Cannot send email using PHP mail() function: Unable to rename '/usr/local/psa/handlers/spool/messageXXX' file: Permission denied
Follow

Created:

2016-11-16 12:39:53 UTC

Modified:

2017-08-16 15:52:01 UTC

2

Was this article helpful?


Have more questions?

Submit a request

Cannot send email using PHP mail() function: Unable to rename '/usr/local/psa/handlers/spool/messageXXX' file: Permission denied

Applicable to:

  • Plesk 12.5 for Linux
  • Plesk Onyx for Linux

Symptoms

  • SELinux is set to Enforcing mode.

  • Website is configured with PHP FastCGI and is having Outgoing Mail Control active unable to send email using PHP mail() function. /var/log/mailllog contains the following errors: 

    Jul 25 11:03:10 servername journal: plesk sendmail[40208]: PASS during call 'limit-out' handler 
    Jul 25 11:03:10 servername journal: plesk sendmail[40208]: Unable to rename '/usr/local/psa/handlers/spool/messagelfwY7h' file: Permission denied 
    Jul 25 11:03:10 servername journal: plesk sendmail[40208]: System error (/usr/local/psa/handlers/spool/messagelfwY7h): No such file or directory 
    Jul 25 11:03:10 servername journal: plesk sendmail[40211]: Unable to open temporary file `/usr/local/psa/handlers/spool/messagelfwY7h' (2): No such file or directory

  • SELinux log /var/log/audit/audit.log contains the following records: 

    type=AVC msg=audit(1469441919.153:60411): avc:  denied  { read write } for  pid=3137 comm="py-limit-out" path=2F746D702F2E7863616368652E31303030342E333034362E312E6D75746578202864656C6574656429 dev="dm-0" ino=945865893 scontext=system_u:system_r:system_mail_t:s0 tcontext=system_u:object_r:httpd_sys_rw_content_t:s0 tclass=file
    type=AVC msg=audit(1469441919.153:60411): avc:  denied  { read write } for  pid=3137 comm="py-limit-out" path=2F746D702F2E7863616368652E31303030342E333034362E322E6D75746578202864656C6574656429 dev="dm-0" ino=945865895 scontext=system_u:system_r:system_mail_t:s0 tcontext=system_u:object_r:httpd_sys_rw_content_t:s0 tclass=file
    type=SYSCALL msg=audit(1469441919.153:60411): arch=c000003e syscall=59 success=yes exit=0 a0=1d424e0 a1=1d2cb10 a2=60f480 a3=7ffe9aab5800 items=0 ppid=3136 pid=3137 auid=4294967295 uid=30 gid=31 euid=30 suid=30 fsuid=30 egid=31 sgid=31 fsgid=31 tty=(none) ses=4294967295 comm="py-limit-out" exe="/usr/bin/python2.7" subj=system_u:system_r:system_mail_t:s0 key=(null)
    type=AVC msg=audit(1469441919.309:60412): avc:  denied  { rename } for  pid=3136 comm="sendmail" name="messageddfLtz.tmp" dev="dm-0" ino=207438792 scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:object_r:mail_spool_t:s0 tclass=file
    type=SYSCALL msg=audit(1469441919.309:60412): arch=c000003e syscall=82 success=no exit=-13 a0=7ffe9aab6bf0 a1=1d2b080 a2=7ffe9aab6b60 a3=7ffe9aab68d0 items=0 ppid=3135 pid=3136 auid=4294967295 uid=30 gid=31 euid=30 suid=30 fsuid=30 egid=31 sgid=31 fsgid=31 tty=(none) ses=4294967295 comm="sendmail" exe="/usr/lib64/plesk-9.0/postfix-sendmail-wrapper" subj=system_u:system_r:httpd_sys_script_t:s0 key=(null)
    type=AVC msg=audit(1469441919.330:60413): avc:  denied  { read write } for  pid=3141 comm="py-limit-out" path=2F746D702F2E7863616368652E31303030342E333034362E312E6D75746578202864656C6574656429 dev="dm-0" ino=945865893 scontext=system_u:system_r:system_mail_t:s0 tcontext=system_u:object_r:httpd_sys_rw_content_t:s0 tclass=file
    type=AVC msg=audit(1469441919.330:60413): avc:  denied  { read write } for  pid=3141 comm="py-limit-out" path=2F746D702F2E7863616368652E31303030342E333034362E322E6D75746578202864656C6574656429 dev="dm-0" ino=945865895 scontext=system_u:system_r:system_mail_t:s0 tcontext=system_u:object_r:httpd_sys_rw_content_t:s0 tclass=file
    type=SYSCALL msg=audit(1469441919.330:60413): arch=c000003e syscall=59 success=yes exit=0 a0=f414f0 a1=f2bcb0 a2=60f480 a3=7ffd0d2d42d0 items=0 ppid=3140 pid=3141 auid=4294967295 uid=30 gid=31 euid=30 suid=30 fsuid=30 egid=31 sgid=31 fsgid=31 tty=(none) ses=4294967295 comm="py-limit-out" exe="/usr/bin/python2.7" subj=system_u:system_r:system_mail_t:s0 key=(null)
    type=AVC msg=audit(1469441919.482:60414): avc:  denied  { rename } for  pid=3140 comm="sendmail" name="messageraJbXK.tmp" dev="dm-0" ino=207438792 scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:object_r:mail_spool_t:s0 tclass=file

Cause

Plesk bug with ID #PPPM-4766 which will be fixed in future Plesk updates.

Resolution

1. Download this SELinux policy module.

2. Install it: 

# semodule -i sendmail_rename_spool.pp

Also, audit2allow utility can be used to generate and compile a loadable module. Additional information is available on https://wiki.centos.org/HowTos/SELinux or via the command man audit2allow .

Note: Type enforcement (TE) rule is also attached for reference.

Attachments:

Have more questions? Submit a request
Please sign in to leave a comment.