proposed addition to Roundup README.Debian (was Re: [Pkg-exim4-users] Re: pipe aliases and permissions)

Wed Dec 28 00:33:43 UTC 2005

On Tue, 27 Dec 2005, Marc Haber wrote:

> On Mon, Dec 26, 2005 at 08:06:00PM -0500, Faheem Mitha wrote:
>> On Wed, 14 Dec 2005, Faheem Mitha wrote:
>>> Maybe I should add a link to the discussion here for completeness. If I
>>> can summon up the energy, I'll also send a message to roundup-users.
>>
>> I checked with roundup-devel, and Richard Jones says he would be willing
>> to include a patch against the current installation document.
>>
>> My question here is whether the proposed addition to README.Debian for
>> roundup requires drastic changes to make it into something suitable for a
>> generic Exim user.
>
> I don't think so.
>
>> Could I just say something like the enclosed snippets should be put in the
>> sections for (correspondingly) macros, router, transport?
>
> Yes, that should work. Of course, there needs to be considerable clue
> in the target admin when it comes to placing the router, and there are
> ways of configuring exim that would make using the routers hard or
> impossible.
>
>> I don't think there is anything Debian specific about the snippets
>> themselves, just about the way they are included in the config, right?
>
> Right.

Ok, Thanks for the comments.

Since you have been so helpful, I'm taking the liberty of including
the diff to Roundup's installation.txt before sending it upstream.

Comments/corrections would be appreciated.

Thanks.                                                       Faheem.

**********************************************************************

diff -r 293f0a353096 installation.txt

--- a/installation.txt	Tue Dec 27 22:47:45 2005
+++ b/installation.txt	Tue Dec 27 19:27:33 2005
@@ -522,6 +522,98 @@

      echo test |mail -s '[issue] test' support at YOUR_DOMAIN_HERE

+As a custom router transport using a pipe process (Exim 4 specific)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The following configuration snippets for Exim 4 configuration
+implement a custom router & transport to accomplish mail delivery to
+roundup-mailgw. A configuration for Exim 3 is similar but not
+included, since Exim 3 is considered obsolete.
+
+This configuration is similar to the previous section, in that it uses
+a pipe process. However, there are advantages to using a custom
+router/transport process, if you are using Exim.
+
+* This avoids privilege escalation, since otherwise the pipe process
+will run as the mail user, typically mail. The transport can be
+configured to run as the user appropriate for the task at hand.
+
+* Separate configuration is not required for each tracker
+instance. When a email arrives at the server, Exim looks for a match
+to one of the routers. The roundup_router looks for a match with one
+of the roundup directories, and if there is one it is passed to the
+roundup_transport, which uses the pipe process in the previous
+section.
+
+The matching is done in the line
+
+require_files = /usr/bin/roundup-mailgw:ROUNDUP_HOME/$local_part/schema.py
+
+The following configuration has been tested on Debian Sarge with
+Exim4. 
+
+Note that the Debian Exim4 packages don't allow pipes in alias files
+by default, so this method will not work with the default
+configuration. See the discussion in
+/usr/share/doc/exim4-config/README.system_aliases on any Debian system
+with Exim 4 installed.
+
+For more Debian-specific information, see suggested addition to
+README.Debian in
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343283, which will
+hopefully be merged into the Debian package eventually.
+
+This config makes a few assumptions:
+
+* That the mail address corresponding to the tracker instance has the
+same name as the directory of the tracker instance, ie. the mail
+address corresponding to a Roundup instance called
+/var/lib/roundup/trackers/mytracker is mytracker at ...
+
+* That (at least) all the db subdirectories of all the tracker
+instances (ie. /var/lib/roundup/trackers/*/db) are owned by the same
+user, in this case, 'roundup'.
+
+* That if the schema.py file exists, then the tracker is 'ready to
+go'. I'm not sure if it would be better to use the config.ini file.
+
+However, it has the advantage that modulo these assumptions no further 
+configuration will need to be made when new tracker instances are added.
+
+************************************************************************
+Macros for Roundup router/transport. Should be placed in the macros
+section of the Exim 4 config.
+************************************************************************
+# Home dir for your Roundup installation
+ROUNDUP_HOME=/var/lib/roundup/trackers
+
+# User and group for Roundup.
+ROUNDUP_USER=roundup
+ROUNDUP_GROUP=roundup
+************************************************************************
+Custom router for Roundup. This should work if placed at the beginning
+of the router section of the Exim 4 config.
+************************************************************************
+roundup_router:
+    driver = accept
+    # The config file config.ini seems like a more natural choice, but the
+    # file config.py was replaced by config.ini in 0.8, and schema.py needs
+    # to be present too.
+    require_files = /usr/bin/roundup-mailgw:ROUNDUP_HOME/$local_part/schema.py
+    transport = roundup_transport
+************************************************************************
+Custom transport for Roundup. This should work if placed at the
+beginning of the router section of the Exim 4 config.
+************************************************************************
+roundup_transport:
+    driver = pipe
+    command = /usr/bin/python /usr/bin/roundup-mailgw ROUNDUP_HOME/$local_part/
+    current_directory = ROUNDUP_HOME
+    home_directory = ROUNDUP_HOME
+    user = ROUNDUP_USER
+    group = ROUNDUP_GROUP
+************************************************************************
+
  As a regular job using a mailbox source
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

