# Postfix + PHP = "ERROR: Email not accepted for delivery"

## OpenWarSim

I have done a few searches, both here in the forums and on the net, for the resolution for this.  Need some help.

I have a Gentoo server that I have emerged in the latest postfix.  Everything works in and out via normal mail sequences, all is good.  When trying to fire a mail() function from a PHP4.4.0 script, it errors out with:  "ERROR: Email not accepted for delivery by sendmail!" in the page and "postfix/sendmail[13841]: fatal: chdir /var/spool/postfix: Permission denied" in /var/log/messages.

Two things, the net says, could cause this:

1) Permissions of that dir.

2) SELinux config.

From everything I can find, the following is correct (minus, perhaps, the group ownership, which I was trying to add Apache to the group with).

```
[root /etc/postfix] ls -la /var/spool/postfix

total 64

drwxrwxr-x  16 root    postdrop 4096 Dec 14 00:09 ./

drwxr-x---   5 root    cron     4096 Dec 14 00:11 ../

-rw-r--r--   1 root    postdrop    0 Dec 14 00:09 .keep

drwx------   2 postfix postdrop 4096 Dec 14 00:16 active/

drwx------   2 postfix postdrop 4096 Dec 14 00:12 bounce/

drwx------   2 postfix postdrop 4096 Nov 30 19:04 corrupt/

drwx------   2 postfix postdrop 4096 Nov 30 19:04 defer/

drwx------   2 postfix postdrop 4096 Nov 30 19:04 deferred/

drwx------   2 postfix postdrop 4096 Nov 30 19:04 flush/

drwx------   2 postfix postdrop 4096 Nov 30 19:04 hold/

drwx------   2 postfix postdrop 4096 Dec 14 00:16 incoming/

drwx-wx---   2 postfix postdrop 4096 Dec 14 00:16 maildrop/

drwxr-xr-x   2 root    postdrop 4096 Dec 14 00:16 pid/

drwx------   2 postfix postdrop 4096 Dec 14 08:58 private/

drwx--x---   2 postfix postdrop 4096 Dec 14 08:58 public/

drwx------   2 postfix postdrop 4096 Nov 30 19:04 saved/

drwx------   2 postfix postdrop 4096 Dec 14 00:16 trace/
```

I tried adding group write and execute privs to all of these, but backed out when that didn't work either.

Any help would be appreciated.

----------

## jkt

Does sending mail via `sendmail` binary work?

----------

## OpenWarSim

 *Quote:*   

> Everything works in and out via normal mail sequences, all is good.

 

Yes.  Sending from the command line (using postfix, sendmail is not installed) works fine. I can get email to my gmail account and back from it.Last edited by OpenWarSim on Wed Dec 14, 2005 5:01 pm; edited 1 time in total

----------

## jkt

 *OpenWarSim wrote:*   

> Yes.  Sending from the command line (using postfix, sendmail is not installed) works fine. I can get email to my gmail account and back from it.

 

I really meant `sendmail` as that's the binary PHP uses internally. Postfix provides its own wrapper.

----------

## OpenWarSim

I found a page that mentioned that you needed to add a '-t' option to the sendmail string in your php.ini.  Did that, no fixie.

----------

## OpenWarSim

Bump.

----------

## magic919

Postfix working has little to do with the problem here.  You are sending the messages using sendmail - as in /usr/sbin/sendmail - not Sendmail, although it's there for compatibility with Sendmail.  You can stop Postfix and this should still work.  

The sendmail program enlists the help of postdrop app to get the messages into the maildrop Q.  A good test it to fire an email off the command line using /usr/sbin/sendmail as the user that runs your PHP script.

You might wish to check that postdrop is set GID.

Run the test and see what happens and, hopefully, give us some more to go on.

----------

## OpenWarSim

Postdrop is GID.

```
[root /var] ls -la /usr/sbin/postdrop

-rwxr-sr-x  1 root postdrop 124684 Dec 14 00:09 /usr/sbin/postdrop*
```

```
[root /var/www] su - apache

apache@nexus ~ $ /usr/sbin/sendmail root

sendmail: fatal: chdir /var/spool/postfix: Permission denied
```

Back to square one.  How do I allow Apache to use Postfix to send mail (or any script user, for that matter)?  Do I add Apache to the postdrop group?  That was already done.

```
[root /var/www] grep postdrop /etc/group

postdrop:x:208:apache,postfix
```

What other information can I provide to show the error of my ways?  :Smile: 

----------

## magic919

I think permissions, well ownership is the problem.  Have you checked /var/spool?  Can be a problem if ownership other than root.

