[rt-users] Problem(s) receiving mail via rt-mailgate

Bryan Derman bderm at derman.com
Thu Jun 5 06:51:20 EDT 2003


Since I see that there are other people having problems with this, I
thought I'd summarize what I (think I) learned during the process of
getting my rt-mailgate working.  The real problem was configuring the
system for proper operation via smrsh (sendmail's restricted shell).

As per the install instructions, I'd setup a pair of user aliases to
receive mail into RT:

rt:         "|/opt/rt3/bin/rt-mailgate --queue general --action
correspond --url http://blah.blah.com/"
rt-comment: "|/opt/rt3/bin/rt-mailgate --queue general --action comment
--url http://blah.blah.com/"

Sending email to the user "rt" resulted in the "service unavailable"
status (see detail in history messages, copied below).  As indicated,
this was issued by smrsh (which is valid as I have
"FEATURE(`smrsh',`/usr/libexec/smrsh')dnl" specified for my sendmail
configuration).

I used (both)

man smrsh
strings /usr/libexec/smrsh | fgrep '/'

to verify that the location of smrsh's command directory is
"/usr/adm/sm.bin" (this is the strategy suggested somewhere on
http://www.sendmail.org/).

I tried placing a symbolic link to /opt/rt3/bin/rt-mailgate in
/usr/adm/sm.bin, but that just gave the same results.

Next I created the pass-through shell script /usr/adm/sm.bin/rt-mailgate,
as follows (and set it to permissions 755):

#!/bin/sh
/opt/rt3/bin/rt-mailgate $*

I also changed the email aliases' command from "|/opt/rt3/bin/rt-mailgate
..." to "|rt-mailgate ..."

At that point, I received a permissions error from the pass-through shell
script.  Since much of RT runs as "set group ID on execution," I used
(both)

chown root:rt /usr/adm/sm.bin/rt-mailgate
chmod 2755    /usr/adm/sm.bin/rt-mailgate

to change the /usr/adm/sm.bin/rt-mailgate shell script to run as the
group "rt" (the "2" in 2755 permissions mean "set group id on execution").

At this point, RT is receiving emails via the rt-mailgate.  #;-))

Hope this helps some other people (it seems so simple when one looks back
on it!).
______________________________________________________________________
Forwarded message from Bryan Derman on 2003-05-29 at 5:47 PM -0700
**********************************************************************
>Delivered-To: rt-users at pallas.eruditorum.org
>To: rt-users at lists.fsck.com
>From: Bryan Derman <bderm at derman.com>
>Subject: [rt-users] Problem(s) receiving mail via rt-mailgate
>Sender: rt-users-admin at lists.fsck.com
>Date: Thu, 29 May 2003 17:47:26 -0700
>
>I'm running RT 3.0.2 on OS X 10.2.6 with perl 5.8.0 and have been trying
>to the RT's email gateway to receive emails (everything else has been
>running smoothly for a while now).
>
>I have the server on an Intranet and have poked a hole in the firewall to
>allow email to be sent directly to the address of the system, not wanting
>RT to be generally accessible.  After much fiddling with (aka
>configuring) sendmail, sendmail is finally sending and receiving emails.
>Although the system recieves emails as a user, I am now trying to get
>emails received and injected into RT (which is a very nice product, BTW).
>
>What my research has led me to do, thus far:
>-----
>- I've put a link in /usr/adm/sm.bin to /opt/rt3/bin/rt-mailgate
>- I've also enabled RunProgramInUnsafeDirPath in sendmail (ugh!)
>
>What's currently happening:
>-----
>Received emails are bounced with the following (sanitized) diagnostics:
>
><yada ... yada ... yada ...>
>The following addresses had permanent fatal errors:
>"|/opt/rt3/bin/rt-mailgate --queue general --action correspond --url
>http://mumble.foo.com/"
>    (reason: Service unavailable)
>    (expanded from: <rt@[xxx.xxx.xxx.25]>)
>
>Transcript of session follows:
>smrsh: "rt-mailgate" not available for sendmail programs (stat failed)
>554 5.0.0 Service unavailable
>
><snip'd stuff ...>
>
>Final-Recipient: RFC822; rt@[xxx.xxx.xxx.25]
>X-Actual-Recipient: X-Unix; |/opt/rt3/bin/rt-mailgate --queue general
>--action correspond --url http://mumble.foo.com/
>Action: failed
>Status: 5.5.0
>Diagnostic-Code: X-Unix; 69
>
>========
>
>I'm also not getting any errors logged (or displayed) from RT, which may
>or may not be another issue (currently, it looks like rt-mailgate never
>gets invoked so I'm guessing that no error log just means that everything
>in RT is running smoothly?).
>
>I've run Mr. Google ragged trying to solve this one (when I was young, in
>addition to having to walk 5 miles to school in 30-below weather, we not
>only didn't have Google ... we didn't have an Internet!  #;-))
>
>Anyone have any ideas that might send me in the right direction?
>**********************************************************************
End of forwarded message from Bryan Derman
______________________________________________________________________

