I’ve mentioned previously that I’m running WordPress on my own web server on top of Linux, and that it took me some digging to get it to play nicely with SELinux. Turns out I don’t learn from old mistakes.
WordPress has this nice feature where it sends notifications about new comments, and comments held for moderation, to the admin account’s email address. Well, that never worked for me. That’s a problem: while it’s easy to regularly check the queue of held comments to approve those that are legit, new comments from readers who previously had a comment approved are not held, and can get lost quite easily. I’ve recently found a bunch that I should have answered months ago, but I never saw them.
And as before, the solution is easy once you know what you’re looking for: it’s SELinux again. In my sendmail log file, I found a bunch of these error messages:
NOQUEUE: SYSERR(apache): /etc/mail/sendmail.cf: line 0: cannot open: Permission denied
Upon checking that file and finding it had proper permissions (read/write for user, read for group and other), I figured there would be some secret SELinux context that needed to be applied, and wondered why it wasn’t configured right by default. Turns out it’s different. SELinux also maintains a set of global flags, and there is one special flag that allows an HTTP server access to sendmail. Seems rather specific, that.
Anyway, to check whether apache (or any other web server) is allowed to send mail via sendmail, run
$ getsebool httpd_can_sendmail
which will reply either “on” or “off” (mine was “off,” big surprise). Then, to enable mail, run
$ setsebool httpd_can_sendmail 1
and voila. Now I’m getting email about comments, and about new users registering for my blog. Yay. As it turns out, there are a lot of new users registering for my blog. After deleting several thousand bogus ones, I’ve disabled user registration for now. Turns out there wasn’t a single registered user that looked legit. Oh well.
This probably means readers who tried to sign up for email notifications about new posts or comment replies didn’t get any either, but nobody ever complained, so I’m not sure. Anyway, it should work now.