Apr 202000

Directing mail to a program

This article documents how I captured incoming mail with a script.

Sometimes you want mail to be received and fed into a program rather than be stored in a mailbox.   This is how I did that.


My first attempt involved adding something like this to /etc/mail/virtusertable (for more information on this file, please see virtual hosting with sendmail):
test@yourdomain.org  "|/usr/local/etc/freshports/mail-catcher.pl"

Then I did this from within /etc/mail:

makemap hash virtusertable < virtusertable    

But mail sent to the address resulted in this error:

Apr 18 17:22:12 ducky sendmail[10898]: RAA10898: 
     <test@yourdomain.org>... Cannot mail directly to programs    

using aliases to do it

OK.  I’ll now try duplicating what majordomo does, which is where I got the idea to try the above.  In this attempt, we will modify the entry in /etc/mail/virtusertable to point to an alias.

First, I modified the entry from the previous section to be:

test@yourdomain.org  test-yourdomain-org

In this case, all mail for the above address will be handled by the alias test-yourdomain-org.   Then I did a makemap again as per above.  Now we will create the alias.

Next, I modified one of my majordomo alias files to contain this (you could try /etc/aliases):

test-yourdomain-org: "|/usr/local/etc/freshports/mail-catcher.pl"    

Then I ran newaliases to invoke the above definition.  Check your logs for any errors (perhaps /var/log/messages or /var/log/maillog).

Then I tried sending another test message.  Yet another error message:

/usr/local/etc/freshports/mail-catcher/mail-catcher.pl: not found 554
unknown mailer error 127    

This was pretty easy to solve.  The script wasn’t in the expected location.   So I moved the file to
/usr/local/etc/freshports/mail-catcher and tried again.  This time, I encountered this error:

/usr/local/etc/freshports/mail-catcher.pl: permission denied 554
unknown mailer error 126

…which is almost, but not quite, the same error as I had above.

The long and the short of it is: I spent about 90 minutes trying to get this going.   Please see the next section for the details.

Setting it all up

Most of the above problems where permissions. Here’s the main points::
  • sendmail will execute the script as the user daemon.  I figured this out by temporarily making the directory chmod 777 and seeing what user created the directory, then I changed the permissions.
  • permissions on /usr/local/etc/freshports/ must allow daemon to read and execute the script.  I chose chmod 750 and chown dan:daemon
  • I set the permissions on the script to be chmod 640 and chown dan:daemon

Here is what the directory looks like:

drwxr-x--- 3 dan daemon 512 Apr 18 20:12 freshports    

And the script:

-rwxr-x--- 1 dan daemon 830 Apr 18 20:10 mail-catcher.pl    

The script outputs data to a subdirectory msgs.  I chose this option for security reasons.  The goal was to restrict the directories to which daemon had write access.  I didn’t want it to have write access to the directory in which the script existed, just in case.  Here are the attributes of the msgs directory:

drwxrwx---  2 dan   daemon   512 Apr 18 20:21 msgs    

Files in the above directory which were created by the script look like this:

-rw-r--r--  1 daemon  daemon  935 Apr 18 20:12 956045563.12488
-rw-r--r--  1 daemon  daemon  935 Apr 18 20:15 956045746.12546
-rw-r--r--  1 daemon  daemon  935 Apr 18 20:21 956046115.12604

Other considerations

I am not aware of the security implications surrounding the daemon user.  Is it a security risk allowing the script to run as this user?  Would it be better to create a separate user, say freshports, and run the scripts as that user?  Help in this area would be appreciated.  Please add your comments.

Someone also mentioned creating a user, sending the mail to their normal mailbox, then use .forward to redirect the mail to the program.


That should get you started.  If you spot any problems, as always, please add your comments.

  One Response to “Directing mail to a program”

  1. Excellent article,

    I was tweaking around with this problem since weeks.
    Your hint to figure out the user which executes these
    scripts made my day :))
    (It is ‘mailnull’ with sendmail 8.12 on RedHat 7.2. on my box)
    I would be interested in any security considerations as well.

    Thanks again,
    — Bernd