[rt-users] prevent email ticket creation by new users?

[Phil Homewood]

Phil R Lawrence wrote:
> 5.  rt-mailgate notes that
>         $LookupSenderInExternalDatabase = 1;
>         $SenderMustExistInExternalDatabase = 1;
>     and immediately throws up its hands, saying:
>         "RT couldn't find requestor via its external database
>         lookup"
>
> BUT THIS IS WRONG.

It surely is.

> GetCurrentUser() is constrained by
>     $LookupSenderInExternalDatabase = 1;
>     $SenderMustExistInExternalDatabase = 1;
> so rt-mailgate need not worry about it.  GetCurrentUser() will bomb and 
> email a notice if the user can't be authenticated due to these settings 
> and the LookupExternalUserInfo function.

Actually, it'll email the error, and return the empty CurrentUser
(no Id), ay which point rt-mailgate throws up its hands via "exit(1)".

> details are below, but I believe the fix is to strip out any logic from
> rt-mailgate that concerns itself with the
> $LookupSenderInExternalDatabase and $SenderMustExistInExternalDatabase
> variables.

I'd agree with that belief. The current check is clearly bogus,
and we shouldn't be able to progress to that part of the mailgate
if the criteria that the check is intended to enforce has not been
met.

The obvious patch is attached, for the benefit of rt-2.0-bugs.
-- 
Phil Homewood, Systems Janitor, www.SnapGear.com
pdh at snapgear.com Ph: +61 7 3435 2810 Fx: +61 7 3891 3630
SnapGear - Custom Embedded Solutions and Security Appliances
-------------- next part --------------
Index: bin/rt-mailgate
===================================================================
RCS file: /cvs/local/rt/bin/rt-mailgate,v
retrieving revision 1.1.1.4
diff -u -r1.1.1.4 rt-mailgate
--- bin/rt-mailgate	15 Jul 2002 01:25:45 -0000	1.1.1.4
+++ bin/rt-mailgate	3 Feb 2003 23:57:25 -0000
@@ -106,8 +106,11 @@
 #Get us a current user object.
 my $CurrentUser = GetCurrentUser($head, $entity, $ErrorsTo);
 
-# We've already performed a warning and sent the mail off to somewhere safe ($RTOwner).
-#  this is _exceedingly_ unlikely but we don't want to keep going if we don't have a current user
+# We've already performed a warning and sent the mail off to somewhere safe
+# ($RTOwner).
+
+# Lack of a valid CurrentUser can happen if we require an external DB lookup,
+# which fails. Maybe for other reasons, too...
 
 unless ($CurrentUser->Id) {
 	exit(1);
@@ -199,23 +202,6 @@
 
 # }}}
 
-
-# {{{ If we require that the sender be found in an external DB and they're not
-# forward this message to RTOwner
-
-
-
-if ($RT::LookupSenderInExternalDatabase && 
-    $RT::SenderMustExistInExternalDatabase )  {
-
-    MailError(To => $RT::OwnerEmail,
-	      Subject => "RT Bounce: $Subject",
-	      Explanation => "RT couldn't find requestor via its external database lookup",
-	      MIMEObj => $entity);
-    
-}
-
-# }}}
 
 # {{{ elsif we don't have a ticket Id, we're creating a new ticket