2 # BEGIN BPS TAGGED BLOCK {{{
6 # This software is Copyright (c) 1996-2012 Best Practical Solutions, LLC
7 # <sales@bestpractical.com>
9 # (Except where explicitly superseded by other copyright notices)
14 # This work is made available to you under the terms of Version 2 of
15 # the GNU General Public License. A copy of that license should have
16 # been provided with this software, but in any event can be snarfed
19 # This work is distributed in the hope that it will be useful, but
20 # WITHOUT ANY WARRANTY; without even the implied warranty of
21 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22 # General Public License for more details.
24 # You should have received a copy of the GNU General Public License
25 # along with this program; if not, write to the Free Software
26 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
27 # 02110-1301 or visit their web page on the internet at
28 # http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
31 # CONTRIBUTION SUBMISSION POLICY:
33 # (The following paragraph is not intended to limit the rights granted
34 # to you to modify and distribute this software under the terms of
35 # the GNU General Public License and is only of importance to you if
36 # you choose to contribute your changes and enhancements to the
37 # community by submitting them to Best Practical Solutions, LLC.)
39 # By intentionally submitting any modifications, corrections or
40 # derivatives to this work, or any other work intended for use with
41 # Request Tracker, to Best Practical Solutions, LLC, you confirm that
42 # you are the copyright holder for those contributions and you grant
43 # Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
44 # royalty-free, perpetual, license to use, copy, create derivative
45 # works based on those contributions, and sublicense and distribute
46 # those contributions and any derivatives thereof.
48 # END BPS TAGGED BLOCK }}}
51 rt-mailgate - Mail interface to RT.
61 GetOptions( $opts, "queue=s", "action=s", "url=s",
62 "jar=s", "help", "debug", "extension=s",
63 "timeout=i", "verify-ssl!", "ca-file=s",
66 my $gateway = RT::Client::MailGateway->new();
70 package RT::Client::MailGateway;
73 use HTTP::Request::Common qw($DYNAMIC_FILE_UPLOAD);
74 use File::Temp qw(tempfile tempdir);
75 $DYNAMIC_FILE_UPLOAD = 1;
77 use constant EX_TEMPFAIL => 75;
78 use constant BUFFER_SIZE => 8192;
82 my $self = bless {}, $class;
90 if ( $opts->{running_in_test_harness} ) {
91 $self->{running_in_test_harness} = 1;
94 $self->validate_cli_flags($opts);
96 my $ua = $self->get_useragent($opts);
97 my $post_params = $self->setup_session($opts);
98 $self->upload_message( $ua => $post_params );
99 $self->exit_with_success();
102 sub exit_with_success {
104 if ( $self->{running_in_test_harness} ) {
113 if ( $self->{running_in_test_harness} ) {
123 if ( $self->{running_in_test_harness} ) {
131 sub validate_cli_flags {
134 if ( $opts->{'help'} ) {
136 Pod::Usage::pod2usage( { verbose => 2 } );
137 return $self->permfail()
138 ; # Don't want to succeed if this is really an email!
141 unless ( $opts->{'url'} ) {
143 "$0 invoked improperly\n\nNo 'url' provided to mail gateway!\n";
144 return $self->permfail();
147 if (($opts->{'ca-file'} or $opts->{"verify-ssl"})
148 and not LWP::UserAgent->can("ssl_opts")) {
149 print STDERR "Verifying SSL certificates requires LWP::UserAgent 6.0 or higher.\n";
150 return $self->tempfail();
153 $opts->{"verify-ssl"} = 1 unless defined $opts->{"verify-ssl"};
159 my $ua = LWP::UserAgent->new();
160 $ua->cookie_jar( { file => $opts->{'jar'} } ) if $opts->{'jar'};
162 if ( $ua->can("ssl_opts") ) {
163 $ua->ssl_opts( verify_hostname => $opts->{'verify-ssl'} );
164 $ua->ssl_opts( SSL_ca_file => $opts->{'ca-file'} )
165 if $opts->{'ca-file'};
175 $post_params{SessionType} = 'REST'; # Surpress login box
176 foreach (qw(queue action)) {
177 $post_params{$_} = $opts->{$_} if defined $opts->{$_};
180 if ( ( $opts->{'extension'} || '' ) =~ /^(?:action|queue|ticket)$/i ) {
181 $post_params{ lc $opts->{'extension'} } = $ENV{'EXTENSION'}
182 || $opts->{ $opts->{'extension'} };
183 } elsif ( $opts->{'extension'} && $ENV{'EXTENSION'} ) {
185 "Value of the --extension argument is not action, queue or ticket"
186 . ", but environment variable EXTENSION is also defined. The former is ignored.\n";
189 # add ENV{'EXTENSION'} as X-RT-MailExtension to the message header
190 if ( my $value = ( $ENV{'EXTENSION'} || $opts->{'extension'} ) ) {
192 # prepare value to avoid MIME format breakage
193 # strip trailing newline symbols
194 $value =~ s/(\r*\n)+$//;
