HTTP CGI scripts cannot send mails: mail is sent but empty

Solution Verified - Updated -

Issue

  • When sending a mail from a HTTP CGI script, the mail is sent but empty, even after having enabled the SELinux httpd_can_sendmail boolean

  • SELinux AVC such as the one below are seen in the audit log:

    type=PROCTITLE msg=audit(...) : proctitle=send-mail ...
type=EXECVE msg=audit(...) : ... a0=send-mail ...
type=SYSCALL msg=audit(...) : arch=x86_64 syscall=execve success=yes exit=0 ... uid=apache gid=apache euid=apache suid=apache fsuid=apache egid=apache sgid=apache fsgid=apache tty=(none) ses=unset comm=sendmail exe=/usr/sbin/sendmail.postfix subj=system_u:system_r:system_mail_t:s0 key=(null) 
type=AVC msg=audit(...) : avc:  denied  { read } for  pid=6046 comm=sendmail path=/tmp/RsHEeyJh (deleted) ... scontext=system_u:system_r:system_mail_t:s0 tcontext=system_u:object_r:httpd_sys_rw_content_t:s0 tclass=file permissive=

    Above, we can see that send-mail could execute successfully but couldn't read the temporary file containing the body of the message.

Environment

  • Red Hat Enterprise Linux 8
    • HTTP CGI scripts
    • mail commands
    • SELinux

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content