Setup sendmail php mail() support for chrooted Lighttpd or Apache web server

Author: Last updated: November 8, 2006 28 comments
Lighttpd logo

Once chroot() call is applied to chrooted lighttpd or apache web server, you lost the connection with real /usr/sbin/sendmail program.

ADVERTISEMENTS

The php mail() function allows you to send mail. For the Mail functions to be available, PHP must have access to the sendmail binary on your system during compile time. If you use another mail program, such as qmail or postfix, be sure to use the appropriate sendmail wrappers that come with them. PHP will first look for sendmail in your PATH, and then in the following: /usr/bin:/usr/sbin:/usr/etc:/etc:/usr/ucblib:/usr/lib. It’s highly recommended to have sendmail available from your PATH. Also, the user that compiled PHP must have permission to access the sendmail binary. Because of chroot you cannot access anything outside jail.

Even if you copy /usr/sbin/sendmail it will not work because it needs all other directories in /var and sendmail config file in /etc/mail directory.

So how do I configure php mail() support in chrooted jail webserver?

  • Don’t use php mail() use php SMTP class to send email (recommended method #1)
  • Install complete sendmail in chrooted jail (this is too much work)
  • Install statically linked mini_sendmail and /bin/sh in chrooted jail. (recommended method #2)

Task: Setting up static mini_sendmail for chrooted apache or lighttpd web server

mini_sendmail reads its standard input up to an end-of-file and sends a copy of the message found there to all of the addresses listed. The message is sent by connecting to a local SMTP server. This means mini_sendmail can be used to send email from inside a chroot(2) area. However, it needs to create a pipe so you need to copy shell to chroot as well.

Install mini_sendmail

Type the following commands:
# cd /opt
# wget http://www.acme.com/software/mini_sendmail/mini_sendmail-1.3.6.tar.gz
# tar -zxvf mini_sendmail-1.3.6.tar.gz
# cd mini_sendmail-1.3.6

Compile mini_sendmail

# make

Copy mini_sendmail to chrooted directory

Assuming that your chrooted directory is /webroot
# mkdir -p /webroot/usr/sbin
# cp mini_sendmail /webroot/usr/sbin/sendmail

Configure php for mini_sendmail (sendmail)

Goto /webroot directory
# vi etc/php.ini
OR
# vi /webroot/etc/php.ini

Setup sendmail path

sendmail_path = /usr/sbin/sendmail -t -i

Restart Apache webserver

# /etc/init.d/httpd restart
# apachectl restart

Or Restart lighttpd web server

# /etc/init.d/lighttpd restart

Copy /bin/sh or /bin/bash

# cp /bin/sh /webroot/bin
# l2chroot /bin/sh

Test your setup

Create php script – mailtest.php as follows:
<?php
mail("you@yourcorp.com", "PHP Test mail", "Hope this works! ");
?>

Point browser to http://yourcrop.com/mailtest.php

More troubleshooting tips

(a) Make sure you have /etc/resolv.conf and /etc/hosts files available in chrooted jail at /webroot/etc directory.

(b) Make sure your mail server accept connection from localhost (default)

(c) Consult /var/log/maillog (or your MTA log file) outside jail for more information
# tail -f /var/logm/maillog

Continue reading the rest of Lighttpd security series articles

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source & DevOps topics via:
READ NEXT
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNCentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
28 comments… add one
  • jeremie Jan 30, 2007 @ 22:54

    Hello,

    I’ve followed your article in order to setup mini_sendmail on my chroot Apache2 webserver.

    Everythings is ok except this error in the apache’s error.log :

    /usr/sbin/sendmail: can’t determine username

    I’m stuck on this problem, and help would be appreciated !

    Best regards,

    Jeremie Werner

    Reply Link
  • 🐧 nixCraft Feb 1, 2007 @ 22:06

    Jeremie,

    Add sendmail user to your /webroot/etc/passwd file

    Reply Link
  • boohoo @ mini_sendmail Apr 28, 2007 @ 17:18

    Incase anyone else is having the same problem…. try femail instead… much easier 🙂

    Reply Link
  • 🐧 nixCraft Apr 29, 2007 @ 3:35

    Ah, thanks here is url for femail

    http://quigon.bsws.de/femail/

    Reply Link
  • Fabian Jun 24, 2007 @ 14:56

    Or just change ‘username = getlogin();’ to ‘username = “www-data”;’ in mini_sendmail.c 🙂

