Putting 4.2.0 on top of 4.0.17
[usit-rt.git] / bin / rt-mailgate
CommitLineData
84fb5b46
MKG
1#!/usr/bin/perl -w
2# BEGIN BPS TAGGED BLOCK {{{
3#
4# COPYRIGHT:
5#
403d7b0b 6# This software is Copyright (c) 1996-2013 Best Practical Solutions, LLC
84fb5b46
MKG
7# <sales@bestpractical.com>
8#
9# (Except where explicitly superseded by other copyright notices)
10#
11#
12# LICENSE:
13#
14# This work is made available to you under the terms of Version 2 of
15# the GNU General Public License. A copy of that license should have
16# been provided with this software, but in any event can be snarfed
17# from www.gnu.org.
18#
19# This work is distributed in the hope that it will be useful, but
20# WITHOUT ANY WARRANTY; without even the implied warranty of
21# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22# General Public License for more details.
23#
24# You should have received a copy of the GNU General Public License
25# along with this program; if not, write to the Free Software
26# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
27# 02110-1301 or visit their web page on the internet at
28# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
29#
30#
31# CONTRIBUTION SUBMISSION POLICY:
32#
33# (The following paragraph is not intended to limit the rights granted
34# to you to modify and distribute this software under the terms of
35# the GNU General Public License and is only of importance to you if
36# you choose to contribute your changes and enhancements to the
37# community by submitting them to Best Practical Solutions, LLC.)
38#
39# By intentionally submitting any modifications, corrections or
40# derivatives to this work, or any other work intended for use with
41# Request Tracker, to Best Practical Solutions, LLC, you confirm that
42# you are the copyright holder for those contributions and you grant
43# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
44# royalty-free, perpetual, license to use, copy, create derivative
45# works based on those contributions, and sublicense and distribute
46# those contributions and any derivatives thereof.
47#
48# END BPS TAGGED BLOCK }}}
49=head1 NAME
50
51rt-mailgate - Mail interface to RT.
52
53=cut
54
55use strict;
56use warnings;
57
58use Getopt::Long;
59
60my $opts = { };
61GetOptions( $opts, "queue=s", "action=s", "url=s",
62 "jar=s", "help", "debug", "extension=s",
63 "timeout=i", "verify-ssl!", "ca-file=s",
64 );
65
66my $gateway = RT::Client::MailGateway->new();
67
68$gateway->run($opts);
69
70package RT::Client::MailGateway;
71
72use LWP::UserAgent;
73use HTTP::Request::Common qw($DYNAMIC_FILE_UPLOAD);
74use File::Temp qw(tempfile tempdir);
75$DYNAMIC_FILE_UPLOAD = 1;
76
77use constant EX_TEMPFAIL => 75;
78use constant BUFFER_SIZE => 8192;
79
80sub new {
81 my $class = shift;
82 my $self = bless {}, $class;
83 return $self;
84}
85
86sub run {
87 my $self = shift;
88 my $opts = shift;
89
90 if ( $opts->{running_in_test_harness} ) {
91 $self->{running_in_test_harness} = 1;
92 }
93
94 $self->validate_cli_flags($opts);
95
96 my $ua = $self->get_useragent($opts);
97 my $post_params = $self->setup_session($opts);
98 $self->upload_message( $ua => $post_params );
99 $self->exit_with_success();
100}
101
102sub exit_with_success {
103 my $self = shift;
104 if ( $self->{running_in_test_harness} ) {
105 return 1;
106 } else {
107 exit 0;
108 }
109}
110
111sub tempfail {
112 my $self = shift;
113 if ( $self->{running_in_test_harness} ) {
114 die "tempfail";
115 } else {
116
117 exit EX_TEMPFAIL;
118 }
119}
120
121sub permfail {
122 my $self = shift;
123 if ( $self->{running_in_test_harness} ) {
124 die "permfail";
125 } else {
126
127 exit 1;
128 }
129}
130
131sub validate_cli_flags {
132 my $self = shift;
133 my $opts = shift;
134 if ( $opts->{'help'} ) {
135 require Pod::Usage;
136 Pod::Usage::pod2usage( { verbose => 2 } );
137 return $self->permfail()
138 ; # Don't want to succeed if this is really an email!
