the time with no > problem. It's the execution (via the aliases file) of email-cgi.php that > fails. > > -Alan > > > _______________________________________________ CentOS mailing list > CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos What AVC messages are you seeing? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk+ik/IACgkQrlYvE4MpobP4xACghLKXTF4anbHyWXRLAuxbOKnw +dYAoKAHJnw2tnGvpWgEAAuw+FVIanxE =9s7r -----END PGP SIGNATURE-----