Imap-open无法连接到Gmail-SELinux问题

时间:2019-09-21 02:06:45

标签: php imap selinux imap-open php-imap

嗨,我正在研究一些代码,以将Gmail中的某些帐户映射到LAMP服务器,我以前已经做过,现在尝试使用相同的代码,但是毫无用处,好了,我整天都在这里阅读很多内容,这就是我已经做到现在为止。

我在gmail上启用了imap转发。从这里https://support.google.com/mail/answer/7126229?hl=en&authuser=7&visit_id=637046170242826287-1928730887&rd=2

我已允许访问Google帐户中不安全的应用程序

我已设置两步验证:打开+创建了应用密码

最后两个方法都是同一回事。

好吧,我尝试这样的连接:

curl -v --insecure  --url "imaps://imap.gmail.com:993" --user "myuser4@gmail.com:mypassword" 

并获得


    * About to connect() to imap.gmail.com port 993 (#0)
    *   Trying 2607:f8b0:400c:c0d::6d...
    * Connected to imap.gmail.com (2607:f8b0:400c:c0d::6d) port 993 (#0)
    * Initializing NSS with certpath: sql:/etc/pki/nssdb
    * skipping SSL peer certificate verification
    * SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    * Server certificate:
    *       subject: CN=imap.gmail.com,O=Google LLC,L=Mountain View,ST=California,C=US
    *       start date: Sep 05 20:13:16 2019 GMT
    *       expire date: Nov 28 20:13:16 2019 GMT
    *       common name: imap.gmail.com
    *       issuer: CN=GTS CA 1O1,O=Google Trust Services,C=US
    < * OK Gimap ready for requests from 2806:10be:3:2538:adb4:f65f:6c54:4264 j15mb13295787vsf
    > B CAPABILITY
    < * CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA ID XLIST CHILDREN X-GM-EXT-1 XYZZY SASL-IR AUTH=XOAUTH2 AUTH=PLAIN AUTH=PLAIN-CLIENTTOKEN AUTH=OAUTHBEARER AUTH=XOAUTH
    < B OK Thats all she wrote! j15mb13295787vsf
    > C AUTHENTICATE PLAIN
    < + 
    > aG9saWRheXNwcmVtaWVyLmVqZWN1dGl2bzE0QGdtYWlsLmNvbQBob2xpZGF5c3ByZW1pZXIuZWplY3V0aXZvMTRAZ21haWwuY29tAGZpd2p0ZnFhaHJ4Zm55cnU=
    < * CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA ID XLIST CHILDREN X-GM-EXT-1 UIDPLUS COMPRESS=DEFLATE ENABLE MOVE CONDSTORE ESEARCH UTF8=ACCEPT LIST-EXTENDED LIST-STATUS LITERAL- SPECIAL-USE APPENDLIMIT=35651584
    < C OK hmyuser@gmail.com authenticated (Success)
    Etc................................................................

然后一切正常,因为我是从VM上的服务器上运行网络的,所以一切正常。
 然后


    $ php -v
    PHP 5.6.40 (cli) (built: Aug 28 2019 15:03:50) 
    Copyright (c) 1997-2016 The PHP Group
    Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies 

    $ httpd -v
    Server version: Apache/2.4.6 (CentOS)
    Server built:   Aug  8 2019 11:41:18

已安装软件包 php-imap

<?php 

$hostname = '{imap.gmail.com:993/imap/ssl/novalidate-cert}INBOX';
$username = 'myuser@gmail.com';
$password = 'mypassword';

$mbx = imap_open($hostname,$username,$password)or die('Cannot connect: ' . print_r(imap_errors($mbx)));

?>

这很奇怪

Warning: imap_open(): Couldn't open stream {imap.gmail.com:993/imap/ssl/novalidate-cert}INBOX in /var/www/html/imap/connect.php on line 8

Notice: Unknown: Can't connect to gmail-imap.l.google.com,993: Permission denied (errflg=1) in Unknown on line 0

Notice: Unknown: Can't connect to gmail-imap.l.google.com,993: Permission denied (errflg=1) in Unknown on line 0

Notice: Unknown: Can't connect to gmail-imap.l.google.com,993: Permission denied (errflg=2) in Unknown on line 0

但如果我这样做

if (function_exists('imap_open')) {
    echo "IMAP functions are available.<br />\n";
} else {
    echo "IMAP functions are not available.<br />\n";
} 

它提供了IMAP功能。

在html上的日志上

[Fri Sep 20 20:49:59.706418 2019] [:error] [pid 1844] [client 192.168.100.19:58086] PHP Warning:  imap_open(): Couldn't open stream {imap.gmail.com:993/imap/ssl/novalidate-cert}INBOX in /var/www/html/imap/connect.php on line 8, referer: http://myserver.com/imap/connect.php
[Fri Sep 20 20:49:59.706727 2019] [:error] [pid 1844] [client 192.168.100.19:58086] PHP Notice:  Unknown: Can't connect to gmail-imap.l.google.com,993: Permission denied (errflg=1) in Unknown on line 0, referer: http://myserver.com/imap/
[Fri Sep 20 20:49:59.706761 2019] [:error] [pid 1844] [client 192.168.100.19:58086] PHP Notice:  Unknown: Can't connect to gmail-imap.l.google.com,993: Permission denied (errflg=1) in Unknown on line 0, referer: http://myserver.com/imap/
[Fri Sep 20 20:49:59.706789 2019] [:error] [pid 1844] [client 192.168.100.19:58086] PHP Notice:  Unknown: Can't connect to gmail-imap.l.google.com,993: Permission denied (errflg=2) in Unknown on line 0, referer: http://myserver.com/imap/

我正在考虑,发现应该是SELinux,然后

`$ setenforce 0` 

` $ getenforce
Permissive` 

,然后重试一次,但是我不想禁用SELinux

然后我找到

setsebool -P httpd_can_network_connect 1

来源 https://wiki.centos.org/TipsAndTricks/SelinuxBooleans

希望这对某人有帮助! ;)

0 个答案:

没有答案