Autoreply by nobody

Hi,

We've been playing with rt 2 lately, and found to our great sorrow

request tracker insists on autoreplying as nobody@localdomain to new
requests. This setting do not seem to be configurable anywhere, and
digging into the database to change Nobody’s mail address did not
produce any result. Bugzilla at least allows someone to change the mail
the software uses when replying.

Now allowing a random mail address to go through our various filtering

barriers is not too much of an hardship, provided we have at least a
good idea of what will use it. Obviously since nobody can be used be
lots of different apps, it is not a good candidate (what the hell
possessed the authors to hijack a generic system account like this
anyway ?). We really do not want to get into heavy address rewriting
just because of rt, yet autoreply is a must. Do anyone have a good
solution ? Anything that can at least give the system a good hint that a
mail’s author is rt would be great.

Regards,

Nicolas Mailhot
One2team : 12 bis rue de la Pierre Levée - 75011 Paris - France
Tél : + 33 1 43 38 19 80 - Fax : +33 1 43 14 23 07

signature.asc (189 Bytes)

  • Nicolas Mailhot [2002-09-13 14:01]:

We’ve been playing with rt 2 lately, and found to our great sorrow
request tracker insists on autoreplying as nobody@localdomain to new
requests. This setting do not seem to be configurable anywhere

I’ve modified the mail sending bit of my lib/RT/Interface/Email.pm to
look like this:

if ($RT::MailCommand eq 'sendmailpipe') {
    my $From =
        $args{From} =~ /([\w.-]+\@[a-z0-9][a-z0-9.-]*\.[a-z]{2,})/i
            ? "-f $1"
            : undef;
    open (MAIL, "|$RT::SendmailPath $From $RT::SendmailArguments")
        or return(0);
    print MAIL $entity->as_string;
    close(MAIL);
}

Kirill

  • Nicolas Mailhot [2002-09-13 14:01]:
We've been playing with rt 2 lately, and found to our great sorrow

request tracker insists on autoreplying as nobody@localdomain to new
requests. This setting do not seem to be configurable anywhere

I’ve modified the mail sending bit of my lib/RT/Interface/Email.pm to
look like this:

if ($RT::MailCommand eq 'sendmailpipe') {
    my $From =
        $args{From} =~ /([\w.-]+\@[a-z0-9][a-z0-9.-]*\.[a-z]{2,})/i
            ? "-f $1"
            : undef;
    open (MAIL, "|$RT::SendmailPath $From $RT::SendmailArguments")
        or return(0);
    print MAIL $entity->as_string;
    close(MAIL);
}

Well, I’ve tried :

     my $From =
         $args{From} =~ /([\w.-]+\@[a-z0-9][a-z0-9.-]*\.[a-z]{2,})/i
             ? "-F $1"
             : undef;

[ End of patch ]
if ($RT::MailCommand eq ‘sendmailpipe’) {

[ … ]

and this does not seem to work. MTA logs show mail is sent as unix user
nobody, and the MTA then tries to come up with nobody’s mail address
(nobody@localdomain) by itself

Could you please enlighten me on what your code should do (seems I’m
good for a perl crash course anyway:()

Regards,

Nicolas Mailhot
One2team : 12 bis rue de la Pierre Levée - 75011 Paris - France
Tél : + 33 1 43 38 19 80 - Fax : +33 1 43 14 23 07

signature.asc (189 Bytes)

  • Nicolas Mailhot [2002-09-13 15:31]:
We've been playing with rt 2 lately, and found to our great sorrow

request tracker insists on autoreplying as nobody@localdomain to new
requests. This setting do not seem to be configurable anywhere

I’ve modified the mail sending bit of my lib/RT/Interface/Email.pm to
look like this:

if ($RT::MailCommand eq 'sendmailpipe') {
    my $From =
        $args{From} =~ /([\w.-]+\@[a-z0-9][a-z0-9.-]*\.[a-z]{2,})/i
            ? "-f $1"
            : undef;
    open (MAIL, "|$RT::SendmailPath $From $RT::SendmailArguments")
        or return(0);
    print MAIL $entity->as_string;
    close(MAIL);
}