139 }
140
141 unless ( $opts->{'url'} ) {
142 print STDERR
143 "$0 invoked improperly\n\nNo 'url' provided to mail gateway!\n";
144 return $self->permfail();
145 }
146
84fb5b46
MKG
147 $opts->{"verify-ssl"} = 1 unless defined $opts->{"verify-ssl"};
148}
149
150sub get_useragent {
151 my $self = shift;
152 my $opts = shift;
153 my $ua = LWP::UserAgent->new();
154 $ua->cookie_jar( { file => $opts->{'jar'} } ) if $opts->{'jar'};
155
af59614d
MKG
156 $ua->ssl_opts( verify_hostname => $opts->{'verify-ssl'} );
157 $ua->ssl_opts( SSL_ca_file => $opts->{'ca-file'} )
158 if $opts->{'ca-file'};
84fb5b46
MKG
159
160 return $ua;
161}
162
163sub setup_session {
164 my $self = shift;
165 my $opts = shift;
166 my %post_params;
167 foreach (qw(queue action)) {
168 $post_params{$_} = $opts->{$_} if defined $opts->{$_};
169 }
170
171 if ( ( $opts->{'extension'} || '' ) =~ /^(?:action|queue|ticket)$/i ) {
172 $post_params{ lc $opts->{'extension'} } = $ENV{'EXTENSION'}
173 || $opts->{ $opts->{'extension'} };
174 } elsif ( $opts->{'extension'} && $ENV{'EXTENSION'} ) {
175 print STDERR
176 "Value of the --extension argument is not action, queue or ticket"
177 . ", but environment variable EXTENSION is also defined. The former is ignored.\n";
178 }
179
180 # add ENV{'EXTENSION'} as X-RT-MailExtension to the message header
181 if ( my $value = ( $ENV{'EXTENSION'} || $opts->{'extension'} ) ) {
182
183 # prepare value to avoid MIME format breakage
184 # strip trailing newline symbols
185 $value =~ s/(\r*\n)+$//;
186
187 # make a correct multiline header field,
188 # with tabs in the beginning of each line
189 $value =~ s/(\r*\n)/$1\t/g;
190 $opts->{'headers'} .= "X-RT-Mail-Extension: $value\n";
191 }
192
193 # Read the message in from STDIN
194 # _raw_message is used for testing
195 my $message = $opts->{'_raw_message'} || $self->slurp_message();
196 unless ( $message->{'filename'} ) {
197 $post_params{'message'} = [
198 undef, '',
199 'Content-Type' => 'application/octet-stream',
200 Content => ${ $message->{'content'} },
201 ];
202 } else {
203 $post_params{'message'} = [
204 $message->{'filename'}, '',
205 'Content-Type' => 'application/octet-stream',
206 ];
207 }
208
209 return \%post_params;
210}
211
212sub upload_message {
213 my $self = shift;
214 my $ua = shift;
215 my $post_params = shift;
216 my $full_url = $opts->{'url'} . "/REST/1.0/NoAuth/mail-gateway";
217 print STDERR "$0: connecting to $full_url\n" if $opts->{'debug'};
218
219 $ua->timeout( exists( $opts->{'timeout'} ) ? $opts->{'timeout'} : 180 );
220 my $r = $ua->post( $full_url, $post_params, Content_Type => 'form-data' );
221 $self->check_failure($r);
222
223 my $content = $r->content;
224 print STDERR $content . "\n" if $opts->{'debug'};
225
226 return if ( $content =~ /^(ok|not ok)/ );
227
228 # It's not the server's fault if the mail is bogus. We just want to know that
229 # *something* came out of the server.
230 print STDERR <<EOF;
231RT server error.
