I know there’s been a number of security changes lately, but I’m having trouble wrapping my head around this one. A simple PHP script to send mail via PHP’s mail() used to run fine, defaulting to using /usr/sbin/sendmail.
I’ve narrowed down the issue to what looks like permissions? In a HestiaCP’s user account, via bash shell php -f mail.php, this works:
<?php
echo shell_exec('echo “test message” | sendmail -v [email protected]');
echo shell_exec('which sendmail');
echo ini_get('sendmail_path');
But via the web, accessing mail.php does not. Clearly there is a difference between PHP CLI and PHP FPM. However, both CLI and FPM return the same value for sendmail path, via which and the php.ini set value. More importantly, PHP’s default mail() function also doesn’t work and returns false with no error message. shell_exec has obviously been enabled or I wouldn’t have gotten this far. But I can’t understand what changed that is inhibiting sendmail from working in the FPM environment but fine under CLI?
Any other clues as to what could be causing this?