Well, I’ve tried :

     my $From =
         $args{From} =~ /([\w.-]+\@[a-z0-9][a-z0-9.-]*\.[a-z]{2,})/i
             ? "-F $1"
             : undef;

[ End of patch ]
if ($RT::MailCommand eq ‘sendmailpipe’) {

[ … ]

and this does not seem to work. MTA logs show mail is sent as unix user
nobody, and the MTA then tries to come up with nobody’s mail address
(nobody@localdomain) by itself

  1. small “f” in “-f $1” (not “-F $1”)
  2. missing $From in:
    open(MAIL, “|$RT::SendmailPath $From $RT::SendmailArguments”)
    ^^^^^ <- this is -f sender@you.hoo

Could you please enlighten me on what your code should do (seems I’m
good for a perl crash course anyway:()

It takes address matching a quite simplre regex from From: header field
and tells sendmail to use it as the envelope sender address (-f option).

Kirill

At 15:47 13.09.2002 +0200, Kirill Miazine wrote:

It takes address matching a quite simplre regex from From: header field
and tells sendmail to use it as the envelope sender address (-f option).

As it seems the Apache runs as user “nobody”. Will sendmail allow nobody to
set the envelope-from? I’m an Exim-User and there you have to enable the
user explicitly to use “-f”.

So depending on your mailserver config this might as well not work at all.

Best regards,
Nils

  • Nils Ketelsen [2002-09-13 15:55]:

It takes address matching a quite simplre regex from From: header field
and tells sendmail to use it as the envelope sender address (-f option).

As it seems the Apache runs as user “nobody”. Will sendmail allow nobody to
set the envelope-from? I’m an Exim-User and there you have to enable the
user explicitly to use “-f”.

Forget about Apache now - when the ticket first arrives and a reply is being
sent Apache is not used. Mail is sent as the user which runs
rt-mailgate.

So depending on your mailserver config this might as well not work at all.

I have following set (Exim 4):

no_local_from_check
untrusted_set_sender = *

Postfix will allow you to set envelope sender address.

Kirill

  • Nicolas Mailhot [2002-09-13 15:31]:

and this does not seem to work. MTA logs show mail is sent as unix user
nobody, and the MTA then tries to come up with nobody’s mail address
(nobody@localdomain) by itself

  1. small “f” in “-f $1” (not “-F $1”)

eck, sorry

  1. missing $From in:
    open(MAIL, “|$RT::SendmailPath $From $RT::SendmailArguments”)
    ^^^^^ <- this is -f sender@you.hoo

Damn, missed this.
This means your workaround only works with senmailpipe, right ?

Could you please enlighten me on what your code should do (seems I’m
good for a perl crash course anyway:()

It takes address matching a quite simplre regex from From: header field
and tells sendmail to use it as the envelope sender address (-f option).

Well, that’s more or less what I understood. I guess I’ve been staring
at perl code too long:).

Unfortunately, even with small f and big from this does not seem to
work:(

Regards

Nicolas Mailhot
One2team : 12 bis rue de la Pierre Levée - 75011 Paris - France
Tél : + 33 1 43 38 19 80 - Fax : +33 1 43 14 23 07

signature.asc (189 Bytes)

  • Nicolas Mailhot [2002-09-13 16:17]:
  1. missing $From in:
    open(MAIL, “|$RT::SendmailPath $From $RT::SendmailArguments”)
    ^^^^^ <- this is -f sender@you.hoo

Damn, missed this.
This means your workaround only works with senmailpipe, right ?

It can work with the other one too, I happen to use senmailpipe.

Could you please enlighten me on what your code should do (seems I’m
good for a perl crash course anyway:()

It takes address matching a quite simplre regex from From: header field
and tells sendmail to use it as the envelope sender address (-f option).