196 # make a correct multiline header field,
197 # with tabs in the beginning of each line
198 $value =~ s/(\r*\n)/$1\t/g;
199 $opts->{'headers'} .= "X-RT-Mail-Extension: $value\n";
202 # Read the message in from STDIN
203 # _raw_message is used for testing
204 my $message = $opts->{'_raw_message'} || $self->slurp_message();
205 unless ( $message->{'filename'} ) {
206 $post_params{'message'} = [
208 'Content-Type' => 'application/octet-stream',
209 Content => ${ $message->{'content'} },
212 $post_params{'message'} = [
213 $message->{'filename'}, '',
214 'Content-Type' => 'application/octet-stream',
218 return \%post_params;
224 my $post_params = shift;
225 my $full_url = $opts->{'url'} . "/REST/1.0/NoAuth/mail-gateway";
226 print STDERR "$0: connecting to $full_url\n" if $opts->{'debug'};
228 $ua->timeout( exists( $opts->{'timeout'} ) ? $opts->{'timeout'} : 180 );
229 my $r = $ua->post( $full_url, $post_params, Content_Type => 'form-data' );
230 $self->check_failure($r);
232 my $content = $r->content;
233 print STDERR $content . "\n" if $opts->{'debug'};
235 return if ( $content =~ /^(ok|not ok)/ );
237 # It's not the server's fault if the mail is bogus. We just want to know that
238 # *something* came out of the server.
242 The RT server which handled your email did not behave as expected. It
248 return $self->tempfail();
254 return if $r->is_success;
256 # This ordinarily oughtn't to be able to happen, suggests a bug in RT.
257 # So only load these heavy modules when they're needed.
258 require HTML::TreeBuilder;
259 require HTML::FormatText;
261 my $error = $r->error_as_HTML;
262 my $tree = HTML::TreeBuilder->new->parse($error);
265 # It'll be a cold day in hell before RT sends out bounces in HTML
267 HTML::FormatText->new( leftmargin => 0,
268 rightmargin => 50, );
269 print STDERR $formatter->format($tree);
270 print STDERR "\n$0: undefined server error\n" if $opts->{'debug'};
271 return $self->tempfail();
280 my ( $fh, $filename )
281 = eval { tempfile( DIR => tempdir( CLEANUP => 1 ) ) };
283 print STDERR "$0: Couldn't create temp file, using memory\n";
284 print STDERR "error: $@\n" if $@;
286 my $message = \do { local ( @ARGV, $/ ); <STDIN> };
287 unless ( $$message =~ /\S/ ) {
288 print STDERR "$0: no message passed on STDIN\n";
289 $self->exit_with_success;
291 $$message = $opts->{'headers'} . $$message if $opts->{'headers'};
292 return ( { content => $message } );
298 print $fh $opts->{'headers'} if $opts->{'headers'};
303 my $status = read \*STDIN, $buf, BUFFER_SIZE;
304 unless ( defined $status ) {
305 print STDERR "$0: couldn't read message: $!\n";
306 return $self->tempfail();
307 } elsif ( !$status ) {
310 $empty = 0 if $buf =~ /\S/;
316 print STDERR "$0: no message passed on STDIN\n";
317 $self->exit_with_success;
319 print STDERR "$0: temp file is '$filename'\n" if $opts->{'debug'};
320 return ( { filename => $filename } );
325 rt-mailgate --help : this text
327 Usual invocation (from MTA):
329 rt-mailgate --action (correspond|comment|...) --queue queuename
330 --url http://your.rt.server/
332 [ --extension (queue|action|ticket) ]
333 [ --timeout seconds ]
343 Specifies what happens to email sent to this alias. The avaliable
344 basic actions are: C<correspond>, C<comment>.
347 If you've set the RT configuration variable B<< C<UnsafeEmailCommands> >>,
348 C<take> and C<resolve> are also available. You can execute two or more
349 actions on a single message using a C<-> separated list. RT will execute
350 the actions in the listed order. For example you can use C<take-comment>,
351 C<correspond-resolve> or C<take-comment-resolve> as actions.
353 Note that C<take> and C<resolve> actions ignore message text if used
354 alone. Include a C<comment> or C<correspond> action if you want RT
355 to record the incoming message.
357 The default action is C<correspond>.
361 This flag determines which queue this alias should create a ticket in if no ticket identifier
366 This flag tells the mail gateway where it can find your RT server. You should
367 probably use the same URL that users use to log into RT.
369 If your RT server uses SSL, you will need to install additional Perl
370 libraries. RT will detect and install these dependencies if you pass the
371 C<--enable-ssl-mailgate> flag to configure as documented in RT's README.
373 If you have a self-signed SSL certificate, you may also need to pass
374 C<--ca-file> or C<--no-verify-ssl>, below.
376 =item C<--ca-file> I<path>
378 Specifies the path to the public SSL certificate for the certificate
379 authority that should be used to verify the website's SSL certificate.
