Inbound email permissions problem

Hi all,

Thanks to everyone (smylers) for the help getting outbound emails to work.

However, below is what happened when I tried to respond to the message I got
from RT.

I’m assuming that it’s something to do with exim running with the euid of
’mail’ and not ‘rtowner’, but the permissions for rt-mailgate show

[root@larry root]# ll /opt/rt2/bin/rt-mailgate
-rwxr-sr-x 1 root rt 9116 Mar 21 16:43
/opt/rt2/bin/rt-mailgate[root@larry root]#

I’ve tried chmod u+s, and then changing the owner to rtowner, and apache but
it’s not made any difference (apache is the user that apache runs under,
rtowner is the owner of the database).

GarySubject: Mail delivery failed: returning message to sender
Date: Tue, 26 Mar 2002 10:06:17 +0000
From: Mail Delivery System Mailer-Daemon@ringways.co.uk
To: gary.stainburn@ringways.co.uk

This message was created automatically by mail delivery software (Exim).

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

pipe to |/opt/rt2/bin/rt-mailgate --queue group --action correspond
generated by rt@larry.ringways.co.uk

The following text was generated during the delivery attempt:

------ pipe to |/opt/rt2/bin/rt-mailgate --queue group --action correspond
generated by rt@larry.ringways.co.uk ------

Permission Denied
------ This is a copy of the message, including all the headers. ------

Return-path: gary.stainburn@ringways.co.uk
Received: from localhost.localdomain ([127.0.0.1] helo=localhost)
by larry.ringways.co.uk with esmtp (Exim 3.22 #1)
id 16pnqE-00076c-00
for rt@larry.ringways.co.uk; Tue, 26 Mar 2002 10:06:10 +0000
Received: from mail.ringways.co.uk
by localhost with POP3 (fetchmail-5.9.0)
for rt@larry.ringways.co.uk (multi-drop); Tue, 26 Mar 2002 10:06:10 +0000
(GMT) Received: from gary.ringways.co.uk ([10.1.1.2] helo=there)
by stan.ringways.co.uk with smtp (Exim 3.33 #2)
id 16pSRQ-0001RE-00
for rt@ringways.co.uk; Mon, 25 Mar 2002 11:15:08 +0000
Content-Type: text/plain;
charset="iso-8859-1"
From: Gary Stainburn gary.stainburn@ringways.co.uk
Organization: Ringways Garages Ltd
To: rt@ringways.co.uk
Subject: Re: [ringways.co.uk #1] Ticket Resolved
Date: Mon, 25 Mar 2002 11:15:31 +0000
X-Mailer: KMail [version 1.3.2]
References: rt-1-199.12.7259077708635@ringways.co.uk
In-Reply-To: rt-1-199.12.7259077708635@ringways.co.uk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: E16pSRQ-0001RE-00@stan.ringways.co.uk
Status: RO

Gary Stainburn wrote:

However, below is what happened when I tried to respond to the message
I got from RT.

I’m assuming that it’s something to do with exim running with the euid
of ‘mail’ and not ‘rtowner’, but the permissions for rt-mailgate show

When I first tried ‘RT’ we had some ‘Exim’ error that I can’t remember
the exact details of. However, I can remember what fixed it. In the
‘DIRECTORS CONFIGURATION’ section there’s this:

This director handles aliasing using a traditional /etc/aliases file.

If any of your aliases expand to pipes or files, you will need to set

up a user and a group for these deliveries to run under. You can do

this by uncommenting the “user” option below (changing the user name

as appropriate) and adding a “group” option if necessary.

system_aliases:
driver = aliasfile
file_transport = address_file
pipe_transport = address_pipe
file = /etc/aliases
search_type = lsearch

user = list

I tried adding this:

user = nobody

It then started working, so I didn’t bother investigating it any
further!

Smylers
GBdirect
http://www.gbdirect.co.uk/

Earlier I wrote:

system_aliases:
driver = aliasfile
file_transport = address_file
pipe_transport = address_pipe
file = /etc/aliases
search_type = lsearch

user = list

I tried adding this:

user = nobody

I meant:

user = nobody
group = rt

Ooops.

It then started working, so I didn’t bother investigating it any
further!

Smylers
GBdirect
http://www.gbdirect.co.uk/

Earlier I wrote:

system_aliases:
driver = aliasfile
file_transport = address_file
pipe_transport = address_pipe
file = /etc/aliases
search_type = lsearch

user = list

I tried adding this:

user = nobody

I meant:

user = nobody
group = rt

Ooops.

It then started working, so I didn’t bother investigating it any
further!

Smylers

I both the system_aliases, and address_pipe, I’ve mail, nobody, and rt as the
user and mail, nobody, rt, rtowner as the group all to no avail.

The problem is I don’t even know at which point it’s getting the ‘Permission
Denied’ problem.

Is it within Exim, Exim calling rt-mailgate, or within rt-mailgate.

Does anyone know how to turn on some debugging within Exim and rt-mailgate to
try to sort out the probem?

Gary Stainburn

This email does not contain private or confidential material as it
may be snooped on by interested government parties for unknown
and undisclosed purposes - Regulation of Investigatory Powers Act, 2000

Gary Stainburn wrote:

Does anyone know how to turn on some debugging within Exim and
rt-mailgate to try to sort out the probem?

I’ve no idea about in ‘Exim’, but in ‘RT’ check config.pm. If you have

$LogToFile = ‘debug’;

and make sure that $LogToFileNamed doesn’t contain $$ then ‘RT’ will
spew much information, and all of rt-mailgate’s output will go to a
single file. Then you just have to tail -f when sending some mail.

Smylers
GBdirect
http://www.gbdirect.co.uk/

Gary Stainburn wrote:

Does anyone know how to turn on some debugging within Exim and
rt-mailgate to try to sort out the probem?

I’ve no idea about in ‘Exim’, but in ‘RT’ check config.pm. If you have

$LogToFile = ‘debug’;

and make sure that $LogToFileNamed doesn’t contain $$ then ‘RT’ will
spew much information, and all of rt-mailgate’s output will go to a
single file. Then you just have to tail -f when sending some mail.

Smylers

Okay, now we’re getting somewhere, although I don’t know where.

I made the changes you suggested, and got some output in /tmp/rt.log.30511.8
(yes, I know the $$ and $< should not be there, I did remove them from the
config file).

I’m still running 2.0.12 at the mo.

here’s what I got:

[root@larry tmp]# ll rt.log.30511.8
-rw-r–r-- 1 mail rt 1353 Apr 3 16:04 rt.log.30511.8
[root@larry tmp]# cat rt.log.30511.8
Found a ticket ID. It’s 1Use of uninitialized value in join at
/opt/rt2/lib/RT/Ticket.pm line 1182, line 27.
Use of uninitialized value in pattern match (m//) at
/opt/rt2/lib/RT/Record.pm line 133, line 27.
Use of uninitialized value in concatenation (.) at
/usr/lib/perl5/site_perl/5.6.0/DBIx/SearchBuilder/Record/Cachable.pm line
188, line 27.
Use of uninitialized value in join at /opt/rt2/lib/RT/Ticket.pm line 1182,
line 27.
Use of uninitialized value in pattern match (m//) at
/opt/rt2/lib/RT/Record.pm line 133, line 27.
Use of uninitialized value in concatenation (.) at
/usr/lib/perl5/site_perl/5.6.0/DBIx/SearchBuilder/Record/Cachable.pm line
188, line 27.
Use of uninitialized value in join at /opt/rt2/lib/RT/Ticket.pm line 1182,
line 27.
Use of uninitialized value in pattern match (m//) at
/opt/rt2/lib/RT/Record.pm line 133, line 27.
Use of uninitialized value in concatenation (.) at
/usr/lib/perl5/site_perl/5.6.0/DBIx/SearchBuilder/Record/Cachable.pm line
188, line 27.
Use of uninitialized value in join at /opt/rt2/lib/RT/Ticket.pm line 1182,
line 27.
Use of uninitialized value in join at /opt/rt2/lib/RT/Ticket.pm line 1182,
line 27.
Use of uninitialized value in join at /opt/rt2/lib/RT/Ticket.pm line 1182,
line 27.
[root@larry tmp]#
Gary Stainburn

This email does not contain private or confidential material as it
may be snooped on by interested government parties for unknown
and undisclosed purposes - Regulation of Investigatory Powers Act, 2000

Hi,

I have actually run into the exact same problem and discovered that it
is a permission problem inside RT. When I set the “Reply to Ticket"
permission for everyone, RT responds to the message as expected. The
watcher can reply when permissions for him are set, but, unless ther
reply permission is set for everyone, the requestor cannot. I get the
"Permission Denied” error message back even though the requestor has
"Reply to Ticket" set in his permissions.

Does anyone know why the requestor cannot reply despite having been
given the right to do so?

Thanks,

MarcOn Wed, 2002-04-03 at 16:05, Gary Stainburn wrote:

On Wednesday 03 April 2002 3:27 pm, Smylers wrote:

Gary Stainburn wrote:

Does anyone know how to turn on some debugging within Exim and
rt-mailgate to try to sort out the probem?

I’ve no idea about in ‘Exim’, but in ‘RT’ check config.pm. If you have

$LogToFile = ‘debug’;

and make sure that $LogToFileNamed doesn’t contain $$ then ‘RT’ will
spew much information, and all of rt-mailgate’s output will go to a
single file. Then you just have to tail -f when sending some mail.

Smylers

Okay, now we’re getting somewhere, although I don’t know where.

I made the changes you suggested, and got some output in /tmp/rt.log.30511.8
(yes, I know the $$ and $< should not be there, I did remove them from the
config file).

I’m still running 2.0.12 at the mo.

here’s what I got:

[root@larry tmp]# ll rt.log.30511.8
-rw-r–r-- 1 mail rt 1353 Apr 3 16:04 rt.log.30511.8
[root@larry tmp]# cat rt.log.30511.8
Found a ticket ID. It’s 1Use of uninitialized value in join at
/opt/rt2/lib/RT/Ticket.pm line 1182, line 27.
Use of uninitialized value in pattern match (m//) at
/opt/rt2/lib/RT/Record.pm line 133, line 27.
Use of uninitialized value in concatenation (.) at
/usr/lib/perl5/site_perl/5.6.0/DBIx/SearchBuilder/Record/Cachable.pm line
188, line 27.
Use of uninitialized value in join at /opt/rt2/lib/RT/Ticket.pm line 1182,
line 27.
Use of uninitialized value in pattern match (m//) at
/opt/rt2/lib/RT/Record.pm line 133, line 27.
Use of uninitialized value in concatenation (.) at
/usr/lib/perl5/site_perl/5.6.0/DBIx/SearchBuilder/Record/Cachable.pm line
188, line 27.
Use of uninitialized value in join at /opt/rt2/lib/RT/Ticket.pm line 1182,
line 27.
Use of uninitialized value in pattern match (m//) at
/opt/rt2/lib/RT/Record.pm line 133, line 27.
Use of uninitialized value in concatenation (.) at
/usr/lib/perl5/site_perl/5.6.0/DBIx/SearchBuilder/Record/Cachable.pm line
188, line 27.
Use of uninitialized value in join at /opt/rt2/lib/RT/Ticket.pm line 1182,
line 27.
Use of uninitialized value in join at /opt/rt2/lib/RT/Ticket.pm line 1182,
line 27.
Use of uninitialized value in join at /opt/rt2/lib/RT/Ticket.pm line 1182,
line 27.
[root@larry tmp]#

Gary Stainburn

This email does not contain private or confidential material as it
may be snooped on by interested government parties for unknown
and undisclosed purposes - Regulation of Investigatory Powers Act, 2000


rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users

E-mail is an informal method of communication and may be subject to data corruption, interception and unauthorised amendment for which Digital Bridges Ltd will accept no liability. Therefore, it will normally be inappropriate to rely on information contained on e-mail without obtaining written confirmation.

This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.

Hi,

I have actually run into the exact same problem and discovered that it
is a permission problem inside RT. When I set the “Reply to Ticket"
permission for everyone, RT responds to the message as expected. The
watcher can reply when permissions for him are set, but, unless ther
reply permission is set for everyone, the requestor cannot. I get the
"Permission Denied” error message back even though the requestor has
"Reply to Ticket" set in his permissions.

Does anyone know why the requestor cannot reply despite having been
given the right to do so?

Has anyone found an answer to this question or mine yet? As you can see from
the debug listed below, I am allowed to run rt-mailgate so it’s not a unix
permission problem so it must be an RT permission problem.

I’m running RH7.2 with RT 2.0.12

Gary

[root@larry tmp]# cat rt.log.23944.8
Found a ticket ID. It’s 1Use of uninitialized value in join at
/opt/rt2/lib/RT/Ticket.pm line 1182, line 27.
Use of uninitialized value in pattern match (m//) at
/opt/rt2/lib/RT/Record.pm line 133, line 27.
Use of uninitialized value in concatenation (.) at
/usr/lib/perl5/site_perl/5.6.0/DBIx/SearchBuilder/Record/Cachable.pm line
188, line 27.
Use of uninitialized value in join at /opt/rt2/lib/RT/Ticket.pm line 1182,
line 27.
Use of uninitialized value in pattern match (m//) at
/opt/rt2/lib/RT/Record.pm line 133, line 27.
Use of uninitialized value in concatenation (.) at
/usr/lib/perl5/site_perl/5.6.0/DBIx/SearchBuilder/Record/Cachable.pm line
188, line 27.
Use of uninitialized value in join at /opt/rt2/lib/RT/Ticket.pm line 1182,
line 27.
Use of uninitialized value in pattern match (m//) at
/opt/rt2/lib/RT/Record.pm line 133, line 27.
Use of uninitialized value in concatenation (.) at
/usr/lib/perl5/site_perl/5.6.0/DBIx/SearchBuilder/Record/Cachable.pm line
188, line 27.
Use of uninitialized value in join at /opt/rt2/lib/RT/Ticket.pm line 1182,
line 27.
Use of uninitialized value in join at /opt/rt2/lib/RT/Ticket.pm line 1182,
line 27.
Use of uninitialized value in join at /opt/rt2/lib/RT/Ticket.pm line 1182,
line 27.
Permission Denied[root@larry tmp]#

Thanks,

Marc

Gary Stainburn wrote:

Does anyone know how to turn on some debugging within Exim and
rt-mailgate to try to sort out the probem?

I’ve no idea about in ‘Exim’, but in ‘RT’ check config.pm. If you have

$LogToFile = ‘debug’;

and make sure that $LogToFileNamed doesn’t contain $$ then ‘RT’ will
spew much information, and all of rt-mailgate’s output will go to a
single file. Then you just have to tail -f when sending some mail.

Smylers

Okay, now we’re getting somewhere, although I don’t know where.

I made the changes you suggested, and got some output in
/tmp/rt.log.30511.8 (yes, I know the $$ and $< should not be there, I did
remove them from the config file).

I’m still running 2.0.12 at the mo.

here’s what I got:

[root@larry tmp]# ll rt.log.30511.8
-rw-r–r-- 1 mail rt 1353 Apr 3 16:04 rt.log.30511.8
[root@larry tmp]# cat rt.log.30511.8
Found a ticket ID. It’s 1Use of uninitialized value in join at
/opt/rt2/lib/RT/Ticket.pm line 1182, line 27.
Use of uninitialized value in pattern match (m//) at
/opt/rt2/lib/RT/Record.pm line 133, line 27.
Use of uninitialized value in concatenation (.) at
/usr/lib/perl5/site_perl/5.6.0/DBIx/SearchBuilder/Record/Cachable.pm line
188, line 27.
Use of uninitialized value in join at /opt/rt2/lib/RT/Ticket.pm line
1182, line 27.
Use of uninitialized value in pattern match (m//) at
/opt/rt2/lib/RT/Record.pm line 133, line 27.
Use of uninitialized value in concatenation (.) at
/usr/lib/perl5/site_perl/5.6.0/DBIx/SearchBuilder/Record/Cachable.pm line
188, line 27.
Use of uninitialized value in join at /opt/rt2/lib/RT/Ticket.pm line
1182, line 27.
Use of uninitialized value in pattern match (m//) at
/opt/rt2/lib/RT/Record.pm line 133, line 27.
Use of uninitialized value in concatenation (.) at
/usr/lib/perl5/site_perl/5.6.0/DBIx/SearchBuilder/Record/Cachable.pm line
188, line 27.
Use of uninitialized value in join at /opt/rt2/lib/RT/Ticket.pm line
1182, line 27.
Use of uninitialized value in join at /opt/rt2/lib/RT/Ticket.pm line
1182, line 27.
Use of uninitialized value in join at /opt/rt2/lib/RT/Ticket.pm line
1182, line 27.
[root@larry tmp]#

Gary Stainburn

This email does not contain private or confidential material as it
may be snooped on by interested government parties for unknown
and undisclosed purposes - Regulation of Investigatory Powers Act, 2000


rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users


E-mail is an informal method of communication and may be subject to data
corruption, interception and unauthorised amendment for which Digital
Bridges Ltd will accept no liability. Therefore, it will normally be
inappropriate to rely on information contained on e-mail without obtaining
written confirmation.

This e-mail may contain confidential and/or privileged information. If you
are not the intended recipient (or have received this e-mail in error)
please notify the sender immediately and destroy this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.



rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users

Gary Stainburn

This email does not contain private or confidential material as it
may be snooped on by interested government parties for unknown
and undisclosed purposes - Regulation of Investigatory Powers Act, 2000