______________________________________________________________________
Forwarded message from Bryan Derman on 2003-05-30 at 1:30 AM -0700
**********************************************************************
>Delivered-To: rt-users at pallas.eruditorum.org
>To: Phil Homewood <pdh at snapgear.com>
>From: Bryan Derman <bderm at derman.com>
>Subject: Re: [rt-users] Problem(s) receiving mail via rt-mailgate
>Cc: rt-users at lists.fsck.com
>Sender: rt-users-admin at lists.fsck.com
>Date: Fri, 30 May 2003 01:30:50 -0700
>
>Can one ever be sure when it's software for which one does not have the
>source?  #;-))
>
>I did the strings | grep "thingie" as suggested on www.sendmail.org and
>looked a the smrsh man page.  Both of these "tests" would indicate that
>/usr/adm/sm.bin is the directory used by OS X. [Can anyone confirm or
>deny this?]
>
>As for permissions, I have:
>
>/usr/adm/sm.bin
>drwxr-xr-x  4 root   wheel   136 May 29 17:28 ./
>drwxr-xr-x  4 root   wheel   136 May 29 17:28 ../
>lrwxr-xr-x  1 root   wheel    24 May 29 17:28 rt-mailgate ->
>/opt/rt3/bin/rt-mailgate
>
>and
>
>/opt/rt3/bin
>drwxr-xr-x   8 root   admin    272 May 19 03:09 ./
>drwxr-xr-x  10 root   admin    340 May 19 03:09 ../
>-rwxr-xr-x   1 root   rt     18487 May 12 17:31 rt-mailgate
>
>That makes everything executable and I'm not aware of any other
>conditions that need to be satisfied for Sendmail+smrsh ... but that
>doesn't mean there aren't any.  [Anyone know whether there's a flaw in
>this setup?]
>
>I guess I could actually turn off the smrsh feature and see what happens,
>but I'd not want to run it without smrsh and it does seem pretty clear
>that that's where the issue is.
>
>Any ideas?
>
>______________________________________________________________________
>Previous message from Phil Homewood on 2003-05-30 at 5:26 PM +1000
>**********************************************************************
>>Bryan Derman wrote:
>>> - I've put a link in /usr/adm/sm.bin to /opt/rt3/bin/rt-mailgate
>>>
>>> smrsh: "rt-mailgate" not available for sendmail programs (stat failed)
>>
>>Are you sure that /usr/adm/sm.bin is the correct directory
>>for your smrsh, and that the permissions on it are correct?
>>--
>>Phil Homewood, Systems Janitor, http://www.SnapGear.com
>>pdh at snapgear.com Ph: +61 7 3435 2810 Fx: +61 7 3891 3630
>>SnapGear - Custom Embedded Solutions and Security Appliances
>**********************************************************************
End of forwarded message from Bryan Derman
______________________________________________________________________
-- 
-----------------------------------------------------
Bryan Derman          Derman Enterprises Incorporated
bderm at derman.com               http://www.derman.com/
- - - - - - - - - - - - - - - - - - - - - - - - - - -



More information about the rt-users mailing list