tickets #108215
closedReply-to by mail fails for code.opensuse.org
100%
Description
Hello Heroes,
when I reply by mail to a notification coming from code.o.o, I get a bounce
notice (see attached)
Can you please look into it? I feel this is a feature that should work....
Thanks
Axel
Files
Updated by pjessen over 2 years ago
- Private changed from Yes to No
My guess - the mailserver on code.o.o is dead. It looks like mails to code.o.o are going directly to code.o.o without passing through mx12.
Updated by pjessen over 2 years ago
- Category set to Git(lab|hub)
FWIW, the mailserver on pagure01 does not listen on any external address, only localhost.
I did not look at it in any detail, but I don't see that mailserver being able to do any special processing of such mails.
Updated by Pharaoh_Atem over 2 years ago
In order for reply-by-email to work, it needs some configuration: https://docs.pagure.org/pagure/install_pagure_milter.html#configure-your-system
That also includes the MTA being able to receive mail, which we don't have configured and I don't know how to do...
Updated by pjessen over 2 years ago
Pharaoh_Atem wrote:
That also includes the MTA being able to receive mail, which we don't have configured and I don't know how to do...
I'll be happy to help with that. Usually this sort of thing means setting up a dedicated transport in postfix, to feed the mail to a script for processing. I would suggest we route the mails through mx12, and then forward them internally. That way pagure doesn't have to do much.
Updated by pjessen over 2 years ago
pagure01: I have enabled it to receive mails internally.
mx12: I have routed @code.o.o to pagure01.
We need an MX record for code.o.o to point to mx12 - I'm not sure if I have access or not.
Updated by pjessen over 2 years ago
- % Done changed from 0 to 50
pjessen wrote:
We need an MX record for code.o.o to point to mx12 - I'm not sure if I have access or not.
Christian set that up yesterday, and I have now also amended /etc/postfix/main.cf, adding 'code.opensuse.org' to relay_domains.
I have also amended the firewall on pagure01 to accept internal smtp traffic.
Updated by pjessen over 2 years ago
pjessen wrote:
pjessen wrote:
We need an MX record for code.o.o to point to mx12 - I'm not sure if I have access or not.
Christian set that up yesterday, and I have now also amended /etc/postfix/main.cf, adding 'code.opensuse.org' to relay_domains.
I have also amended the firewall on pagure01 to accept internal smtp traffic.
I forgot to mention, of course pagure01 will so far only refuse any incoming mails, because it does not know what to do with them.
I'll have a look at setting up the milter, but I have no idea how to test it.
Updated by pjessen over 2 years ago
Okay, this seems fairly straight forward - there is a pagure_milter which provides a socket that postfix can talk to.
I tried enabling and starting it, but running as postfix:postfix, it cannot read /etc/pagure/pagure.cfg - having /etc/pagure/pagure.cfg world-readable is discussed a bit here: https://pagure.io/pagure/issue/1053
Config instructions: https://docs.pagure.org/pagure/install_pagure_milter.html
Updated by DocB over 2 years ago
I guess this is ongoing:
host pagure01.infra.opensuse.org[192.168.47.84] said: 554 5.7.1
reply+193d15a42272cda44e6aa54c12f8a3ae7f10bf854090b66d978e972dc846c437427260c5305bcd00f1b3f507728eab022afeb96822bc03fc4068df45b1300562@code.opensuse.org:
Relay access denied (in reply to RCPT TO command)
Updated by pjessen over 2 years ago
- Status changed from New to Feedback
- Assignee set to pjessen
DocB wrote:
I guess this is ongoing:
Yes, see comment 8 above.
Updated by pjessen over 2 years ago
I was going to change the group of /etc/pagure/pagure.cfg from 'git' to 'postfix', but I think that would likely cause an issue for pagure. The alternative might be to make /etc/pagure/pagure.cfg world readable, does anyone see an issue in that?