----------

## OpenWarSim

That is what I believe too, but I cannot figure out what is mis-owned.

```
[root /var/www] ls -la /var/spool

total 20

drwxr-x---   5 root cron     4096 Dec 14 00:11 ./

drwxr-xr-x  14 root root     4096 Nov 23 10:27 ../

drwxr-x---   3 root cron     4096 Sep 21 20:51 cron/

drwxr-xr-x   2 root root     4096 Dec 14 00:16 mail/

drwxrwxr-x  16 root postdrop 4096 Dec 14 00:09 postfix/
```

----------

## magic919

Your postfix directory should be root root.  

Many of your sub-directories show  group postdrop instead of root.  Mine

```
0 drwx------   2 postfix root      48 Dec 14 22:25 active

0 drwx------   2 postfix root      48 Dec 13 15:36 bounce

0 drwx------   2 postfix root      48 Jun 16 18:52 corrupt

0 drwx------  11 postfix root     264 Dec 12 11:43 defer

0 drwx------  12 postfix root     288 Dec 12 11:18 deferred

0 drwx------   2 postfix root      80 Dec 12 11:43 flush

0 drwx------   2 postfix root      48 Jun 16 18:52 hold

0 drwx------   2 postfix root      48 Dec 14 22:25 incoming

0 drwx-wx---   2 postfix postdrop  48 Dec 14 22:25 maildrop

1 drwxr-xr-x   2 root    root     520 Dec 12 11:43 pid

1 drwx------   2 postfix root     640 Dec 12 15:00 private

0 drwx--x---   2 postfix postdrop 168 Dec  6 14:19 public

0 drwx------   2 postfix root      48 Jun 16 18:52 saved

0 drwx------   2 postfix root      48 Jun 16 18:52 trace

```

----------

## OpenWarSim

Okay, we'll try that.  

```
[root /var/www] ls -la /var/spool/postfix/

total 64

drwxrwxr-x  16 root    root     4096 Dec 14 00:09 ./

drwxr-x---   5 root    cron     4096 Dec 14 00:11 ../

-rw-r--r--   1 root    postdrop    0 Dec 14 00:09 .keep

drwx------   2 postfix root     4096 Dec 14 00:16 active/

drwx------   2 postfix root     4096 Dec 14 00:12 bounce/

drwx------   2 postfix root     4096 Nov 30 19:04 corrupt/

drwx------   2 postfix root     4096 Nov 30 19:04 defer/

drwx------   2 postfix root     4096 Nov 30 19:04 deferred/

drwx------   2 postfix root     4096 Nov 30 19:04 flush/

drwx------   2 postfix root     4096 Nov 30 19:04 hold/

drwx------   2 postfix root     4096 Dec 14 00:16 incoming/

drwx-wx---   2 postfix postdrop 4096 Dec 14 00:16 maildrop/

drwxr-xr-x   2 root    root     4096 Dec 14 00:16 pid/

drwx------   2 postfix root     4096 Dec 14 08:58 private/

drwx--x---   2 postfix postdrop 4096 Dec 14 08:58 public/

drwx------   2 postfix root     4096 Nov 30 19:04 saved/

drwx------   2 postfix root     4096 Dec 14 00:16 trace/
```

No go.  PHP script still fails with errors as above.

----------

## magic919

And the postfix directory?

