CommandByMail problem

Sorry, this was to go to the list as well,

Ruslan,

Maybe you can help me here. I have been testing 3.87 with great success and
am ready to install into production. Then someone noticed a problem I had
not tested for (shame on me). It seems that when we turn on CommandByMail,
two things happen that seem to be wrong:

  1. Email from any RT User creates a ticket in a queue, EVEN when the right
    "CreateTicket" has NOT been applied to that User/group/role/Sys group for
    that Queue. It still gets in and becomes a ticket. I checked the rights on
    this VERY thoroughly.
  2. Email from NON-RT Users and NON-LDAP Users gets sent back to the "from"
    address in a never-ending loop.

I know how to turn off the loop, by temporarily turning off "TakeAction:"
from the Plugin and then bouncing RT.

The two questions I have are:

  1. How do I get the Queue rights (for “CreateTicket”) to be respected by
    CBM?
  2. How do I get the never-ending email loop to NOT initiate in the first
    place?

This is becoming a rapidly growing concern among my management.

Your help in this matter will be greatly appreciated.

Thanks.

Kenn

  1. Email from any RT User creates a ticket in a queue, EVEN when the right “CreateTicket” has
    NOT been applied to that User/group/role/Sys group for that Queue. It still gets in and
    becomes a ticket. I checked the rights on this VERY thoroughly.

You must have a misconfiguration, setting up a vanilla 3.8.7 with a
user who has no CreateTicket rights anywhere and injecting mail from
that user gets
not ok - Ticket creation failed: No permission to create tickets in
the queue 'General’
as a result. This is because Auth::MailFrom will reject the user
before CommandByMail gets to it

  1. Email from NON-RT Users and NON-LDAP Users gets sent back to the “from” address in a
    never-ending loop.

I know how to turn off the loop, by temporarily turning off “TakeAction:” from the Plugin and
then bouncing RT.

The two questions I have are:

It isn’t clear to me why notifying the From: in your environment
causes a loop

-kevin

1) Email from any RT User creates a ticket in a queue, EVEN when the right "CreateTicket" has
NOT been applied to that User/group/role/Sys group for that Queue. It still gets in and
becomes a ticket. I checked the rights on this VERY thoroughly.

You must have a misconfiguration, setting up a vanilla 3.8.7 with a
user who has no CreateTicket rights anywhere and injecting mail from
that user gets
not ok - Ticket creation failed: No permission to create tickets in
the queue 'General’
as a result. This is because Auth::MailFrom will reject the user
before CommandByMail gets to it

2) Email from NON-RT Users and NON-LDAP Users gets sent back to the "from" address in a
never-ending loop.

I know how to turn off the loop, by temporarily turning off "TakeAction:" from the Plugin and
then bouncing RT.

The two questions I have are:

It isn’t clear to me why notifying the From: in your environment
causes a loop

-kevin

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
What order are your MailPlugins in?

Jeff

Sorry,

This &^%$%Gemail doesn’t do a reply like I’m used to. I wanted to include
the list.

KennOn Thu, Apr 22, 2010 at 9:00 AM, Kenneth Crocker kfcrocker@lbl.gov wrote:

Jeff, Kevin,

I agree that something is configured wrong. The plugins look like this:

Set(@MailPlugins, (qw(Auth::MailFrom Filter::TakeAction)));
Set(@Plugins,(qw(RTx::Calendar RT::Authen::ExternalAuth
RT::Extension::CommandByMail)));

The only person with “CreateTicket” rights is the role AdminCc for the
Queue (which is me). I had another person who is privileged send in an email
and the ticket was created. I know, it doesn’t make sense at all. Privileges
have always worked before. I’m thinking we did something wrong in the
install, so I’m going to flush my environment and re-create it.

If there is something I need to ensure on installation, that would be
helpful. I’m also NOT going to install Timeline, as it doesn’t work that
well anyway (no easy way to modify what is displayed).

Hopefully, this will do it.

Kenn
LBNL

On Thu, Apr 22, 2010 at 7:31 AM, Jeff Voskamp javoskam@uwaterloo.cawrote:

On 04/22/2010 09:53 AM, Kevin Falcone wrote:

On Wed, Apr 21, 2010 at 01:39:04PM -0700, Kenneth Crocker wrote:

  1. Email from any RT User creates a ticket in a queue, EVEN when the
    right “CreateTicket” has
    NOT been applied to that User/group/role/Sys group for that Queue. It
    still gets in and
    becomes a ticket. I checked the rights on this VERY thoroughly.

You must have a misconfiguration, setting up a vanilla 3.8.7 with a
user who has no CreateTicket rights anywhere and injecting mail from
that user gets
not ok - Ticket creation failed: No permission to create tickets in
the queue 'General’
as a result. This is because Auth::MailFrom will reject the user
before CommandByMail gets to it

  1. Email from NON-RT Users and NON-LDAP Users gets sent back to the
    "from" address in a
    never-ending loop.

I know how to turn off the loop, by temporarily turning off
"TakeAction:" from the Plugin and
then bouncing RT.

The two questions I have are:

It isn’t clear to me why notifying the From: in your environment
causes a loop

-kevin

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

What order are your MailPlugins in?

Jeff

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

To List & Kevin & Jeff,

Whomever created RightsMatrix, I owe them a beer. Actually a pitcher.

I SSOOOOOOOOOOO embarrassed by this mistake. However, confession is good for
the soul.

I’ve been on 3.6.4 so for so long, I completely forgot that 3.8.7 allows the
granting of “SuperUser” at the group level, whereas in 3.6.4, that was not
possible. I am BIG on *not *granting rights to individual users, but because
of 3.6.4, I had granted the “SuperUser” right to a few individuals.

Then along comes 3.8.7 and I had found out we could grant “SuperUser” at the
group level so I did. Then just recently, wanted to do a test and the
person I wanted to do the test was a “SuperUser”. Since that would defeat
the test, I removed the “SuperUser” right for that individual, but forgot
about that right having been granted for a group he was in. So when I looked
at his individual rights, he shouldn’t have that right, yet he was creating
a ticket. So I finally woke up and used RightsMatrix and clicked the Y under
that right under “ALL” and lo and behold, the answer.

It is now corrected and it works fine.

The problem with the never-ending email loop is, of course, unrelated. We
think it has to do with the “Timeline” directory/code bumping into
"CommandByMail" directory/code in that Takeaction seems to keep repeating
it’s rejection. We’re going to remove TImeline and try again.

Thanks again for your time and effort.

Kenn
LBNLOn Thu, Apr 22, 2010 at 6:53 AM, Kevin Falcone falcone@bestpractical.comwrote:

On Wed, Apr 21, 2010 at 01:39:04PM -0700, Kenneth Crocker wrote:

  1. Email from any RT User creates a ticket in a queue, EVEN when the
    right “CreateTicket” has
    NOT been applied to that User/group/role/Sys group for that Queue. It
    still gets in and
    becomes a ticket. I checked the rights on this VERY thoroughly.

You must have a misconfiguration, setting up a vanilla 3.8.7 with a
user who has no CreateTicket rights anywhere and injecting mail from
that user gets
not ok - Ticket creation failed: No permission to create tickets in
the queue 'General’
as a result. This is because Auth::MailFrom will reject the user
before CommandByMail gets to it

  1. Email from NON-RT Users and NON-LDAP Users gets sent back to the
    "from" address in a
    never-ending loop.

I know how to turn off the loop, by temporarily turning off
"TakeAction:" from the Plugin and
then bouncing RT.

The two questions I have are:

It isn’t clear to me why notifying the From: in your environment
causes a loop

-kevin

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com