Re: [SM-USERS] New Squirrelmail installation, can't connect to smtp server

Paul Lesniewski Tue, 30 Dec 2025 19:14:39 -0800

On Tue, December 30, 2025 9:46 pm, Jay Hart wrote:
>>
>>
>>>
>>>> Checking outgoing mail service....
>>>>
>>>>     ERROR: Error connecting to SMTP server "A.B.C.D:25".Server error:
>>>> (111) Connection refused
>>>>
>>>> NOTE: I obfuscated my internal ip network addresses above...
>>>>
>>>> I can't find anything wrong with my postfix config, telnet works just
>>>> fine
>>>> on port 25.
>>>>
>>>> I currently have selinux in 'permissive' mode as in 'Enforcing' mode I
>>>> was
>>>> not able to write to the attachment directory (maybe I have a
>>>> bigger issue here).
>>>>
>>>> Could I need to adjust the firewall rules??
>>>
>>> Take a look at them and make sure.
>>>
>>> Make sure you are telnetting from the same place SquirrelMail is
>>> running
>>> and that the address is exactly the same. If that works, sudo telnet as
>>> the same user apache is running as, since maybe apache user is
>>> prevented
>>> from connecting on the network.
>>>
>>
>> I have adjusted by firewall rules. How does the following look to you?
>>
>> [root@kevla conf.d]# firewall-cmd --list-all --permanent
>> public
>>   target: default
>>   icmp-block-inversion: no
>>   interfaces:
>>   sources:
>>   services: cockpit dhcpv6-client http https imap smtp ssh
>>   ports: 80/tcp 443/tcp
>>   protocols:
>>   forward: yes
>>   masquerade: no
>>   forward-ports:
>>   source-ports:
>>   icmp-blocks:
>>   rich rules:

You can also turn off the firewall to test.

>> I am configuring this box 'offline' and no direct connection to an
>> outgoing relay (as of yet).  Could that be part of my problem?  IOW, is
>> this an internal only issue or could it be related to no forwarding
>> relay server?

Then are you sure the machine is binding to the IP address you're using if
it is offline? If you are running apache on the same server as the SMTP
service, then why not use 127.0.0.1? It also happens to be a good idea
that you have a different service for accepting local mail which applies
separate policies compared to port 25 that is intended to accept mail from
untrusted external sources. In fact, why not use the submission service?


> I've dug a bit deeper here.
>
> Firewall configs are now...
>
> [root@kevla share]# firewall-cmd --list-all --permanent
> public
>   target: default
>   icmp-block-inversion: no
>   interfaces:
>   sources:
>   services: cockpit dhcpv6-client http https imap imaps smtp ssh
>   ports: 80/tcp 443/tcp 25/tcp 993/tcp 143/tcp 587/tcp
>   protocols:
>   forward: yes
>   masquerade: no
>   forward-ports:
>   source-ports:
>   icmp-blocks:
>   rich rules:
>
> I've ruled out the firewall being a possibility of the issue.
>
> I think my main problem seems to be shown below from the messages log
> file. I get these every time I run configtest.php and get the SMTP
> server above:
>
> Dec 30 16:04:32 kevla setroubleshoot[37707]: SELinux is preventing
> /usr/sbin/php-fpm from open access on the file
> /usr/share/squirrelmail/plugins/compatibility/functions.php.#012#012*****
> Plugin restorecon (92.2 confidence) suggests
> ************************#012#012If you want to fix the label.
> #012/usr/share/squirrelmail/plugins/compatibility/functions.php default
> label should be usr_t.#012Then you can run restorecon. The access attempt
> may have been stopped due to insufficient permissions to access
> a parent directory in which case try to change the following command
> accordingly.#012Do#012# /sbin/restorecon -v
> /usr/share/squirrelmail/plugins/compatibility/functions.php#012#012*****
> Plugin catchall_boolean (7.83 confidence) suggests
> ******************#012#012If you want to allow httpd to read user
> content#012Then you must tell SELinux about this by enabling the
> 'httpd_read_user_content' boolean.#012#012Do#012setsebool -P
> httpd_read_user_content 1#012#012*****  Plugin catchall (1.41 confidence)
> suggests   **************************#012#012If you believe that php-fpm
> should be allowed open access on the functions.php file by
> default.#012Then you should report this as a bug.#012You can generate a
> local policy module to allow this access.#012Do#012allow this
> access for now by executing:#012# ausearch -c 'php-fpm' --raw |
> audit2allow -M my-phpfpm#012# semodule -X 300 -i my-phpfpm.pp#012
>
> Here are the permissions for that particular file.
>
> [root@kevla log]# ls -lZ
> /usr/share/squirrelmail/plugins/compatibility/functions.php
> -rw-r--r--. 1 root root unconfined_u:object_r:user_home_t:s0 30611 Dec  6
> 2009 /usr/share/squirrelmail/plugins/compatibility/functions.php
>
> Looking at the plugin directories, and running 'ls -lZ', I see a mixture
> of permissions, such as:
>
> calendar:
> total 76
> -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0  6541 Dec 28 18:51
> calendar_data.php
> -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0  6770 Dec 28 18:51
> calendar.php
> -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0  6128 Dec 28 18:51
> day.php
> -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0  6716 Dec 28 18:51
> event_create.php
> -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0  5851 Dec 28 18:51
> event_delete.php
> -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0 12887 Dec 28 18:51
> event_edit.php
> -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0  5291 Dec 28 18:51
> functions.php
> -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0   499 Dec 28 18:51
> index.php
> -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0   887 Dec 28 18:51
> README
> -rw-r--r--. 1 root root unconfined_u:object_r:usr_t:s0   700 Dec 28 18:51
> setup.php
>
> compatibility:
> total 68
> drwxr-xr-x.  2 root root unconfined_u:object_r:user_home_t:s0    84 Dec  6
>  2009 docs
> -rw-r--r--.  1 root root unconfined_u:object_r:user_home_t:s0 30611 Dec  6
>  2009 functions.php
> drwxr-xr-x. 31 root root unconfined_u:object_r:user_home_t:s0  4096 Dec  6
>  2009 includes
> -rw-r--r--.  1 root root unconfined_u:object_r:user_home_t:s0   466 Jan  2
>  2009 index.php
> drwxr-xr-x.  2 root root unconfined_u:object_r:user_home_t:s0    79 Nov  1
>  2009 locale
> -rwxr--r--.  1 root root unconfined_u:object_r:user_home_t:s0  5928 Nov  1
>  2009 make_release.sh
> drwxr-xr-x.  2 root root unconfined_u:object_r:user_home_t:s0  4096 Nov  1
>  2009 patches
> drwxr-xr-x.  2 root root unconfined_u:object_r:user_home_t:s0  4096 Nov  1
>  2009 patches.old
> -rw-r--r--.  1 root root unconfined_u:object_r:user_home_t:s0    53 Nov  1
>  2009 README
> -rw-r--r--.  1 root root unconfined_u:object_r:user_home_t:s0  2096 Dec  6
>  2009 setup.php
> -rw-r--r--.  1 root root unconfined_u:object_r:user_home_t:s0    21 Dec  6
>  2009 version
>
> I ASSUME I need to change everything /usr/share/squirrelmail to
> ''object_r:usr_t?  If not, what SHOULD THEY be?

Running restorecon -r as the error suggests should reset the files to
whatever the system expects in that directory. What they should be is
different depending on the location and OS. If SELinux is involved, it can
also be blocking PHP from talking over the network to the SMTP service. If
it's on the same machine, you can also try using the sendmail option
instead of using SMTP.

-- 
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php




-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [email protected]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): 
https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Re: [SM-USERS] New Squirrelmail installation, can't connect to smtp server

Reply via email to
