httpd can't send mails

Mon Jul 2 20:25:55 UTC 2007

Shintaro Fujiwara wrote:
>> I tryed to send mails using a php scripts that calls mail() but when
>>     
> I 
>   
>> do it I get this avc:
>> audit(1183392777.651:14): avc:  denied  { read } for  pid=25048 
>> comm="sendmail" name="[79366]" dev=eventpollfs ino=79366 
>> scontext=user_u:system_r:system_mail_t:s0 
>> tcontext=user_u:system_r:httpd_t:s0 tclass=file
>> the boolean "httpd_can_sendmail" is enabled (true).
>> I restarted the httpd and sendmail service after doing so... but
>>     
> still 
>   
>> no success.
>> Any ideas?
>>     
>
> Hi,
>
> Why don't you edit policy and update them ?
> Maybe you can do it edditing a few files, and
> typing several commands.
>
> If you using postfix, here's what I did.
> I made interface for postfix.
>
> ########################################
> ## <summary>
> ##      for xoops sending mail from postfix.
> ## </summary>
> ## <param name="domain">
> ##      Domain allowed to sending mails.
> ## </param>
> #
>
> interface(`xoops_send_mail_by_postfix',`
>         gen_require(`
>                 type bin_t;
>                 type smtp_port_t;
>                 type sendmail_exec_t;
>         ')
>         allow $1 bin_t:dir search;
>         allow $1 smtp_port_t:tcp_socket { name_connect send_msg
> recv_msg };
>         allow $1 sendmail_exec_t:file { execute execute_no_trans getattr
> read };
> ')
>
>
> 1. I downloaded source of refpolicy.
> 2. I copied postfix ones and apache ones to /usr/share/selinux/devel.
> 3. I edited first line of postfix.te so that the version number becoming
> larger than the original one.
> 4. I added above interface to postfix.if.
> 5. I added xoops_send_mail_by_postfix(httpd_t) to apache.te and also
> edited first line like postfix.
> 6. #make clean
> 7. #make
> 8. #semodule -u postfix.pp
> 9. #semodule -u apache.pp
>
>   
did this fix this kind of avcs for you?