    Reply Link
  • tomcat Aug 22, 2007 @ 22:12

    Hi i have also an problem 🙁
    If i execute the testmail php file als root
    ./php /webroot/home/lighttpd/tmail.php
    it works fine but if i test it using lighttpd it doesnt work.
    I got no errormessages in log but i think its this problem: /usr/sbin/sendmail: can’t determine username.
    I try to add sendmail user to /webroot/etc/passwd file, sendmail:x:65002:108::/home/sendmail:/sbin/nologin
    but it dont work
    When i change ‘username = getlogin();’ to ‘username = “www-data”; in mini_sendmail.c i got compile error 🙁
    When i write username = ‘www-data’ i can compile but it dosnt work over my Webserver only als root ./php /webroot/home/lighttpd/tmail.php :((
    I also try femail but there i get this error:
    cc femail.o openbsd_compat.o -o femail
    femail.o(.text+0x570): In function `build_from’:
    : undefined reference to `strlcpy’
    femail.o(.text+0x61b): In function `build_from’:
    : undefined reference to `strlcpy’
    femail.o(.text+0x665): In function `parse_message’:
    : undefined reference to `fgetln’
    femail.o(.text+0x12e7): In function `read_reply’:
    : undefined reference to `strlcpy’
    femail.o(.text+0x17ac): In function `parse_config’:
    : undefined reference to `fgetln’
    femail.o(.text+0x1953): In function `parse_config’:
    : undefined reference to `strlcpy’
    femail.o(.text+0x1b03): In function `next_token’:
    : undefined reference to `strlcpy’
    collect2: ld returned 1 exit status
    make: *** [femail] Error 1

    Please help me

    Reply Link
  • evilghost Sep 4, 2007 @ 13:14

    Users having issues with the “can’t determine username” error message can modify the source code and re-run make. I’ve been able to successfully do this without playing with /etc/passwd by manually specifying the user and bypassing the getlogin() function.

    /* username = getlogin(); */
    username = “www-data”;

    Reply Link
  • yudai Nov 9, 2007 @ 12:56

    Whenever I try the test php, I get the following error in ssh:
    /bin/sendmail: unexpected response 550 to RCPT TO command
    What am I doing wrong here?

    Reply Link
  • gnif Nov 18, 2007 @ 4:27

    A few things that arn’t clear here. If you are running inside a chroot, and using suEXEC or suPHP, you must make sure that /bin/sh, and sendmail are executable bu the user.

    If you are using virtual users, you must make the modification to mini_senmail by evilghost

    /* username = getlogin(); */
    username = “www-data”;

    Reply Link
  • Nick Nov 30, 2007 @ 11:33

    Is it possible to add mail() support to an existing php install that wasn’t compiled with access to sendmail without re-compiling? For example adding a module?

    Reply Link
  • pero Jun 10, 2008 @ 11:30

    We have multiple chrooted apaches running with different user rights, so username = “www-data”; is not a solution for the problem!

    In this case you have to copy the libc6 libraries into to jail!

    After that getlogin() will work, if you have the apache user in /chrootdir/etc/passwd

    Reply Link
  • Robyn Jul 16, 2008 @ 14:23

    Can somebody please tell me. mail() function now works properly, but when testing with PHPMailer, it fails.

    PHPMailer has support to add recipients with the AddAddress($email, $name) function. If I don’t fill the $name variable, mail will be sent normally, but if I fill it, I get this error:

    /usr/sbin/sendmail: unexpected response 501 to RCPT TO command

    Thanks in advance

    Reply Link
  • Robyn Jul 22, 2008 @ 8:15

    For my previous post: there’s a fix for mini_sendmail’s recipient handling bug. Patch mini_sendmail.c with the code on this link:

    https://dev.openwrt.org/cgi-bin/trac.fcgi/browser/packages/net/mini_sendmail/patches/200-fullname.patch?rev=8530

    Bye

    Reply Link
  • Jonathan Apr 6, 2009 @ 3:57

    I had the same problem as tomcat when compiling femail on Debian.

    I have patched the femail.c file to include the missing functions it was referencing. You can download the fixed femail for debian based linux < there.

    Reply Link
  • alex Jun 22, 2009 @ 19:19

    This step is wrong.

    # cp /bin/sh /webroot/bin
    # l2chroot /bin/sh

    it should be (I think)

    #mkdir -p /webroot/bin/
    #cp /bin/sh /webroot/bin/
    #l2chroot /bin/sh

    Reply Link
  • John Ian R. Medilo Aug 15, 2009 @ 21:35

    i can already send email thru send mail to gmail account.. the problem is that i cannot received to my company email… when i use the settings

    # “Smart” relay host (may be null)
    DSmyhost.host.com

    gmail account cannot received.

    Reply Link
    • John Ian R. Medilo Aug 17, 2012 @ 10:01

      You should have a valid domain, that if they reverse lookup it will still resolve.

      Reply Link
  • Chris Sep 7, 2009 @ 21:39

    Jonathan –

    There’s no need to rebuild it – the necessary functions are included in the original femail distro. Just open the Makefile and comment out this line:

    CFLAGS+= -DHAS_FGETLN -DHAS_STRLCPY

    And then run a ‘make’. The author included versions of the functions from OBSD>

    Reply Link
  • Chris Sep 7, 2009 @ 21:40

    Also, I find it a bit… beyond silly… that people go through the trouble of setting up a chroot for Apache and then have no problem copying a shell into that chroot. That’s a great way to provide a potential attacker with a much bigger attack surface…. Mini_sendmail is way overkill…

    Reply Link
  • Will May 6, 2010 @ 2:46

    To compile femail on debian I had to install the freebsd-buildutils package & the above makefile edit

    I also compiled and copied to /webroot/usr/bin/sendmail and testing with

    chroot /webroot/ sendmail -v ***@gmail.com < email.txt

    it works fine

    testing from php only works with /webroot/bin/sh is bash

    Chris this is an old subject but any input? I want to remove sh as per your comment.

