Directing mail to a program
This article documents how I captured incoming mail with a script.
Sometimes
you want mail to be received and fed into a program rather than be stored in a mailbox.
This is how I did that.
/etc/mail/virtusertable
My first attempt involved adding something like this to /etc/mail/virtusertable
(for more information on this file, please see virtual hosting
with sendmail):
test@yourdomain.org "|/usr/local/etc/freshports/mail-catcher.pl"
Then I did this from within /etc/mail:
makemap hash virtusertable < virtusertable
But mail sent to the address resulted in this error:
Apr 18 17:22:12 ducky sendmail[10898]: RAA10898: <test@yourdomain.org>... Cannot mail directly to programs
using aliases to do it
OK. I’ll now try duplicating what majordomo
does, which is where I got the idea to try the above. In this attempt, we will
modify the entry in /etc/mail/virtusertable to point to an alias.
First, I
modified the entry from the previous section to be:
test@yourdomain.org test-yourdomain-org
In this case, all mail for the above address will be handled by the alias test-yourdomain-org.
Then I did a makemap again as per above. Now we will create the
alias.
Next, I modified one of my majordomo alias files to contain this (you could
try /etc/aliases):
test-yourdomain-org: "|/usr/local/etc/freshports/mail-catcher.pl"
Then I ran newaliases to invoke the above definition. Check your logs
for any errors (perhaps /var/log/messages or /var/log/maillog).
Then I tried sending another test message. Yet another error message:
/usr/local/etc/freshports/mail-catcher/mail-catcher.pl: not found 554 "|/usr/local/etc/freshports/mail-catcher/mail-catcher.pl"... unknown mailer error 127
This was pretty easy to solve. The script wasn’t in the expected location.
So I moved the file to
/usr/local/etc/freshports/mail-catcher and tried again. This time, I encountered
this error:
/usr/local/etc/freshports/mail-catcher.pl: permission denied 554 "|/usr/local/etc/freshports/mail-catcher.pl"... unknown mailer error 126
…which is almost, but not quite, the same error as I had above.
The long and the short of it is: I spent about 90 minutes trying to get this going.
Please see the next section for the details.
Setting it all up
Most of the above problems where permissions. Here’s the main points::
- sendmail will execute the script as the user daemon. I figured
this out by temporarily making the directory chmod 777 and seeing what user created the
directory, then I changed the permissions. - permissions on /usr/local/etc/freshports/ must allow daemon to read and
execute the script. I chose chmod 750 and chown dan:daemon - I set the permissions on the script to be chmod 640 and chown dan:daemon
Here is what the directory looks like:
drwxr-x--- 3 dan daemon 512 Apr 18 20:12 freshports
And the script:
-rwxr-x--- 1 dan daemon 830 Apr 18 20:10 mail-catcher.pl
The script outputs data to a subdirectory msgs. I chose this option
for security reasons. The goal was to restrict the directories to which daemon had
write access. I didn’t want it to have write access to the directory in which the
script existed, just in case. Here are the attributes of the msgs
directory:
drwxrwx--- 2 dan daemon 512 Apr 18 20:21 msgs
Files in the above directory which were created by the script look like this:
-rw-r--r-- 1 daemon daemon 935 Apr 18 20:12 956045563.12488 -rw-r--r-- 1 daemon daemon 935 Apr 18 20:15 956045746.12546 -rw-r--r-- 1 daemon daemon 935 Apr 18 20:21 956046115.12604
Other considerations
I am not aware of the security implications surrounding the daemon user. Is it a
security risk allowing the script to run as this user? Would it be better to create
a separate user, say freshports, and run the scripts as that user? Help in this area
would be appreciated. Please add your comments.
Someone
also mentioned creating a user, sending the mail to their normal mailbox, then use .forward
to redirect the mail to the program.
Howzat?
That should get you started. If you spot any problems, as always, please add your comments.
Excellent article,
I was tweaking around with this problem since weeks.
Your hint to figure out the user which executes these
scripts made my day :))
(It is ‘mailnull’ with sendmail 8.12 on RedHat 7.2. on my box)
I would be interested in any security considerations as well.
Thanks again,
— Bernd