PHP mail() does not work after Plesk update

Created:

2016-11-16 12:42:51 UTC

Modified:

2017-08-08 13:29:59 UTC

0

Was this article helpful?


Have more questions?

Submit a request

PHP mail() does not work after Plesk update

Applicable to:

  • Plesk 12.5 for Linux

Symptoms

PHP mail() function does not work. It shows that a message is sent. However, recepient does not get any emails. /var/log/audit/audit.log log contains the following error:

type=AVC msg=audit(1470082640.406:143302): avc:  denied  { dac_override } for  pid=647     comm="sendmail" capability=1  scontext=system_u:system_r:httpd_sys_script_t:s0     tcontext=system_u:system_r:httpd_sys_script_t:s0 tclass=capability

Cause

SELinux is preventing mail from being sent. Plesk modules were not applied during Plesk update.This happens because some OS updates were not installed on the server.This is Plesk internal issue with ID PPPM-4794 , which is planned to be fixed in future Plesk updates.

Workaround

There are several workarounds.

Install the latest OS updates

For RedHat-based systems:

    # yum update

Reinstall SElinux package

    # rpm -Uvh psa-selinux

Create a new SELinux policy

  1. Find all necessary errors in the audit.log :

    grep sendmail /var/log/audit/audit.log | audit2allow -m sendmail > sendmail.te
  2. View the created file:

    cat sendmail.te

    module sendmail 1.0;

    require {
    type mail_spool_t;
    type syslogd_t;
    type httpd_sys_script_t;
    type devlog_t;
    class process setpgid;
    class capability { setuid dac_read_search chown setgid dac_override };
    class file { setattr read lock create write getattr unlink open };
    class sock_file write;
    class unix_dgram_socket sendto;
    class dir { write remove_name search add_name };
    }

    #============= httpd_sys_script_t ==============
    allow httpd_sys_script_t devlog_t:sock_file write;
    #!!!! The source type 'httpd_sys_script_t' can write to a 'dir' of the following types:
    # httpd_sys_rw_content_t, httpd_var_run_t, tmp_t, httpd_tmp_t, httpd_sys_content_t, httpdcontent

    allow httpd_sys_script_t mail_spool_t:dir { write remove_name search add_name };
    #!!!! The source type 'httpd_sys_script_t' can write to a 'file' of the following types:
    # httpd_sys_rw_content_t, httpd_tmp_t, httpdcontent

    allow httpd_sys_script_t mail_spool_t:file { setattr read lock create write getattr unlink open };
    allow httpd_sys_script_t self:capability { setuid dac_read_search chown setgid dac_override };
    allow httpd_sys_script_t self:process setpgid;
    allow httpd_sys_script_t syslogd_t:unix_dgram_socket sendto;
    [root@server ~]# grep sendmail /var/log/audit/audit.log | audit2allow -M sendmail
    ******************** IMPORTANT ***********************
    To make this policy package active, execute:

    semodule -i sendmail.pp
  3. Build the SELinux module:

    grep sendmail /var/log/audit/audit.log | audit2allow -M sendmail
  4. Load the package into the policy:

    semodule -i sendmaill.pp
  5. To view the installed policy modules, run:

    semodule -l
Have more questions? Submit a request
Please sign in to leave a comment.