Cannot send email using PHP mail() function: Unable to rename '/usr/local/psa/handlers/spool/messageXXX' file: Permission denied
Follow

Created:

2016-11-16 12:39:53 UTC

Modified:

2017-06-21 12:15:37 UTC

2

Was this article helpful?


Have more questions?

Submit a request

Cannot send email using PHP mail() function: Unable to rename '/usr/local/psa/handlers/spool/messageXXX' file: Permission denied

Symptoms

  • SELinux is set to Enforcing mode

  • Website configured with PHP FastCGI and having Outgoing Mail Control active unable to send email using PHP mail() function. /var/log/mailllog contains the following errors:

    Jul 25 11:03:10 servername journal: plesk sendmail[40208]: PASS during call 'limit-out' handler 
    Jul 25 11:03:10 servername journal: plesk sendmail[40208]: Unable to rename '/usr/local/psa/handlers/spool/messagelfwY7h' file: Permission denied 
    Jul 25 11:03:10 servername journal: plesk sendmail[40208]: System error (/usr/local/psa/handlers/spool/messagelfwY7h): No such file or directory 
    Jul 25 11:03:10 servername journal: plesk sendmail[40211]: Unable to open temporary file `/usr/local/psa/handlers/spool/messagelfwY7h' (2): No such file or directory

  • SELinux log /var/log/audit/audit.log contains the following records:

    type=AVC msg=audit(1469441919.153:60411): avc:  denied  { read write } for  pid=3137 comm="py-limit-out" path=2F746D702F2E7863616368652E31303030342E333034362E312E6D75746578202864656C6574656429 dev="dm-0" ino=945865893 scontext=system_u:system_r:system_mail_t:s0 tcontext=system_u:object_r:httpd_sys_rw_content_t:s0 tclass=file
    type=AVC msg=audit(1469441919.153:60411): avc:  denied  { read write } for  pid=3137 comm="py-limit-out" path=2F746D702F2E7863616368652E31303030342E333034362E322E6D75746578202864656C6574656429 dev="dm-0" ino=945865895 scontext=system_u:system_r:system_mail_t:s0 tcontext=system_u:object_r:httpd_sys_rw_content_t:s0 tclass=file
    type=SYSCALL msg=audit(1469441919.153:60411): arch=c000003e syscall=59 success=yes exit=0 a0=1d424e0 a1=1d2cb10 a2=60f480 a3=7ffe9aab5800 items=0 ppid=3136 pid=3137 auid=4294967295 uid=30 gid=31 euid=30 suid=30 fsuid=30 egid=31 sgid=31 fsgid=31 tty=(none) ses=4294967295 comm="py-limit-out" exe="/usr/bin/python2.7" subj=system_u:system_r:system_mail_t:s0 key=(null)
    type=AVC msg=audit(1469441919.309:60412): avc:  denied  { rename } for  pid=3136 comm="sendmail" name="messageddfLtz.tmp" dev="dm-0" ino=207438792 scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:object_r:mail_spool_t:s0 tclass=file
    type=SYSCALL msg=audit(1469441919.309:60412): arch=c000003e syscall=82 success=no exit=-13 a0=7ffe9aab6bf0 a1=1d2b080 a2=7ffe9aab6b60 a3=7ffe9aab68d0 items=0 ppid=3135 pid=3136 auid=4294967295 uid=30 gid=31 euid=30 suid=30 fsuid=30 egid=31 sgid=31 fsgid=31 tty=(none) ses=4294967295 comm="sendmail" exe="/usr/lib64/plesk-9.0/postfix-sendmail-wrapper" subj=system_u:system_r:httpd_sys_script_t:s0 key=(null)
    type=AVC msg=audit(1469441919.330:60413): avc:  denied  { read write } for  pid=3141 comm="py-limit-out" path=2F746D702F2E7863616368652E31303030342E333034362E312E6D75746578202864656C6574656429 dev="dm-0" ino=945865893 scontext=system_u:system_r:system_mail_t:s0 tcontext=system_u:object_r:httpd_sys_rw_content_t:s0 tclass=file
    type=AVC msg=audit(1469441919.330:60413): avc:  denied  { read write } for  pid=3141 comm="py-limit-out" path=2F746D702F2E7863616368652E31303030342E333034362E322E6D75746578202864656C6574656429 dev="dm-0" ino=945865895 scontext=system_u:system_r:system_mail_t:s0 tcontext=system_u:object_r:httpd_sys_rw_content_t:s0 tclass=file
    type=SYSCALL msg=audit(1469441919.330:60413): arch=c000003e syscall=59 success=yes exit=0 a0=f414f0 a1=f2bcb0 a2=60f480 a3=7ffd0d2d42d0 items=0 ppid=3140 pid=3141 auid=4294967295 uid=30 gid=31 euid=30 suid=30 fsuid=30 egid=31 sgid=31 fsgid=31 tty=(none) ses=4294967295 comm="py-limit-out" exe="/usr/bin/python2.7" subj=system_u:system_r:system_mail_t:s0 key=(null)
    type=AVC msg=audit(1469441919.482:60414): avc:  denied  { rename } for  pid=3140 comm="sendmail" name="messageraJbXK.tmp" dev="dm-0" ino=207438792 scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:object_r:mail_spool_t:s0 tclass=file

Cause

This is Plesk bug with ID #PPPM-4766 which will be fixed in future Plesk updates.

Resolution

1. Download this SELinux policy module.

2. Install it:

# semodule -i sendmail_rename_spool.pp

Also,  audit2allow utility can be used to generate and compile a loadable module. Additional information is available on https://wiki.centos.org/HowTos/SELinux or via # man audit2allow command.

Note: Type enforcement (TE) rule is also attached for reference.

Attachments:

Have more questions? Submit a request
Please sign in to leave a comment.