never mind i’ll work around it
If your using jailkit you need to add everything to each jail, such as postfix, dovecot etc. Just out of interest why are using jailkit ?
You need to give us the actual error. It depends on how you’re sending mail, but most of the time something doesn’t work in the jail is just because you didn’t put the necessary software in the jail. A jailed user cannot run anything you didn’t explicitly give them access to, that’s the point of the jail.
Oh no!
You definitely do not want/need to do that, and it would be dangerous to do that, as both of those include suexec binaries.
never mind i’ll work around it
jailkiot keeps one apache user form being able to infect another apache user.
I have no idea. I’ve never heard of smtp2go.
You need to dig down into the logs and see what’s actually going on. “unable to instantiate mailsystem” is a meaningless error.
If it used to work with the jail enabled (are you sure?) then it seems like it must be a configuration issue. You should try using an IP address instead of a hostname to specify the SMTP server, if it’s sending via localhost, since making the hosts file work inside a jail is tricky. You may also want to add logging to your application to narrow down why it’s failing (i.e. check to be sure the hostname you’re trying to send to resolves, log what errors are returned when trying to connect, etc.).
No, it doesn’t.
It keeps users from being able to see other users on the system, and also limits which commands users can execute. It has nothing to do with Apache (Apache is not jailed), and your user code is never run by Apache in a properly configured system…the code is run by PHP-FPM which runs as the domain owner user and Apache proxies user requests to FPM. Apache is entirely independent of jailkit.
Jailkit is only marginally related to security. It may be able to limit the attack surface in the event a user account is compromise, if carefully deployed. On Debian/Ubuntu it can actually increase the risk of an exploit, as it does not use capabilities and instead has suid binaries (EL Jailkit packages use capabilities, instead, mostly removing that risk). At least that was true the last time I checked. But, it doesn’t really have anything to do with any system services.
To be clear, Apache cannot be exploited by users with or without jailkit. Users are not able to run code as the Apache user unless you have (against all of our advice and warnings) enabled mod_php, in which case Jailkit really can’t save you because Apache is not jailed. All application code runs as the domain owner user.
never mind i’ll work around it
They do not intercept mail. You are explicitly sending mail to them to be forwarded. If you’re not explicitly sending it to them, they can’t forward it.
I don’t know. I still don’t see errors I can do anything with. What is in the PHP and web server logs when you try to send email?
never mind i’ll work around it