232
233The RT server which handled your email did not behave as expected. It
234said:
235
236$content
237EOF
238
239 return $self->tempfail();
240}
241
242sub check_failure {
243 my $self = shift;
244 my $r = shift;
245 return if $r->is_success;
246
af59614d
MKG
247 print STDERR "HTTP request failed: @{[ $r->status_line ]}. "
248 ."Your webserver logs may have more information or there may be a network problem.\n";
84fb5b46
MKG
249 print STDERR "\n$0: undefined server error\n" if $opts->{'debug'};
250 return $self->tempfail();
251}
252
253sub slurp_message {
254 my $self = shift;
255
256 local $@;
257
258 my %message;
259 my ( $fh, $filename )
260 = eval { tempfile( DIR => tempdir( CLEANUP => 1 ) ) };
261 if ( !$fh || $@ ) {
262 print STDERR "$0: Couldn't create temp file, using memory\n";
263 print STDERR "error: $@\n" if $@;
264
265 my $message = \do { local ( @ARGV, $/ ); <STDIN> };
266 unless ( $$message =~ /\S/ ) {
267 print STDERR "$0: no message passed on STDIN\n";
268 $self->exit_with_success;
269 }
270 $$message = $opts->{'headers'} . $$message if $opts->{'headers'};
271 return ( { content => $message } );
272 }
273
274 binmode $fh;
275 binmode \*STDIN;
276
277 print $fh $opts->{'headers'} if $opts->{'headers'};
278
279 my $buf;
280 my $empty = 1;
281 while (1) {
282 my $status = read \*STDIN, $buf, BUFFER_SIZE;
283 unless ( defined $status ) {
284 print STDERR "$0: couldn't read message: $!\n";
285 return $self->tempfail();
286 } elsif ( !$status ) {
287 last;
288 }
289 $empty = 0 if $buf =~ /\S/;
290 print $fh $buf;
291 }
292 close $fh;
293
294 if ($empty) {
295 print STDERR "$0: no message passed on STDIN\n";
296 $self->exit_with_success;
297 }
298 print STDERR "$0: temp file is '$filename'\n" if $opts->{'debug'};
299 return ( { filename => $filename } );
300}
301
302=head1 SYNOPSIS
303
304 rt-mailgate --help : this text
305
306Usual invocation (from MTA):
307
308 rt-mailgate --action (correspond|comment|...) --queue queuename
309 --url http://your.rt.server/
310 [ --debug ]
311 [ --extension (queue|action|ticket) ]
312 [ --timeout seconds ]
313
314
315
316=head1 OPTIONS
317
318=over 3
319
320=item C<--action>
321
322Specifies what happens to email sent to this alias. The avaliable
323basic actions are: C<correspond>, C<comment>.
324
325
326If you've set the RT configuration variable B<< C<UnsafeEmailCommands> >>,
327C<take> and C<resolve> are also available. You can execute two or more
328actions on a single message using a C<-> separated list. RT will execute
329the actions in the listed order. For example you can use C<take-comment>,
330C<correspond-resolve> or C<take-comment-resolve> as actions.
331
332Note that C<take> and C<resolve> actions ignore message text if used
333alone. Include a C<comment> or C<correspond> action if you want RT
334to record the incoming message.
335
336The default action is C<correspond>.
337
338=item C<--queue>
339
340This flag determines which queue this alias should create a ticket in if no ticket identifier
341is found.
342
343=item C<--url>
344
345This flag tells the mail gateway where it can find your RT server. You should
346probably use the same URL that users use to log into RT.
347
84fb5b46
MKG
348If you have a self-signed SSL certificate, you may also need to pass
349C<--ca-file> or C<--no-verify-ssl>, below.
350
351=item C<--ca-file> I<path>
352
353Specifies the path to the public SSL certificate for the certificate
354authority that should be used to verify the website's SSL certificate.
355If your webserver uses a self-signed certificate, you should
356preferentially use this option over C<--no-verify-ssl>, as it will
357ensure that the self-signed certificate that the mailgate is seeing the
358I<right> self-signed certificate.
359
360=item C<--no-verify-ssl>
361
362This flag tells the mail gateway to trust all SSL certificates,
363regardless of if their hostname matches the certificate, and regardless
364of CA. This is required if you have a self-signed certificate, or some
365other certificate which is not traceable back to an certificate your
366system ultimitely trusts.
367
84fb5b46
MKG
368=item C<--extension> OPTIONAL
369
370Some MTAs will route mail sent to user-foo@host or user+foo@host to user@host
371and present "foo" in the environment variable $EXTENSION. By specifying
372the value "queue" for this parameter, the queue this message should be
373submitted to will be set to the value of $EXTENSION. By specifying
374"ticket", $EXTENSION will be interpreted as the id of the ticket this message
375is related to. "action" will allow the user to specify either "comment" or
376"correspond" in the address extension.