Updated by pjessen over 2 years ago
- Related to tickets #101244: mails to code.o.o bounce ("Connection timed out") added
Updated by hellcp almost 2 years ago
You could also set it up in salt so that we have 2 identical copies of the configuration in different places, one with permissions for one and the other for other
Updated by pjessen almost 2 years ago
- Has duplicate tickets #122872: pagure01.i.o.o (code.o.o) rejects mails to @code.o.o added
Updated by pjessen almost 2 years ago
- Status changed from Feedback to Workable
pjessen wrote:
I have now also amended /etc/postfix/main.cf, adding 'code.opensuse.org' to relay_domains.
I guess this was overwritten by a highstate ?
Updated by pjessen almost 2 years ago
- Related to tickets #122596: postfix config on pagure01.i.o.o added
Updated by pjessen over 1 year ago
- Related to tickets #123757: pagure01.i.o.o (code.o.o) rejects mails to @code.o.o added
Updated by pjessen about 1 year ago
- Related to tickets #133163: Fwd: Undelivered Mail Returned to Sender added
Updated by pjessen about 1 year ago
- Related to deleted (tickets #133163: Fwd: Undelivered Mail Returned to Sender)
Updated by pjessen about 1 year ago
- Has duplicate tickets #133163: Fwd: Undelivered Mail Returned to Sender added
Updated by pjessen about 1 year ago
pjessen wrote:
pjessen wrote:
I have now also amended /etc/postfix/main.cf, adding 'code.opensuse.org' to relay_domains.
I guess this was overwritten by a highstate ?
As mails to code.o.o are to be received and processed locally, for starters, we ought to have mydestination = code.opensuse.org
I think. I have amended the postfix config.
Next there is the issue of comment 8 and comment 11 above - about making /etc/pagure/pagure.cfg world readable. It seems to me this whole setup needs some TLC and someone who cares about it. I am very happy to lend a hand when it comes to the mail setup.
Updated by crameleon 3 months ago ยท Edited
It seems the functionality is broke again in the meanwhile:
mx2 (mx2.o.o):~ # journalctl -S today -u postfix -g reply\\+8 --no-pager
Jul 14 05:55:07 mx2 postfix/smtpd[10692]: NOQUEUE: reject: RCPT from mout-p-101.mailbox.org[2001:67c:2050:0:465::101]: 450 4.2.0 <mout-p-101.mailbox.org[2001:67c:2050:0:465::101]>: Client host rejected: Service temporarily unavailable, please retry later; from=<mail@georg-pfuetzenreuter.net> to=<reply+896aaedca02fde6b2e2f69c538de9ab81605a20b3dcb8ebd260d26199236a279de459cf5305b701d5b7445230bcd12e53ce11c0e14f5e36a9b97b5daa2d7fd11@code.opensuse.org> proto=ESMTP helo=<mout-p-101.mailbox.org>
Jul 14 05:55:07 mx2 postfix/smtpd[11088]: NOQUEUE: reject: RCPT from mout-p-101.mailbox.org[2001:67c:2050:0:465::101]: 450 4.2.0 <mout-p-101.mailbox.org[2001:67c:2050:0:465::101]>: Client host rejected: Service temporarily unavailable, please retry later; from=<mail@georg-pfuetzenreuter.net> to=<reply+896aaedca02fde6b2e2f69c538de9ab81605a20b3dcb8ebd260d26199236a279de459cf5305b701d5b7445230bcd12e53ce11c0e14f5e36a9b97b5daa2d7fd11@code.opensuse.org> proto=ESMTP helo=<mout-p-101.mailbox.org>
Jul 14 06:00:36 mx2 postfix/smtpd[10692]: proxy-accept: END-OF-MESSAGE: 250 2.0.0 Ok: queued as 4B8B137EB; from=<mail@georg-pfuetzenreuter.net> to=<reply+896aaedca02fde6b2e2f69c538de9ab81605a20b3dcb8ebd260d26199236a279de459cf5305b701d5b7445230bcd12e53ce11c0e14f5e36a9b97b5daa2d7fd11@code.opensuse.org> proto=ESMTP helo=<mout-p-101.mailbox.org>
Jul 14 06:00:36 mx2 postfix/relay/smtp[11189]: 4B8B137EB: to=<reply+896aaedca02fde6b2e2f69c538de9ab81605a20b3dcb8ebd260d26199236a279de459cf5305b701d5b7445230bcd12e53ce11c0e14f5e36a9b97b5daa2d7fd11@code.opensuse.org>, relay=mx1.opensuse.org[195.135.223.51]:25, delay=5.4, delays=5.3/0.02/0.04/0.01, dsn=4.2.0, status=deferred (host mx1.opensuse.org[195.135.223.51] said: 450 4.2.0 <unknown[172.16.131.12]>: Client host rejected: Service temporarily unavailable, please retry later (in reply to RCPT TO command))
The mailer daemon reply says:
<reply+896aaedca02fde6b2e2f69c538de9ab81605a20b3dcb8ebd260d26199236a279de459cf5305b701d5b7445230bcd12e53ce11c0e14f5e36a9b97b5daa2d7fd11@code.opensuse.org>:
mail for code.opensuse.org loops back to myself
I did not find any references to "code.o*" or "pagure" in /etc/postfix on mx{1,2}, except for the relay_domains entry.
