[rt-users] Return or Reply address issues

Bruce Campbell bruce_campbell at ripe.net
Thu Jan 31 03:26:40 EST 2002


On 30 Jan 2002, Jim Meyer wrote:

> Pardon my creative rearranging of replies for readability:
>
> On Wed, 2002-01-30 at 17:04, RT2 Troubles wrote:
> > On January 30, 2002 04:39 pm, Bruce Campbell wrote:

nearly 2am my time mind ;)

> > > MTA (sendmail most likely) problem.  See 'Trusted User' in MTA
> > > configuration, and add 'www-data' to it if required.
> >
> > [...] It's the last step that won't work because they are replying to
> > mail that is from "www-data at rt.foo.com".
>
> Right. Bruce was pointing out that it's a problem with your Mail
> Transport Agent (MTA) not trusting the apache user (www-data) and
> therefore not allowing the apache user to send mail with headers
> claiming to be some other user (support at rt.foo.com).
>
> He was suggesting that you check out how to add the apache user to your
> MTA's trusted users, which would solve your problem.

This does have some problems in the long term, in that *any* process
running as www-data (ie, from your web server) can send mail masquarading
as any address.  ( I'm not that good with long explanations when I'm
excessively tired ;) ).

With the latest spate of spam mail spewing forth from web -> email scrips,
having your web server with this ability isn't something you want to
operate an exposed web server with.

Its better, imo, to run the RT web server as a seperate user, as this
contains any problems.

-- 
                             Bruce Campbell                            RIPE
                   Systems/Network Engineer                             NCC
                 www.ripe.net - PGP562C8B1B                      Operations





More information about the rt-users mailing list