Well, that’s more or less what I understood. I guess I’ve been staring
at perl code too long:).

Unfortunately, even with small f and big from this does not seem to
work:(

What’s your MTA? Is it configured to accept -f option to set the sender?

It should be noted that “-f sender@some.thing” will set the envelope
sender to sender@some.thing. But since sender is extracted from From:,
it shouldn’t matter in this case.

What do you have in From: header field?

Kirill

  • Nicolas Mailhot [2002-09-13 16:17]:
  1. missing $From in:
    open(MAIL, “|$RT::SendmailPath $From $RT::SendmailArguments”)
    ^^^^^ <- this is -f sender@you.hoo

Damn, missed this.
This means your workaround only works with senmailpipe, right ?

It can work with the other one too, I happen to use senmailpipe.

Could you please enlighten me on what your code should do (seems I’m
good for a perl crash course anyway:()

It takes address matching a quite simplre regex from From: header field
and tells sendmail to use it as the envelope sender address (-f option).

Well, that’s more or less what I understood. I guess I’ve been staring
at perl code too long:).

Unfortunately, even with small f and big from this does not seem to
work:(

What’s your MTA?

Postfix

Is it configured to accept -f option to set the sender?

A quick test shows -f works for normal users

It should be noted that “-f sender@some.thing” will set the envelope
sender to sender@some.thing. But since sender is extracted from From:,
it shouldn’t matter in this case.

What do you have in From: header field?

Return-Path: nobody@localdomain
Delivered-To: nim@localdomain
Received: by smtp.localdomain (Postfix, from userid 99) id 589A61CB22;
Fri,
13 Sep 2002 16:43:16 +0200 (CEST)
Subject: …

Hope this helps:(

Nicolas Mailhot
One2team : 12 bis rue de la Pierre Levée - 75011 Paris - France
Tél : + 33 1 43 38 19 80 - Fax : +33 1 43 14 23 07

signature.asc (189 Bytes)

  • Nicolas Mailhot [2002-09-13 16:17]:
  1. missing $From in:
    open(MAIL, “|$RT::SendmailPath $From $RT::SendmailArguments”)
    ^^^^^ <- this is -f sender@you.hoo

Damn, missed this.
This means your workaround only works with senmailpipe, right ?

It can work with the other one too, I happen to use senmailpipe.

Could you please enlighten me on what your code should do (seems I’m
good for a perl crash course anyway:()

It takes address matching a quite simplre regex from From: header field
and tells sendmail to use it as the envelope sender address (-f option).

Well, that’s more or less what I understood. I guess I’ve been staring
at perl code too long:).

Unfortunately, even with small f and big from this does not seem to
work:(

What’s your MTA?

Postfix

Is it configured to accept -f option to set the sender?

A quick test shows -f works for normal users

It should be noted that “-f sender@some.thing” will set the envelope
sender to sender@some.thing. But since sender is extracted from From:,
it shouldn’t matter in this case.

What do you have in From: header field?

Return-Path: nobody@localdomain
Delivered-To: nim@localdomain
Received: by smtp.localdomain (Postfix, from userid 99) id 589A61CB22;
Fri,
13 Sep 2002 16:43:16 +0200 (CEST)
Subject: …
From: “Support” support@publicdomain
Reply-To: support@publicdomain

Hope this helps:(

And just for the fun of it, I’ve added another alias :

bubu: “|id | /usr/sbin/sendmail -oi -f bob@bob.bob -F
bill@bill.bill nim”

Which gets me :

Return-Path: bob@bob.bob
Delivered-To: nim@localdomain
Received: by smtp.olympe.o2t (Postfix, from userid 99) id 471EE1CB23;
Fri,
13 Sep 2002 17:11:46 +0200 (CEST)
Message-Id: 20020913151146.471EE1CB23@smtp.olympe.o2tDate: Fri, 13 Sep 2002 17:11:46 +0200 (CEST)
From: bob@bob.bob (bill@bill.bill)
To: undisclosed-recipients:;
X-Evolution-Source: imap://nim@imap.olympe.o2t/
Subject: No Subject
Mime-Version: 1.0

uid=99(nobody) gid=99(nobody) groups=99(nobody)

So both -f and -F should work out of the box, except for rt somehow they
don’t:(

Regards,

Nicolas Mailhot
One2team : 12 bis rue de la Pierre Levée - 75011 Paris - France
Tél : + 33 1 43 38 19 80 - Fax : +33 1 43 14 23 07

signature.asc (189 Bytes)

At 17:16 13.09.2002 +0200, Nicolas Mailhot wrote:

Hope this helps:(

And just for the fun of it, I’ve added another alias :

bubu: “|id | /usr/sbin/sendmail -oi -f bob@bob.bob -F
bill@bill.bill nim”

Calling sendmail (or postfix or whatever) from your aliases might result in
complete different behaviour from calling it directly on the commandline is
user nobody. Maybe now sendmail is invoked with the rights of your MTA
(possibly as user mail) instead of being invoked as user nobody.

Nils

  • Nicolas Mailhot [2002-09-13 16:47]:

Return-Path: nobody@localdomain
Delivered-To: nim@localdomain
Received: by smtp.localdomain (Postfix, from userid 99) id 589A61CB22;
Fri,
13 Sep 2002 16:43:16 +0200 (CEST)
Subject: …
From: “Support” support@publicdomain
Reply-To: support@publicdomain

Hope this helps:(

Yes, this helps. The regex was /([\w.-]+@[a-z0-9][a-z0-9.-]*.[a-z]{2,})/i.
Your From: address doesn’t match it.

Kirill

At 17:16 13.09.2002 +0200, Nicolas Mailhot wrote:

Hope this helps:(

And just for the fun of it, I’ve added another alias :

bubu: “|id | /usr/sbin/sendmail -oi -f bob@bob.bob -F
bill@bill.bill nim”

Calling sendmail (or postfix or whatever) from your aliases might result in
complete different behaviour from calling it directly on the commandline is
user nobody. Maybe now sendmail is invoked with the rights of your MTA
(possibly as user mail) instead of being invoked as user nobody.

That’s why I started by an id. Do you think it could have missed
something like a priviledged user ? (just curious, I rechecked this
putting everything in a script and it send the same mail – so the
problem seems to be in rt’s own script and not the mta)

Regards,

Nicolas Mailhot
One2team : 12 bis rue de la Pierre Levée - 75011 Paris - France
Tél : + 33 1 43 38 19 80 - Fax : +33 1 43 14 23 07

signature.asc (189 Bytes)

Hi,

For those interested here is the solution I finaly come up with :

if ($RT::MailCommand eq ‘sendmailpipe’)
{ open (MAIL, “|$RT::SendmailPath -f $RT::OwnerEmail $RT::SendmailArguments”) || return(0); print MAIL $MIMEObj->as_string; close(MAIL); } else { unless ($MIMEObj->send($RT::MailCommand, $RT::MailParams, “-f $RT::OwnerEmail”)) { $RT::Logger->crit("$self: Could not send mail for ". $self->TransactionObj . “\n”); return(0); } }

You must change both SendEmail.pm and Email.pm to make it work (took me
a lot of time to figure why my changes didn’t have any effect:).

It seems to work cleanly (at least with sendmail, not sendmailpipe).
Moreover I think this should be the default behaviour, OwnerEmail is
really the one that should be in the enveloppe.

Anyway, thanks to everyone that tried to help, I learned a few things
and I would certainly have taken me a lot more time without you all.