377
378=item C<--debug> OPTIONAL
379
380Print debugging output to standard error
381
382
383=item C<--timeout> OPTIONAL
384
385Configure the timeout for posting the message to the web server. The
386default timeout is 3 minutes (180 seconds).
387
388=back
389
390
391=head1 DESCRIPTION
392
393The RT mail gateway is the primary mechanism for communicating with RT
394via email. This program simply directs the email to the RT web server,
395which handles filing correspondence and sending out any required mail.
396It is designed to be run as part of the mail delivery process, either
397called directly by the MTA or C<procmail>, or in a F<.forward> or
398equivalent.
399
400=head1 SETUP
401
402Much of the set up of the mail gateway depends on your MTA and mail
403routing configuration. However, you will need first of all to create an
404RT user for the mail gateway and assign it a password; this helps to
405ensure that mail coming into the web server did originate from the
406gateway.
407
408Next, you need to route mail to C<rt-mailgate> for the queues you're
409monitoring. For instance, if you're using F</etc/aliases> and you have a
410"bugs" queue, you will want something like this:
411
412 bugs: "|/opt/rt4/bin/rt-mailgate --queue bugs --action correspond
413 --url http://rt.mycorp.com/"
414
415 bugs-comment: "|/opt/rt4/bin/rt-mailgate --queue bugs --action comment
416 --url http://rt.mycorp.com/"
417
418Note that you don't have to run your RT server on your mail server, as
419the mail gateway will happily relay to a different machine.
420
421=head1 CUSTOMIZATION
422
423By default, the mail gateway will accept mail from anyone. However,
424there are situations in which you will want to authenticate users
425before allowing them to communicate with the system. You can do this
426via a plug-in mechanism in the RT configuration.
427
428You can set the array C<@MailPlugins> to be a list of plugins. The
429default plugin, if this is not given, is C<Auth::MailFrom> - that is,
430authentication of the person is done based on the C<From> header of the
431email. If you have additional filters or authentication mechanisms, you
432can list them here and they will be called in order:
433
434 Set( @MailPlugins =>
435 "Filter::SpamAssassin",
436 "Auth::LDAP",
437 # ...
438 );
439
440See the documentation for any additional plugins you have.
441
442You may also put Perl subroutines into the C<@MailPlugins> array, if
443they behave as described below.
444
445=head1 WRITING PLUGINS
446
447What's actually going on in the above is that C<@MailPlugins> is a
448list of Perl modules; RT prepends C<RT::Interface::Email::> to the name,
449to form a package name, and then C<use>'s this module. The module is
450expected to provide a C<GetCurrentUser> subroutine, which takes a hash of
451several parameters:
452
453=over 4
454
455=item Message
456
457A C<MIME::Entity> object representing the email
458
459=item CurrentUser
460
461An C<RT::CurrentUser> object
462
463=item AuthStat
464
465The authentication level returned from the previous plugin.
466
467=item Ticket [OPTIONAL]
468
469The ticket under discussion
470
471=item Queue [OPTIONAL]
472
473If we don't already have a ticket id, we need to know which queue we're talking about
474
475=item Action
476
477The action being performed. At the moment, it's one of "comment" or "correspond"
478
479=back
480
481It returns two values, the new C<RT::CurrentUser> object, and the new
482authentication level. The authentication level can be zero, not allowed
483to communicate with RT at all, (a "permission denied" error is mailed to
484the correspondent) or one, which is the normal mode of operation.
485Additionally, if C<-1> is returned, then the processing of the plug-ins
486stops immediately and the message is ignored.
487
488=head1 ENVIRONMENT
489
490=over 4
491
492=item EXTENSION
493
494Some MTAs will route mail sent to user-foo@host or user+foo@host to user@host
495and present "foo" in the environment variable C<EXTENSION>. Mailgate adds value
496of this variable to message in the C<X-RT-Mail-Extension> field of the message
497header.
498
499See also C<--extension> option. Note that value of the environment variable is
500always added to the message header when it's not empty even if C<--extension>
501option is not provided.
502
503=back
504
505=cut
506