Clever Geek Handbook

Error while allowing sending mail from Apache + PHP without changing the resolution to 777

I cannot get sendmail to work with apache + php unless I change the permission to 777 for / var / spool / clientmqueue.

Ownership of / var / spool / clientmqueue

drwxrwxrwx 2 smmsp mail 4096 Jul 19 11:50 clientmqueue

I messed up user groups for smmsp and apache.

id apache
uid=48(apache) gid=48(apache) groups=48(apache),12(mail)

id mail
uid=12(mail) gid=12(mail) groups=12(mail),48(apache)

SELinux disabled

getsebool httpd_can_sendmail
getsebool: SELinux is disabled

In maillog if i set folder permission to 770

NOQUEUE: SYSERR(apache): can not write to queue directory
/var/spool/clientmqueue/ (RunAsGid=48, required=12): Permission denied

No mail will be sent and I am getting an error from php.

If I set the folder to 0777 I would instead get this in the maillog

dangerous permissions=40776 on queue directory /var/spool/clientmqueue/

But php will send mail fine.

Is it possible to make it work with 0770 while apache is read in group by mail. I know the error is getting apaches main GID 48, but it also splits group 12.

Any help would be awesome.

+3


source to share


2 answers


I had this identical problem today (and came here looking for an answer).

I ended up finding this review ; running the following command from this list fixed the problem for me:

chmod 4555 /usr/sbin/sendmail


This sets the setuid special mode in the sendmail binary, presumably allowing Apache to send mail as the mail user.

(I restarted both apache and sendmail daemons after starting, although I'm not sure which one really needs to be restarted)

I'm still very curious as to what caused this problem in the first place, however ...

+1


source


This trick did it for me. I had other errors before hitting this on an Ubuntu machine. Let me share this in case anyone else runs into them. I was getting NOQUEUE: SYSERR (www-data): cannot chdir (/ var / spool / mqueue-client /): permission denied.



usermod -a -G smmsp www-data
chmod 770 /var/spool/mqueue-client     (don't use 775, it gives dangerous permission error in the log)
service apache2 restart (this is required for the above to take effect)
Now sending email gives a different error.
- NOQUEUE: SYSERR(www-data): can not write to queue directory /var/spool/mqueue-client/
- chmod 4555 /usr/sbin/sendmail
- Above command fixed the email issue. => didn't see any error in the mail.log this time.
+1


source






More articles:


All Articles