[CentOS] SELinux prevents my PHP script from sending mail

Thu May 3 09:33:37 UTC 2012
Colin Coles <colin at wemoto.com>

On Wednesday 02 May 2012, Alan M. Evans wrote:
> Hello all...
> 
> I maintain an amateurish email list for my wife's website on my CentOS 6
> server. Once-a-month, she sends mail to "mylistaddr at mydomain.com" and
> the /etc/aliases file redirects that to my script:
> 
> mylistaddr: "| /usr/bin/php-cgi /var/www/html/mydomain/email-cgi.php"
> 
> The script, in turn, reads the recipient addresses out of a DB and
> composes and sends the mails. This all worked great until this month's
> mailing.
> 
> Now sendmail just bounces the mail back "554 5.3.0 unknown mailer error
> 255". When I see programs complaining about "unknown" conditions, I
> usually suspect SELinux first, and sure enough...
> 
> setenforce 0
> 
> then everything works like a charm. I wonder what changed between last
> month and this month?
> 
> Anyway, I checked the audit.log file and found the relevant AVC denials.
> I created a local policy (audit2allow) to circumvent the denials, which
> helpfully prevented the denial messages in audit.log. But the maillist
> script still fails identically as long as SELinux is enforcing. And now
> nothing shows up in audit.log.
> 
> So SELinux is preventing sendmail from calling my maillist script and
> not reporting the reason. How do I go about figuring out what's broken
> and how to fix it?

Do you have the httpd_can_sendmail boolean on?