RT and dotqmaildashext

There’s a cryptic warning in the RT installation docs that I’m having
trouble figuring out. It reads:

The usual place to put aliases in qmail is ~alias. However, qmail
runs piped system commands as the local alias user, and this causes
problems with the suid-wrapped rt-mailgate. The following two
examples show different methods to get around this. Note that both
methods require the creation of a local user called ‘rt’.

and then suggests using ~rt/.qmail-QUEUENAME or using users/assign to
get the mail handled properly. I can’t figure out what the “problems”
the author mentions could be (especially since rt-mailgate isn’t
suid-wrapped at all – it’s setgid, no wrapper.)

Does anyone recall why ~alias/.qmail-QUEUENAME with
“|/path/to/rt-mailgate” in shouldn’t work?

-Rich

Rich Lafferty --------------±----------------------------------------------
Ottawa, Ontario, Canada | Save the Pacific Northwest Tree Octopus!
http://www.lafferty.ca/ | Save The Pacific Northwest Tree Octopus
rich@lafferty.ca -----------±----------------------------------------------

There’s a cryptic warning in the RT installation docs that I’m having
trouble figuring out. It reads:

The usual place to put aliases in qmail is ~alias. However, qmail
runs piped system commands as the local alias user, and this causes
problems with the suid-wrapped rt-mailgate. The following two
examples show different methods to get around this. Note that both
methods require the creation of a local user called ‘rt’.

and then suggests using ~rt/.qmail-QUEUENAME or using users/assign to
get the mail handled properly. I can’t figure out what the “problems”
the author mentions could be (especially since rt-mailgate isn’t
suid-wrapped at all – it’s setgid, no wrapper.)

Does anyone recall why ~alias/.qmail-QUEUENAME with
“|/path/to/rt-mailgate” in shouldn’t work?

I never figured out WHY it didn’t work, it simply refused to work.
However… please disregard that set of instructions and use the “Method
2” option. Those instructions work flawlessly (as I’ve verified on my
test-rig RT2 2.0.11 install just two weeks ago) and absolutely supercede
my original write-up.

(Note to doc maintainers… feel free to excise Method 1 from the docs,
as it’s nowhere near as elegant as Method 2.)

Karel P Kerezman, IS Admin Entercom Portland

[ Seeing is deceiving. It’s eating that’s believing. ]

I never figured out WHY it didn’t work, it simply refused to work.
However… please disregard that set of instructions and use the “Method
2” option. Those instructions work flawlessly (as I’ve verified on my
test-rig RT2 2.0.11 install just two weeks ago) and absolutely supercede
my original write-up.

Hrm, interesting. I find Method 2 violates the KISS principle, as
dotqmaildashext aliases seem to work fine – and I can’t find anything
that would prevent them from doing so, other than the log-writing bit
my doc patch just suggested. Was that documentation bit written for
RT1, which did have a suid wrapper for rt-mailgate?

Method 2 is necessary for virtualdomains, but I think that’s beyond
the scope of RT’s documentation at this point (particularly since one
would have to second-guess an individual’s virtualdomain setup in the
first place!).

That said, I notice your examples don’t use preline – if you’re not
using preline yourself, change that now :slight_smile: You’re throwing away the
Return-Path of mail passed to rt-mailgate.

-Rich

Rich Lafferty --------------±----------------------------------------------
Ottawa, Ontario, Canada | Save the Pacific Northwest Tree Octopus!
http://www.lafferty.ca/ | Save The Pacific Northwest Tree Octopus
rich@lafferty.ca -----------±----------------------------------------------