[rt-users] RT4 Postfix/Apache Email Return-Path causing issues
Bill Cole
rtusers-20090205 at billmail.scconsult.com
Wed Mar 20 19:58:12 EDT 2013
On 20 Mar 2013, at 17:37, Billington, James wrote:
> This looks like it might work. It just feels like we're tricking the
> system as a workaround instead of fixing it at the root.
Not really. Return-Path is a header that gets created by an MTA for
local delivery or when constructing a bounce message, with the SMTP
envelope sender address as the header value. The SMTP envelope sender
address domain is checked by receiving MTA's because that is the address
that bounces get sent to, it is visible to the receiving MTA before any
message data is sent, and a bad domain in that address is proof of a
misconfigured sending system. Historically, a bad envelope sender domain
was common in spam, before Sendmail made rejection of such mail a
default setting. No system should be generating *ANY* mail with an
envelope sender in a domain that has no MX or A record, and any envelope
sender address should actually deliverable (even if final delivery
consists of a pipe into /dev/null).
So *one* root is that RT isn't setting the envelope sender to something
that works. The *other* root is that your Postfix config is wrong in
that it sends mail with a bad domain part in envelope sender addresses.
The fix for that is to set myhostname to something sane in
/etc/postfix/main.conf.
> Isn't there a way to set the Return-Path without changing the From:
> and/or ReplyTo: headers? RT already set those properly. I just need
> the Return-Path to change.
It may have changed with RT4, but historically RT has set the envelope
sender address via the $SendmailArguments variable in RT_StiteConfig.pm
using the sendmail "-f" option, with an address that gets delivered
into the rtbouncehandler program. For example:
Set($SendmailArguments , "-frtbounce\@requesttracker.example.com -oi
-t");
On a machine running "real" Sendmail that knows itself as
requesttracker.example.com, that operates in concert with an entry in
the alias file:
rtbounce: "|/etc/smrsh/rtbouncehandler | /etc/smrsh/rt-mailgate --queue
incoming --action comment --url https://requesttracker.example.com/rt/
--timeout 300"
The alias provides feedback into RT when ticket mail bounces.
Constructing an equivalent alias for Postfix is left as an exercise :)
> Just to confirm a starting point... where are these headers set? Where
> is the Return-Path: header set? Sendmail right? RT hands off the
> formatted email with most of the needed headers/content and sendmail
> adds the Return-Path: header, right? Postfix doesn't do it, does it?
> Just confirming where to check?
RT pipes a fully-formed (in theory) message into a sendmail process. If
you are using Postfix, that "sendmail" is in fact a Postfix version
built to mimic "real" Sendmail. Postfix's sendmail transforms the
message (as influenced by its arguments & environment) into Postfix
queue format and passes it to postdrop, which injects it in the maildrop
queue. That queue file has an envelope sender address, which is either
the -f argument to sendmail or if there is no -f argument, the user that
ran sendmail @ the Postfix myhostname setting. It is possible to use
Postfix "generic" address mapping to fix a bad myhostname config, but
that is not the most robust approach.
More information about the rt-users
mailing list