nixCraft Poll

Topics

Setup sendmail php mail() support for chrooted Lighttpd or Apache web server

Posted by Vivek Gite [Last updated: November 8, 2006]

Lighttpd logo

Once chroot() call is applied to chrooted lighttpd or apache web server, you lost the connection with real /usr/sbin/sendmail program.

The php mail() function allows you to send mail. For the Mail functions to be available, PHP must have access to the sendmail binary on your system during compile time. If you use another mail program, such as qmail or postfix, be sure to use the appropriate sendmail wrappers that come with them. PHP will first look for sendmail in your PATH, and then in the following: /usr/bin:/usr/sbin:/usr/etc:/etc:/usr/ucblib:/usr/lib. It's highly recommended to have sendmail available from your PATH. Also, the user that compiled PHP must have permission to access the sendmail binary. Because of chroot you cannot access anything outside jail.

Even if you copy /usr/sbin/sendmail it will not work because it needs all other directories in /var and sendmail config file in /etc/mail directory.

So how do I configure php mail() support in chrooted jail webserver?

Task: Setting up static mini_sendmail for chrooted apache or lighttpd web server

mini_sendmail reads its standard input up to an end-of-file and sends a copy of the message found there to all of the addresses listed. The message is sent by connecting to a local SMTP server. This means mini_sendmail can be used to send email from inside a chroot(2) area. However, it needs to create a pipe so you need to copy shell to chroot as well.

Install mini_sendmail

Type the following commands:
# cd /opt
# wget http://www.acme.com/software/mini_sendmail/mini_sendmail-1.3.6.tar.gz
# tar -zxvf mini_sendmail-1.3.6.tar.gz
# cd mini_sendmail-1.3.6

Compile mini_sendmail

# make

Copy mini_sendmail to chrooted directory

Assuming that your chrooted directory is /webroot
# mkdir -p /webroot/usr/sbin
# cp mini_sendmail /webroot/usr/sbin/sendmail

Configure php for mini_sendmail (sendmail)

Goto /webroot directory
# vi etc/php.ini
OR
# vi /webroot/etc/php.ini

Setup sendmail path

sendmail_path = /usr/sbin/sendmail -t -i

Restart Apache webserver

# /etc/init.d/httpd restart
# apachectl restart

Or Restart lighttpd web server

# /etc/init.d/lighttpd restart

Copy /bin/sh or /bin/bash

# cp /bin/sh /webroot/bin
# l2chroot /bin/sh

Test your setup

Create php script - mailtest.php as follows:
<?php
mail("you@yourcorp.com", "PHP Test mail", "Hope this works! ");
?>

Point browser to http://yourcrop.com/mailtest.php

More troubleshooting tips

(a) Make sure you have /etc/resolv.conf and /etc/hosts files available in chrooted jail at /webroot/etc directory.

(b) Make sure your mail server accept connection from localhost (default)

(c) Consult /var/log/maillog (or your MTA log file) outside jail for more information
# tail -f /var/logm/maillog

Continue reading the rest of Lighttpd security series articles

Want to stay up to date with the latest Linux tips, news and announcements? Subscribe to our free e-mail newsletter or RSS feed to get all updates. You can Email this page to a friend.

You may also be interested in other helpful articles:

Discussion on This Article:

  1. jeremie Says: January 30th, 2007 at 10:54 pm

    Hello,

    I’ve followed your article in order to setup mini_sendmail on my chroot Apache2 webserver.

    Everythings is ok except this error in the apache’s error.log :

    /usr/sbin/sendmail: can’t determine username

    I’m stuck on this problem, and help would be appreciated !

    Best regards,

    Jeremie Werner

  2. nixcraft Says: February 1st, 2007 at 10:06 pm

    Jeremie,

    Add sendmail user to your /webroot/etc/passwd file

  3. boohoo @ mini_sendmail Says: April 28th, 2007 at 5:18 pm

    Incase anyone else is having the same problem…. try femail instead… much easier :)

  4. vivek Says: April 29th, 2007 at 3:35 am

    Ah, thanks here is url for femail

    http://quigon.bsws.de/femail/

  5. Fabian Says: June 24th, 2007 at 2:56 pm

    Or just change ‘username = getlogin();’ to ‘username = “www-data”;’ in mini_sendmail.c :)

  6. tomcat Says: August 22nd, 2007 at 10:12 pm

    Hi i have also an problem :(
    If i execute the testmail php file als root
    ./php /webroot/home/lighttpd/tmail.php
    it works fine but if i test it using lighttpd it doesnt work.
    I got no errormessages in log but i think its this problem: /usr/sbin/sendmail: can’t determine username.
    I try to add sendmail user to /webroot/etc/passwd file, sendmail:x:65002:108::/home/sendmail:/sbin/nologin
    but it dont work
    When i change ‘username = getlogin();’ to ‘username = “www-data”; in mini_sendmail.c i got compile error :(
    When i write username = ‘www-data’ i can compile but it dosnt work over my Webserver only als root ./php /webroot/home/lighttpd/tmail.php :((
    I also try femail but there i get this error:
    cc femail.o openbsd_compat.o -o femail
    femail.o(.text+0×570): In function `build_from’:
    : undefined reference to `strlcpy’
    femail.o(.text+0×61b): In function `build_from’:
    : undefined reference to `strlcpy’
    femail.o(.text+0×665): In function `parse_message’:
    : undefined reference to `fgetln’
    femail.o(.text+0×12e7): In function `read_reply’:
    : undefined reference to `strlcpy’
    femail.o(.text+0×17ac): In function `parse_config’:
    : undefined reference to `fgetln’
    femail.o(.text+0×1953): In function `parse_config’:
    : undefined reference to `strlcpy’
    femail.o(.text+0×1b03): In function `next_token’:
    : undefined reference to `strlcpy’
    collect2: ld returned 1 exit status
    make: *** [femail] Error 1

    Please help me

  7. evilghost Says: September 4th, 2007 at 1:14 pm

    Users having issues with the “can’t determine username” error message can modify the source code and re-run make. I’ve been able to successfully do this without playing with /etc/passwd by manually specifying the user and bypassing the getlogin() function.

    /* username = getlogin(); */
    username = “www-data”;

  8. yudai Says: November 9th, 2007 at 12:56 pm

    Whenever I try the test php, I get the following error in ssh:
    /bin/sendmail: unexpected response 550 to RCPT TO command
    What am I doing wrong here?

  9. gnif Says: November 18th, 2007 at 4:27 am

    A few things that arn’t clear here. If you are running inside a chroot, and using suEXEC or suPHP, you must make sure that /bin/sh, and sendmail are executable bu the user.

    If you are using virtual users, you must make the modification to mini_senmail by evilghost

    /* username = getlogin(); */
    username = “www-data”;

  10. Nick Says: November 30th, 2007 at 11:33 am

    Is it possible to add mail() support to an existing php install that wasn’t compiled with access to sendmail without re-compiling? For example adding a module?

  11. pero Says: June 10th, 2008 (5 weeks ago) at 11:30 am

    We have multiple chrooted apaches running with different user rights, so username = “www-data”; is not a solution for the problem!

    In this case you have to copy the libc6 libraries into to jail!

    After that getlogin() will work, if you have the apache user in /chrootdir/etc/passwd

Leave a Reply

We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Copyright © 2004-2008 nixCraft. All rights reserved - TOS/Disclaimer - Privacy policy - Sitemap - Powered by Open source software.