[CentOS] SELinux prevents my PHP script from sending mail

Wed May 2 21:36:04 UTC 2012
Alan M. Evans <ame1 at extratech.com>

Hello all...

I maintain an amateurish email list for my wife's website on my CentOS 6
server. Once-a-month, she sends mail to "mylistaddr at mydomain.com" and
the /etc/aliases file redirects that to my script:

mylistaddr: "| /usr/bin/php-cgi /var/www/html/mydomain/email-cgi.php"

The script, in turn, reads the recipient addresses out of a DB and
composes and sends the mails. This all worked great until this month's
mailing.

Now sendmail just bounces the mail back "554 5.3.0 unknown mailer error
255". When I see programs complaining about "unknown" conditions, I
usually suspect SELinux first, and sure enough...

setenforce 0

then everything works like a charm. I wonder what changed between last
month and this month?

Anyway, I checked the audit.log file and found the relevant AVC denials.
I created a local policy (audit2allow) to circumvent the denials, which
helpfully prevented the denial messages in audit.log. But the maillist
script still fails identically as long as SELinux is enforcing. And now
nothing shows up in audit.log.

So SELinux is preventing sendmail from calling my maillist script and
not reporting the reason. How do I go about figuring out what's broken
and how to fix it?

-Alan