----------

## OpenWarSim

This one?

```
[root /var/www] ls -la /usr/lib/postfix

total 4308

drwxr-xr-x   2 root root   4096 Dec 14 00:09 ./

drwxr-xr-x  22 root root  16384 Dec 14 00:09 ../

-rwxr-xr-x   1 root root 140400 Dec 14 00:09 anvil*

-rwxr-xr-x   1 root root 165928 Dec 14 00:09 bounce*

-rwxr-xr-x   1 root root 202344 Dec 14 00:09 cleanup*

-rwxr-xr-x   1 root root 152848 Dec 14 00:09 discard*

-rwxr-xr-x   1 root root 153488 Dec 14 00:09 error*

-rwxr-xr-x   1 root root 146068 Dec 14 00:09 flush*

-rwxr-xr-x   1 root root 188512 Dec 14 00:09 lmtp*

-rwxr-xr-x   1 root root 215220 Dec 14 00:09 local*

-rwxr-xr-x   1 root root 108044 Dec 14 00:09 master*

-rwxr-xr-x   1 root root 191488 Dec 14 00:09 nqmgr*

-rwxr-xr-x   1 root root 183248 Dec 14 00:09 oqmgr*

-rwxr-xr-x   1 root root 145324 Dec 14 00:09 pickup*

-rwxr-xr-x   1 root root 174844 Dec 14 00:09 pipe*

-rwxr-xr-x   1 root root 130912 Dec 14 00:09 proxymap*

-rwxr-xr-x   1 root root 191488 Dec 14 00:09 qmgr*

-rwxr-xr-x   1 root root 161888 Dec 14 00:09 qmqpd*

-rwxr-xr-x   1 root root 139596 Dec 14 00:09 scache*

-rwxr-xr-x   1 root root 148408 Dec 14 00:09 showq*

-rwxr-xr-x   1 root root 256580 Dec 14 00:09 smtp*

-rwxr-xr-x   1 root root 287520 Dec 14 00:09 smtpd*

-rwxr-xr-x   1 root root 139876 Dec 14 00:09 spawn*

-rwxr-xr-x   1 root root 145664 Dec 14 00:09 tlsmgr*

-rwxr-xr-x   1 root root 153048 Dec 14 00:09 trivial-rewrite*

-rwxr-xr-x   1 root root 140964 Dec 14 00:09 verify*

-rwxr-xr-x   1 root root 170792 Dec 14 00:09 virtual*

```

----------

## magic919

No, the next one up from th ones you did.  ls -la /var/spool and you'd see it.

----------

## OpenWarSim

```
[root /var/spool] ls -la

total 20

drwxr-x---   5 root cron 4096 Dec 14 00:11 ./

drwxr-xr-x  14 root root 4096 Nov 23 10:27 ../

drwxr-x---   3 root cron 4096 Sep 21 20:51 cron/

drwxr-xr-x   2 root root 4096 Dec 14 00:16 mail/

drwxrwxr-x  16 root root 4096 Dec 14 00:09 postfix/
```

----------

## OpenWarSim

Bump

----------

## magic919

Back after a bit if sleep.  Not getting any other responders just yet then  :Sad: 

When you do that su - apache it works, so you must have a shell for apache.  Can you do the su - apache and then do the cd /var/spool/postfix.  Does it work?  

If so then please run apache(2) -V so we can see what Apache is made of.

----------

## OpenWarSim

```
[root ~] su - apache

apache@nexus ~ $ cd /var/spool/postfix

-bash: cd: /var/spool/postfix: Permission denied
```

I can su because I converted the shell on the apache user, of course.  Just for troubleshooting this issue.

Not sure what you are asking there with the apache -V request.

Magic, I appreciate the help.  I am at wits end here.

----------

## magic919

What a pain this is.  I don't claim to fully understand this but I think you need to chown -R from top down i.e chown -R root:root /var/spool/ and then drop down and correct the ones that shouldn't be root:root.

Here are mine

```

denzilla ~ # ls -la /var/spool/

total 0

drwxr-xr-x   8 root  root  216 Dec 12 08:57 .

drwxr-xr-x  16 root  root  432 Dec  6 08:00 ..

-rw-r--r--   1 root  root    0 Dec  5 21:17 .keep

drwxr-x---   4 root  cron  120 Dec  5 18:48 cron

drwx------   3 lp    root   72 Jun 17 11:36 cups

drwxrwxrwx   4 dspam dspam 176 Dec 13 15:47 dspam

drwxrwxr-x   2 root  mail   72 Dec  5 20:05 mail

drwxr-xr-x  16 root  root  408 Dec  5 21:47 postfix

drwxrwxrwt   2 root  root   72 Dec  6 06:09 samba

denzilla ~ # ls -la /var/spool/postfix/

total 1

drwxr-xr-x  16 root    root     408 Dec  5 21:47 .

drwxr-xr-x   8 root    root     216 Dec 12 08:57 ..

-rw-r--r--   1 root    root       0 Dec  5 21:47 .keep

drwx------   2 postfix root      48 Dec 16 02:26 active

drwx------   2 postfix root      48 Dec 16 01:55 bounce

drwx------   2 postfix root      48 Jun 16 18:52 corrupt

drwx------  11 postfix root     264 Dec 12 11:43 defer

drwx------  12 postfix root     288 Dec 12 11:18 deferred

drwx------   2 postfix root      80 Dec 12 11:43 flush

drwx------   2 postfix root      48 Jun 16 18:52 hold

drwx------   2 postfix root      48 Dec 16 02:26 incoming

drwx-wx---   2 postfix postdrop  48 Dec 16 01:55 maildrop

drwxr-xr-x   2 root    root     552 Dec 15 05:55 pid

drwx------   2 postfix root     640 Dec 15 15:53 private

drwx--x---   2 postfix postdrop 168 Dec 15 15:53 public

drwx------   2 postfix root      48 Jun 16 18:52 saved

drwx------   2 postfix root      48 Jun 16 18:52 trace

