I had to Google hard for this – twice, because I was too busy to blog this when I solved it the first time. Anyway, people not accustomed to sysadmin-ing on Fedora will find themselves quickly acquainted with this rather unfriendly beast called SELinux, which firmly prevents you from doing a bunch of stuff – sometimes quietly.
Anyway, it turns out that although sendmail is installed and working on Fedora by default, SELinux will by default prevent httpd (and thus your PHP scripts) from using it to send email. To fix this, simply tell SELinux to don’t do that, like so:
$ restorecon /usr/sbin/sendmail.sendmail
$ setsebool -P httpd_can_sendmail 1
Or, if you prefer, look for the httpd_can_sendmail boolean in the SELinux configuration GUI and tick it off. Restart httpd after that:
/etc/init.d/httpd restart
Loading ...
Author
You deserve kudos for not just adding selinux=0 to grub.conf like every weak-willed earthling does.
Jason "moofang"
Hehe thanks :P there had been indications that that server may have been compromised before, so I was deliberately leaving as many random security stuff on as possible.
Author
That said, auditd should log SElinux denials. So the theory is that failures aren’t silent. Maybe your rsyslog was dropping it.
Jason "moofang"
Nah, by failing quietly I mean in the sense that I do something, and only realize later that that something didn’t get done, and yet a little later that it was blocked by SELinux. I don’t know what standard practices are like, but you can’t be checking logs after every action eh?
Pierre-Antoine
Thank you, I allready figured some SElinux problems with my httpd/mysql/php intranet, but this one was missing! Working fine now!
Nenad
Thank you, it works!
gomons
Thank you!
Petr
Thanks, it works for me too!