380 If your webserver uses a self-signed certificate, you should
381 preferentially use this option over C<--no-verify-ssl>, as it will
382 ensure that the self-signed certificate that the mailgate is seeing the
383 I<right> self-signed certificate.
385 =item C<--no-verify-ssl>
387 This flag tells the mail gateway to trust all SSL certificates,
388 regardless of if their hostname matches the certificate, and regardless
389 of CA. This is required if you have a self-signed certificate, or some
390 other certificate which is not traceable back to an certificate your
391 system ultimitely trusts.
393 Verifying SSL certificates requires L<LWP::UserAgent> version 6.0 or
394 higher; explicitly passing C<--verify-ssl> on prior versions will error.
396 =item C<--extension> OPTIONAL
398 Some MTAs will route mail sent to user-foo@host or user+foo@host to user@host
399 and present "foo" in the environment variable $EXTENSION. By specifying
400 the value "queue" for this parameter, the queue this message should be
401 submitted to will be set to the value of $EXTENSION. By specifying
402 "ticket", $EXTENSION will be interpreted as the id of the ticket this message
403 is related to. "action" will allow the user to specify either "comment" or
404 "correspond" in the address extension.
406 =item C<--debug> OPTIONAL
408 Print debugging output to standard error
411 =item C<--timeout> OPTIONAL
413 Configure the timeout for posting the message to the web server. The
414 default timeout is 3 minutes (180 seconds).
421 The RT mail gateway is the primary mechanism for communicating with RT
422 via email. This program simply directs the email to the RT web server,
423 which handles filing correspondence and sending out any required mail.
424 It is designed to be run as part of the mail delivery process, either
425 called directly by the MTA or C<procmail>, or in a F<.forward> or
430 Much of the set up of the mail gateway depends on your MTA and mail
431 routing configuration. However, you will need first of all to create an
432 RT user for the mail gateway and assign it a password; this helps to
433 ensure that mail coming into the web server did originate from the
436 Next, you need to route mail to C<rt-mailgate> for the queues you're
437 monitoring. For instance, if you're using F</etc/aliases> and you have a
438 "bugs" queue, you will want something like this:
440 bugs: "|/opt/rt4/bin/rt-mailgate --queue bugs --action correspond
441 --url http://rt.mycorp.com/"
443 bugs-comment: "|/opt/rt4/bin/rt-mailgate --queue bugs --action comment
444 --url http://rt.mycorp.com/"
446 Note that you don't have to run your RT server on your mail server, as
447 the mail gateway will happily relay to a different machine.
451 By default, the mail gateway will accept mail from anyone. However,
452 there are situations in which you will want to authenticate users
453 before allowing them to communicate with the system. You can do this
454 via a plug-in mechanism in the RT configuration.
456 You can set the array C<@MailPlugins> to be a list of plugins. The
457 default plugin, if this is not given, is C<Auth::MailFrom> - that is,
458 authentication of the person is done based on the C<From> header of the
459 email. If you have additional filters or authentication mechanisms, you
460 can list them here and they will be called in order:
463 "Filter::SpamAssassin",
468 See the documentation for any additional plugins you have.
470 You may also put Perl subroutines into the C<@MailPlugins> array, if
471 they behave as described below.
473 =head1 WRITING PLUGINS
475 What's actually going on in the above is that C<@MailPlugins> is a
476 list of Perl modules; RT prepends C<RT::Interface::Email::> to the name,
477 to form a package name, and then C<use>'s this module. The module is
478 expected to provide a C<GetCurrentUser> subroutine, which takes a hash of
485 A C<MIME::Entity> object representing the email
489 An C<RT::CurrentUser> object
493 The authentication level returned from the previous plugin.
495 =item Ticket [OPTIONAL]
497 The ticket under discussion
499 =item Queue [OPTIONAL]
501 If we don't already have a ticket id, we need to know which queue we're talking about
505 The action being performed. At the moment, it's one of "comment" or "correspond"
509 It returns two values, the new C<RT::CurrentUser> object, and the new
510 authentication level. The authentication level can be zero, not allowed
511 to communicate with RT at all, (a "permission denied" error is mailed to
512 the correspondent) or one, which is the normal mode of operation.
513 Additionally, if C<-1> is returned, then the processing of the plug-ins
514 stops immediately and the message is ignored.
522 Some MTAs will route mail sent to user-foo@host or user+foo@host to user@host
523 and present "foo" in the environment variable C<EXTENSION>. Mailgate adds value
524 of this variable to message in the C<X-RT-Mail-Extension> field of the message
527 See also C<--extension> option. Note that value of the environment variable is
528 always added to the message header when it's not empty even if C<--extension>
529 option is not provided.