```

notice that some of yours like . and .. are owned root:cron (aside from the cron directory)

----------

## OpenWarSim

Already done.

```
[root /etc/conf.d] cd /var/spool

[root /var/spool] ls -la

total 20

drwxr-x---   5 root cron 4096 Dec 14 00:11 ./

drwxr-xr-x  14 root root 4096 Nov 23 10:27 ../

drwxr-x---   3 root cron 4096 Sep 21 20:51 cron/

drwxr-xr-x   2 root root 4096 Dec 14 00:16 mail/

drwxrwxr-x  16 root root 4096 Dec 14 00:09 postfix/

[root /var/spool] cd postfix

[root /var/spool/postfix] ls -la

total 64

drwxrwxr-x  16 root    root     4096 Dec 14 00:09 ./

drwxr-x---   5 root    cron     4096 Dec 14 00:11 ../

-rw-r--r--   1 root    postdrop    0 Dec 14 00:09 .keep

drwx------   2 postfix root     4096 Dec 14 00:16 active/

drwx------   2 postfix root     4096 Dec 14 00:12 bounce/

drwx------   2 postfix root     4096 Nov 30 19:04 corrupt/

drwx------   2 postfix root     4096 Nov 30 19:04 defer/

drwx------   2 postfix root     4096 Nov 30 19:04 deferred/

drwx------   2 postfix root     4096 Nov 30 19:04 flush/

drwx------   2 postfix root     4096 Nov 30 19:04 hold/

drwx------   2 postfix root     4096 Dec 14 00:16 incoming/

drwx-wx---   2 postfix postdrop 4096 Dec 14 00:16 maildrop/

drwxr-xr-x   2 root    root     4096 Dec 14 00:16 pid/

drwx------   2 postfix root     4096 Dec 14 08:58 private/

drwx--x---   2 postfix postdrop 4096 Dec 14 08:58 public/

drwx------   2 postfix root     4096 Nov 30 19:04 saved/

drwx------   2 postfix root     4096 Dec 14 00:16 trace/
```

----------

## OpenWarSim

Surely this cannot be such a rare occasion, to have a Postfix server on a PHP-scripted box?  Why doesn't the emerge build set these permissions explicitly on install?

I am not sure how to approach this if this a SELinux issue.  I've not found any documentation on how to alter policies for that.

----------

## magic919

 *OpenWarSim wrote:*   

> Already done.
> 
> ```
> 
> [root /var/spool] ls -la
> ...

 

These are the ones I see are different and I cannot understand why.

Have you tried setting up a test user and doing the same thing as su - apache cd /var/spool/postfix?

This is an odd one.

----------

## OpenWarSim

```
root /var/www/ennersea.net] chgrp root /var/spool

[root /var/www/ennersea.net] ls -la /var/spool

total 20

drwxr-x---   5 root root 4096 Dec 14 00:11 ./

drwxr-xr-x  14 root root 4096 Nov 23 10:27 ../

drwxr-x---   3 root cron 4096 Sep 21 20:51 cron/

drwxr-xr-x   2 root root 4096 Dec 14 00:16 mail/

drwxrwxr-x  16 root root 4096 Dec 14 00:09 postfix/

[root /var/www/ennersea.net] su - apache

apache@nexus ~ $ cd /var/spool/postfix

-bash: cd: /var/spool/postfix: Permission denied
```

ARRRRRGH.  This has got to be a simple issue.  Murphy's Law just begs it to be!

----------