Best regards,

Nicolas Mailhot
One2team : 12 bis rue de la Pierre Levée - 75011 Paris - France
Tél : + 33 1 43 38 19 80 - Fax : +33 1 43 14 23 07

signature.asc (189 Bytes)

  • Nicolas Mailhot [2002-09-16 12:14]:

Hi,

For those interested here is the solution I finaly come up with :

if ($RT::MailCommand eq ‘sendmailpipe’) {
open (MAIL, “|$RT::SendmailPath -f $RT::OwnerEmail
^^^^^^^^^^^^^^^ <- make sure this
doesn’t contain
evil characters
$RT::SendmailArguments”) || return(0);
print MAIL $MIMEObj->as_string;
close(MAIL);
}

You must change both SendEmail.pm and Email.pm to make it work (took me
a lot of time to figure why my changes didn’t have any effect:).

You only spoke about autoresponding to new tickets if I remember
correctly. Action/SendEmail.pm is not used at that time.

It seems to work cleanly (at least with sendmail, not sendmailpipe).
Moreover I think this should be the default behaviour, OwnerEmail is
really the one that should be in the enveloppe.

IMHO the default behaviour should be using SMTP and avoid command line
arguments entirely.

Kirill

  • Nicolas Mailhot [2002-09-16 12:14]:

Hi,

For those interested here is the solution I finaly come up with :

if ($RT::MailCommand eq ‘sendmailpipe’) {
open (MAIL, “|$RT::SendmailPath -f $RT::OwnerEmail
^^^^^^^^^^^^^^^ <- make sure this
doesn’t contain
evil characters
$RT::SendmailArguments”) || return(0);
print MAIL $MIMEObj->as_string;
close(MAIL);
}

You must change both SendEmail.pm and Email.pm to make it work (took me
a lot of time to figure why my changes didn’t have any effect:).

You only spoke about autoresponding to new tickets if I remember
correctly. Action/SendEmail.pm is not used at that time.

Well, I don’t know how our rt people configured the thing, but it does
use Action/SendEmail.pm for new tickets :slight_smile:

It seems to work cleanly (at least with sendmail, not sendmailpipe).
Moreover I think this should be the default behaviour, OwnerEmail is
really the one that should be in the enveloppe.

IMHO the default behaviour should be using SMTP and avoid command line
arguments entirely.

Of course:) This was the least intrusive change I could come up with.

When I wrote this is the correct behaviour IMHO, I meant the enveloppe
should always be OwnerEmail since this parameter is defined as the
address where errors should go, not that this was the best way to do it.

Regards,

Nicolas Mailhot
One2team : 12 bis rue de la Pierre Levée - 75011 Paris - France
Tél : + 33 1 43 38 19 80 - Fax : +33 1 43 14 23 07

signature.asc (189 Bytes)

  • Nicolas Mailhot [2002-09-16 12:39]:

IMHO the default behaviour should be using SMTP and avoid command line
arguments entirely.

Of course:) This was the least intrusive change I could come up with.

The change wouldn’t be too intrusive. It would affect only the code that
sends mail.

When I wrote this is the correct behaviour IMHO, I meant the enveloppe
should always be OwnerEmail since this parameter is defined as the
address where errors should go, not that this was the best way to do it.

There’s more than one way to do it :wink:

Kirill

This thread helped be finally solve the spam-filtering problem
a customer reported because the original From line was different
from the RT inserted one.

Two comments:On 0, Nicolas Mailhot Nicolas.Mailhot@one2team.com wrote:

if ($RT::MailCommand eq ‘sendmailpipe’)
{ open (MAIL, “|$RT::SendmailPath -f $RT::OwnerEmail $RT::SendmailArguments”) || return(0); print MAIL $MIMEObj->as_string; close(MAIL); } else { unless ($MIMEObj->send($RT::MailCommand, $RT::MailParams, “-f $RT::OwnerEmail”)) { $RT::Logger->crit("$self: Could not send mail for ". $self->TransactionObj . “\n”); return(0); } }

Instead of $RT::OwnerEmail, I had to do $RT::CorrespondAddress
because OwnerEmail was a human (me) as recommended by config.pm comments.

After changing that in both .pm files and making sure that both
"mail" and “nobody” (or whatever httpd was running as) were in my
/etc/mail/trusted-users file, everything worked fine.

Brian McClendon bam@intrinsic.com 650-966-6804