    Reply Link
  • Tinus Sep 2, 2010 @ 6:29

    Hi

    I am having problems with sendmail.
    I am running appache on windows.

    My php looks as follow:
    [code]
    <?php
    $from_name = "BESAWEB";
    $from_email= "123690@swu.ac.za";
    $headers = "From: $from_email";
    $body = "Hi, n This is a test mail from $from_name .”;
    $subject = “Test mail from besa”;
    $to = “123690@swu.ac.za”;
    if (mail($to, $subject, $body, $headers))
    {echo “mail send success!”;}
    else {echo “mail fail…”;}
    ?>
    [/code]

    sendmail.ini

    logfile “aptanaxampp-win32-1.7.3xamppsendmailsendmail.log”

    smtp_server=wnameserver.puk.ac.za
    smtp_port=1117
    default_domain=nna.ac.za
    error_logfile=error.log
    auth_username=12332690@nwu.ac.za
    auth_password=Janse

    In php.ini
    [mail function]
    ; For Win32 only.
    ; http://php.net/smtp

    SMTP = wnameserver.puk.ac.za

    ; http://php.net/smtp-port

    smtp_port=1117

    ; For Win32 only.
    ; http://php.net/sendmail-from

    sendmail_from =123690@nwu.ac.za

    ; For Unix only. You may supply arguments as well (default: “sendmail -t -i”).
    ; http://php.net/sendmail-path

    sendmail_path = “C:aptanaxampp-win32-1.7.3xamppsendmailsendmail.exe -t”

    ; Force the addition of the specified parameters to be passed as extra parameters
    ; to the sendmail binary. These parameters will always replace the value of
    ; the 5th parameter to mail(), even in safe mode.
    ;mail.force_extra_parameters =

    ; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename
    mail.add_x_header = Off

    ; Log all mail() calls including the full path of the script, line #, to address and headers
    mail.log = “aptanaxampp-win32-1.7.3xamppapachelogsphp_mail.log”

    I receive the message mail send success! but no mail is delivered.

    Hope you can help.

    Reply Link
  • prasanth Jan 14, 2011 @ 16:35

    can i know how to configure for windows 7? to send mail using php

    Reply Link
  • lelutin Mar 4, 2011 @ 23:19

    Nice that trick about hardcoding the user string!

    I’ve just lost 3h debugging this. Since there’s nothing in the apache log it was pretty painful to debug.

    Here’s a trick to debug what’s happening inside the chroot on the command line:

    echo ‘Subject: test’ | chroot /webroot /usr/sbin/mini_sendmail -v you@yourdomain.com

    Also, the article mentions copying /bin/sh to the chroot, but if /bin/sh is not statically linked, you’ll have a non working setup. You need to ldd /bin/sh and copy all the libraries it uses inside the chroot.

    Reply Link
  • niaki May 3, 2012 @ 7:19

    hi;
    i want to knew about chroot what is that exactly and how can i use it?
    please help me about this im beginner in linux
    thanks

    Reply Link
  • will Aug 17, 2012 @ 14:13

    GOOGLE IS YOUR FRIEND!
    https://www.google.com/search?q=what+is+chroot&aq=f&sugexp=chrome,mod=1&sourceid=chrome&ie=UTF-8

    Reply Link
  • Amrita Apr 15, 2013 @ 6:02

    Hi,

    I am trying to use mini_sendmail utility to send mails.
    But I get Unexpected EOF error when i execute the following command,

    cat email.dat | /usr/local/sbin/mini_sendmail -t -p25 -fabs@xyz.com -sxxx.xxx.xxx.xxx -v abs@zzz.xyz.com.

    The email.dat looks like:

    to:abs@xyz.com
    from:abs@zzz.xyz.com
    date:Wed, 30 Jan 2013 23:59:00 +0000
    subject: Email
    MIME-version: 1.0
    Content-type: multipart/mixed; boundary=”—-_=_NextPart_7693.NPBM”

    This message is in MIME format.

    ——_=_NextPart_7693.NPBM
    Content-Type: text/plain

    Event Time: Wed, 30 Jan 2013 23:59:00.377 +0000^M
    Nodename = Amrita@1

    ——_=_NextPart_7693.NPBM–

    Can anyone help me out why I am getting this error.

    Amrita

    Reply Link
  • Fra Mar 26, 2016 @ 20:32

    I’ve done all the above but mail() still returns false… I have nothing in the logs, how can I debug that? I’m getting crazy

    Reply Link
    • Fra Mar 26, 2016 @ 21:29

      Solved! I had to create /dev/zero, /dev/urandom and /dev/null

      Reply Link

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.

Next post:

Previous post: