Mail interface, how to configure?


#1

What mta are you using?
can you give me an ls -lR of /usr/lib/rt/bin ?

This is Debian GNU/Linux, the potato version which is currently unstable.

Package: webrt
Version: 1.0.1-3
Severity: normal

– System Information
Debian Release: 2.2
Kernel Version: Linux dilbert 2.2.14 #8 SMP Sat Feb 19 20:08:33 EET 2000 i686 unknown

Versions of the packages webrt depends on:
ii libc6 2.1.3-2 GNU C Library: Shared libraries and Timezone dat
ii libcgi-pm-perl 2.56-4 perl CGI - Simple Common Gateway Interface Class
ii libdbd-mysql-per 1.2202-4 mySQL database interface for Perl
ii libdigest-md5-pe 2.09-1 MD5 Message Digest for Perl
ii make 3.78.1-6 The GNU version of the “make” utility.
ii mysql-client 3.22.30-7 mysql database client binaries
ii perl-5.005 5.005.03-5.3 Larry Wall’s Practical Extracting and Report Lan

dilbert# ls -lR /usr/lib/rt/bin
/usr/lib/rt/bin:
total 7
lrwxrwxrwx 1 www-data www-data 12 Feb 25 23:03 rt -> suid_wrapper
lrwxrwxrwx 1 www-data www-data 12 Feb 25 23:03 rt-mailgate -> suid_wrapper
lrwxrwxrwx 1 www-data www-data 12 Feb 25 23:03 rtadmin -> suid_wrapper
-rwxr-xr-x 1 www-data www-data 2088 Feb 2 15:20 rtmux.pl
lrwxrwxrwx 1 www-data www-data 12 Feb 25 23:03 rtq -> suid_wrapper
-rwsr-xr-x 3 www-data www-data 3272 Feb 2 15:20 suid_wrapper
dilbert#

This machine has smail. I tried on another host where I replaced smail
with sendmail. Looks like there webrt emailing works, but I have not
yet done full testing.

Should the suid_wrapper be suid root, then rt-mailgate could write to
the email directories? I tried running mailgate under strace to see
what file it is trying to open when it gets permission denied, but
seems I can use strace with mailgate only as root, and as root it
works.

Hello,

I think I have WebRT otherwise configured OK, but the email interface
does not work. Specifically, I can not send email to WebRT.

I have the email aliases set up like this in /etc/aliases:

rt: |"/usr/lib/rt/bin/rt-mailgate general correspond"
tyopurkki: |"/usr/lib/rt/bin/rt-mailgate tyopurkki correspond"

If I send to the address tyopurkki, the mail goes to postmaster
because there is permission denied, but I don’t know where.

=================================
dilbert# cat /var/spool/smail/input/12PzH9-0008t0C
!root
!0 1001
!-oem
!-f
!<+>
!-oMs
!dilbert.tapio.lehtonen.fi
!-oMr
!bsmtp
!-oMP
!smail
!

From: MAILER-DAEMON@iki.fi
To: postmaster
Subject: mail failed, sending to address owner
Reference: m12PzH3-0008t7C@dilbert.tapio.lehtonen.fi

------------------------- Failed addresses follow:

“/usr/lib/rt/bin/rt-mailgate tyopurkki correspond” … failed:
transport file: failed to open output file: Permission denied

------------------------- Message text follows:

Received: by iki.fi
via sendmail from stdin
id m12PzH3-0008t7C@dilbert.tapio.lehtonen.fi (Debian
Smail3.2.0.102)
for ; Wed, 1 Mar 2000 04:54:05 +0200 (EET)
Date: Wed, 1 Mar 2000 04:54:05 +0200
From: System Manager
To: tyopurkki
Subject: Koe taas
Message-ID: 20000301045405.A15840@iki.fi
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
User-Agent: Mutt/1.0.1i

Nyt vaihdoin root omistajaksi suid_wrapperille.

Tapio

dilbert#

I did not understand the email alias stuff, did not find document
where it was explained, so had to guess.


Tapio Lehtonen
Tapio.Lehtonen@IKI.FI
PGP public key from http://www.iki.fi/Tapio.Lehtonen


jesse reed vincent – jrvincent@wesleyan.edujesse@fsck.com
pgp keyprint: 50 41 9C 03 D0 BC BC C8 2C B9 77 26 6F E1 EB 91

I think co-ordinating 1000 prima donnas living all over the world will be as
easy as herding cats…" – Andy Tanenbaum on the linux development model, 1992

Tapio Lehtonen
Tapio.Lehtonen@IKI.FI
PGP public key from http://www.iki.fi/Tapio.Lehtonen


#2

Nope. rt should not be running as root. Does smail support sendmail aliases directly?
Does it have a smrsh analogue for making sure that you only run certain binaries from the mail system?On Thu, Mar 02, 2000 at 06:19:42AM +0200, Tapio Lehtonen wrote:

On Tue, Feb 29, 2000 at 11:09:16PM -0500, Jesse wrote:

What mta are you using?
can you give me an ls -lR of /usr/lib/rt/bin ?

This is Debian GNU/Linux, the potato version which is currently unstable.

Subject: webrt: Email problems
Package: webrt
Version: 1.0.1-3
Severity: normal

– System Information
Debian Release: 2.2
Kernel Version: Linux dilbert 2.2.14 #8 SMP Sat Feb 19 20:08:33 EET 2000 i686 unknown

Versions of the packages webrt depends on:
ii libc6 2.1.3-2 GNU C Library: Shared libraries and Timezone dat
ii libcgi-pm-perl 2.56-4 perl CGI - Simple Common Gateway Interface Class
ii libdbd-mysql-per 1.2202-4 mySQL database interface for Perl
ii libdigest-md5-pe 2.09-1 MD5 Message Digest for Perl
ii make 3.78.1-6 The GNU version of the “make” utility.
ii mysql-client 3.22.30-7 mysql database client binaries
ii perl-5.005 5.005.03-5.3 Larry Wall’s Practical Extracting and Report Lan

dilbert# ls -lR /usr/lib/rt/bin
/usr/lib/rt/bin:
total 7
lrwxrwxrwx 1 www-data www-data 12 Feb 25 23:03 rt -> suid_wrapper
lrwxrwxrwx 1 www-data www-data 12 Feb 25 23:03 rt-mailgate -> suid_wrapper
lrwxrwxrwx 1 www-data www-data 12 Feb 25 23:03 rtadmin -> suid_wrapper
-rwxr-xr-x 1 www-data www-data 2088 Feb 2 15:20 rtmux.pl
lrwxrwxrwx 1 www-data www-data 12 Feb 25 23:03 rtq -> suid_wrapper
-rwsr-xr-x 3 www-data www-data 3272 Feb 2 15:20 suid_wrapper
dilbert#

This machine has smail. I tried on another host where I replaced smail
with sendmail. Looks like there webrt emailing works, but I have not
yet done full testing.

Should the suid_wrapper be suid root, then rt-mailgate could write to
the email directories? I tried running mailgate under strace to see
what file it is trying to open when it gets permission denied, but
seems I can use strace with mailgate only as root, and as root it
works.

On Wed, Mar 01, 2000 at 05:03:35AM +0200, Tapio Lehtonen wrote:

Hello,

I think I have WebRT otherwise configured OK, but the email interface
does not work. Specifically, I can not send email to WebRT.

I have the email aliases set up like this in /etc/aliases:

rt: |"/usr/lib/rt/bin/rt-mailgate general correspond"
tyopurkki: |"/usr/lib/rt/bin/rt-mailgate tyopurkki correspond"

If I send to the address tyopurkki, the mail goes to postmaster
because there is permission denied, but I don’t know where.

=================================
dilbert# cat /var/spool/smail/input/12PzH9-0008t0C
!root
!0 1001
!-oem
!-f
!<+>
!-oMs
!dilbert.tapio.lehtonen.fi
!-oMr
!bsmtp
!-oMP
!smail
!

From: MAILER-DAEMON@iki.fi
To: postmaster
Subject: mail failed, sending to address owner
Reference: m12PzH3-0008t7C@dilbert.tapio.lehtonen.fi

------------------------- Failed addresses follow:

“/usr/lib/rt/bin/rt-mailgate tyopurkki correspond” … failed:
transport file: failed to open output file: Permission denied

------------------------- Message text follows:

Received: by iki.fi
via sendmail from stdin
id m12PzH3-0008t7C@dilbert.tapio.lehtonen.fi (Debian
Smail3.2.0.102)
for ; Wed, 1 Mar 2000 04:54:05 +0200 (EET)
Date: Wed, 1 Mar 2000 04:54:05 +0200
From: System Manager
To: tyopurkki
Subject: Koe taas
Message-ID: 20000301045405.A15840@iki.fi
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
User-Agent: Mutt/1.0.1i

Nyt vaihdoin root omistajaksi suid_wrapperille.

Tapio

dilbert#

I did not understand the email alias stuff, did not find document
where it was explained, so had to guess.


Tapio Lehtonen
Tapio.Lehtonen@IKI.FI
PGP public key from http://www.iki.fi/Tapio.Lehtonen


jesse reed vincent – jrvincent@wesleyan.edujesse@fsck.com
pgp keyprint: 50 41 9C 03 D0 BC BC C8 2C B9 77 26 6F E1 EB 91

I think co-ordinating 1000 prima donnas living all over the world will be as
easy as herding cats…" – Andy Tanenbaum on the linux development model, 1992


Tapio Lehtonen
Tapio.Lehtonen@IKI.FI
PGP public key from http://www.iki.fi/Tapio.Lehtonen

jesse reed vincent – jrvincent@wesleyan.edujesse@fsck.com
pgp keyprint: 50 41 9C 03 D0 BC BC C8 2C B9 77 26 6F E1 EB 91
Any e-mail sent to the SLA will immediately become the intellectual property
of the SLA and the author of said message will enter into a period of
indentured servitude which will last for a period of time no less than seven
years.


#3

Nope. rt should not be running as root.

(…)

-rwsr-xr-x 3 www-data www-data 3272 Feb 2 15:20 suid_wrapper

RT should be run as the RT user, and it should be able to read/write from
the data directory (where the transactions are kept) as well as the
library files (particularly the RT configuration file, where the database
password is kept).

Tobias Brox (alias TobiX) - +4722925871 - urgent emails to
sms@tobiasb.funcom.com. Check our upcoming MMORPG at
http://www.anarchy-online.com/ (Qt) and play multiplayer Spades,
Backgammon, Poker etc for free at http://www.funcom.com/ (Java)