Erik Bloodaxe wrote:
Erik Bloodaxe wrote:
I have configured sendmail to run in daemon only mode i.e. in
/etc/sysconfig/sendmail I have:
DAEMON=no
QUEUE=15m
I has assumed that sendmail would then when invoked either put the
mail in the queue or route it directly.
However php scripts that send mail before no longer work and when I
try sendmail manually I get:
sealert -l 1234bd2e-d089-4a6f-9c5e-ff629f6189ee
That is I get the above in /var/log/messages which tells me:
Summary:
SELinux is preventing sendmail (system_mail_t) "read" to eventpoll
(httpd_t).
Detailed Description:
SELinux denied access requested by sendmail. It is not expected that
this access
is required by sendmail and this access may signal an intrusion attempt.
It is
also possible that the specific version or configuration of the
application is
causing it to require additional access.
Allowing Access:
Sometimes labeling problems can cause SELinux denials. You could try to
restore
the default system file context for eventpoll,
restorecon -v 'eventpoll'
If this does not work, there is currently no automatic way to allow this
access.
Instead, you can generate a local policy module to allow this access -
see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can
disable
SELinux protection altogether. Disabling SELinux protection is not
recommended.
Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Additional Information:
Source Context root:system_r:system_mail_t
Target Context root:system_r:httpd_t
Target Objects eventpoll [ file ]
Source sendmail
Source Path /usr/sbin/sendmail.sendmail
Port <Unknown>
Host uranus.gold.ac.uk.
Source RPM Packages sendmail-8.13.8-2.el5
Target RPM Packages
Policy RPM selinux-policy-2.4.6-137.el5
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall_file
Host Name uranus.gold.ac.uk.
Platform Linux uranus.gold.ac.uk. 2.6.18-92.el5 #1
SMP Tue
Apr 29 13:16:15 EDT 2008 x86_64 x86_64
Alert Count 2
First Seen Mon Jun 2 09:07:19 2008
Last Seen Mon Jun 2 10:18:19 2008
Local ID 1234bd2e-d089-4a6f-9c5e-ff629f6189ee
Line Numbers
Raw Audit Messages
host=uranus.gold.ac.uk. type=AVC msg=audit(1212398299.646:500): avc:
denied { read } for pid=24757 comm="sendmail" path="eventpoll:[30386]"
dev=eventpollfs ino=30386 scontext=root:system_r:system_mail_t:s0
tcontext=root:system_r:httpd_t:s0 tclass=file
host=uranus.gold.ac.uk. type=SYSCALL msg=audit(1212398299.646:500):
arch=c000003e syscall=59 success=yes exit=0 a0=18b17fe0 a1=18b18050
a2=18b17110 a3=3 items=0 ppid=11505 pid=24757 auid=0 uid=48 gid=48
euid=48 suid=48 fsuid=48 egid=51 sgid=51 fsgid=51 tty=(none) ses=3
comm="sendmail" exe="/usr/sbin/sendmail.sendmail"
subj=root:system_r:system_mail_t:s0 key=(null)
Is is possible to configure sendmail to queue mail or send it directly
with out running a listner on 127.0.0.1
Seems to me sendmail is being invoked as you wish, but that your selinux
policy prevents it from doing its job.
I see two choices:
1. Learn to write selinux policies.
2. Configure sendmail to run as a daemon, listening on 127.0.0.1 and php
to send mail by smtp.
3. Configure php to send by smtp to another host that will relay the mail.
--
Cheers
John
-- spambait
[EMAIL PROTECTED] [EMAIL PROTECTED]
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