I now configured the following (for now just temporarily, for testing):
- Postfix transport entry on mx{1,2}, routing @code.o.o to pagure01.i.o.o
- Firewalld rule on pagure01, allowing incoming SMTP traffic from mx{1,2}
- Add file ACL on pagure01, allowing the
postfix
group to read /etc/pagure/pagure.cfg -> the pagure_milter service running aspostfix:postfix
is a rather odd choice in my opinion - not being sandboxed either it basically is allowed to tamper with Postfix out of the box - this should be changed in the package to use at least a designated user (and ideally also some hardening) - the socket under the /run directory could then be made group readable by Postfix. - Postfix milter configuration on pagure01.i.o.o as per https://docs.pagure.org/pagure/install_pagure_milter.html#configure-your-system
This makes the email setup work, but the result in Pagure upon replying to a notification email is rather .. interesting:
https://code.opensuse.org/crameleon/test/issue/1#comment-2699
It seems to be the email but encoded in base64:
~> echo 'cmVwbHkgdmlhIGVtYWlsDQoNCk9uIDcvMTQvMjQgNzo1NCBBTSwgUmljaGFyZCBSYWhsIHdyb3RlOg0KPiANCj4gcnJhaGwwIGFkZGVkIGEgbmV3IGNvbW1lbnQgdG8gYW4gaXNzdWUgeW91IGFyZSBmb2xsb3dpbmc6DQo+IGBgDQo+IFRlc3QNCj4gYGANCj4gDQo+IFRvIHJlcGx5LCB2aXNpdCB0aGUgbGluayBiZWxvdyBvciBqdXN0IHJlcGx5IHRvIHRoaXMgZW1haWwNCj4gaHR0cHM6Ly9jb2RlLm9wZW5zdXNlLm9yZy9jcmFtZWxlb24vdGVzdC9pc3N1ZS8xDQo='|base64 -d
reply via email
On 7/14/24 7:54 AM, Richard Rahl wrote:
>
> rrahl0 added a new comment to an issue you are following:
> ``
> Test
> ``
>
> To reply, visit the link below or just reply to this email
> https://code.opensuse.org/crameleon/test/issue/1
Updated by crameleon 3 months ago
- % Done changed from 50 to 80
Patches to our configuration submitted via https://gitlab.infra.opensuse.org/infra/salt/-/merge_requests/1953.
Separate issue filed for the base64 oddity: https://progress.opensuse.org/issues/163889.
Updated by crameleon 3 months ago
- Status changed from In Progress to Resolved
- % Done changed from 80 to 100
https://progress.opensuse.org/projects/opensuse-admin/repository/salt/revisions/5805055e948937bb23ac0f4cfc2807982af82f9e merged and deployed, follow up issue tracked in #163889.
Updated by crameleon 3 months ago
- Related to tickets #163889: Replying to code.o.o notifications adds comments base64 encoded added