Tag Archives: SELinux

FIXED: WordPress refuses to send you a Password Reset Link

Screen Shot 2015-02-10 at 21.33.07

I ran into an interesting problem today: on a CentOS 6 server a colleague of mine wanted to reset her WordPress password via the handy link provided in the login dialogue. But rather than sending an email, WordPress got back to her with the following error message:

The e-mail could not be sent.
Possible reason: your host may have disabled the mail() function.

Intrigued I had a look at the server. To my surprise sendmail was installed, and emails could be sent from the command line as well as from PHP scripts. But not from WordPress. What was going on?

Examining the logs I came across the following error message:

followed by a Web Server 500 error caused by the password reset link. Interesting.

Turns out it was an old acquaintance of mine, someone who has been spoiling the broth on many occasions: SELinux.

SELinux can prevent Apache from sending mail when enabled, but lucky for us there’s a quick way to fix this, courtesy of manyon over at the Simple Machines Forum.

To test if SELinux is preventing mail from being sent, try this test from the command line:

It will return with httpd_can_sendmail –> on or off, and if your server is set to the latter then mail can’t be sent.

To change this, execute the following, switching this bool to on:

Note that this can take a minute or two (literally) because the entire SELinux policy needs to be recompiled. Be patient, your server isn’t hanging.

Once changed, make sure to restart Apache:

Now WordPress can send the password reset link. #result

How to control SELinux in CentOS 7

SELinux – when installed – can take on one of three modes:

  • Enforcing
  • Permissive
  • Disabled

To check which mode SELinux is running on, we can use either sestatus for a more detailed output, or simply getenforce for a one liner:

getenforce on the other hand will literally just say a single word, like “Enforcing”.

To change this mode, edit /etc/selinux/config:

Change the file according to the comments and restart the system for the changes to take effect.

setenforce command

If SELinux is running and either set to Enforcing or Permissive, you can change its mode on the fly without restarting the server using the setenforce command like so:

You won’t get any feedback if all goes well. Note that if SELinux is disabled, the setenforce command won’t work.

setenforce is practical if you’d like to change the SELinux policy only temporary and your settings will not be retained. So the next time you restart the server, SELinux will come back with whatever is set in /etc/selinux/config.

Find out more about SELinux and what it’s good for here: