openSUSE admin

In order for reply-by-email to work, it needs some configuration: https://docs.pagure.org/pagure/install_pagure_milter.html#configure-your-system

That also includes the MTA being able to receive mail, which we don't have configured and I don't know how to do...

Pharaoh_Atem wrote:

That also includes the MTA being able to receive mail, which we don't have configured and I don't know how to do...

I'll be happy to help with that. Usually this sort of thing means setting up a dedicated transport in postfix, to feed the mail to a script for processing. I would suggest we route the mails through mx12, and then forward them internally. That way pagure doesn't have to do much.

pagure01: I have enabled it to receive mails internally.
mx12: I have routed @code.o.o to pagure01.
We need an MX record for code.o.o to point to mx12 - I'm not sure if I have access or not.

pjessen wrote:

pjessen wrote:

We need an MX record for code.o.o to point to mx12 - I'm not sure if I have access or not.

Christian set that up yesterday, and I have now also amended /etc/postfix/main.cf, adding 'code.opensuse.org' to relay_domains.
I have also amended the firewall on pagure01 to accept internal smtp traffic.

I forgot to mention, of course pagure01 will so far only refuse any incoming mails, because it does not know what to do with them.
I'll have a look at setting up the milter, but I have no idea how to test it.

Okay, this seems fairly straight forward - there is a pagure_milter which provides a socket that postfix can talk to.
I tried enabling and starting it, but running as postfix:postfix, it cannot read /etc/pagure/pagure.cfg - having /etc/pagure/pagure.cfg world-readable is discussed a bit here: https://pagure.io/pagure/issue/1053
Config instructions: https://docs.pagure.org/pagure/install_pagure_milter.html

I guess this is ongoing:

host pagure01.infra.opensuse.org[192.168.47.84] said: 554 5.7.1
reply+193d15a42272cda44e6aa54c12f8a3ae7f10bf854090b66d978e972dc846c437427260c5305bcd00f1b3f507728eab022afeb96822bc03fc4068df45b1300562@code.opensuse.org:
Relay access denied (in reply to RCPT TO command)

I was going to change the group of /etc/pagure/pagure.cfg from 'git' to 'postfix', but I think that would likely cause an issue for pagure. The alternative might be to make /etc/pagure/pagure.cfg world readable, does anyone see an issue in that?

You could also set it up in salt so that we have 2 identical copies of the configuration in different places, one with permissions for one and the other for other

pjessen wrote:

pjessen wrote:

I have now also amended /etc/postfix/main.cf, adding 'code.opensuse.org' to relay_domains.

I guess this was overwritten by a highstate ?

As mails to code.o.o are to be received and processed locally, for starters, we ought to have mydestination = code.opensuse.org I think. I have amended the postfix config.
Next there is the issue of comment 8 and comment 11 above - about making /etc/pagure/pagure.cfg world readable. It seems to me this whole setup needs some TLC and someone who cares about it. I am very happy to lend a hand when it comes to the mail setup.

It seems the functionality is broke again in the meanwhile:

mx2 (mx2.o.o):~ # journalctl -S today -u postfix -g reply\\+8  --no-pager
Jul 14 05:55:07 mx2 postfix/smtpd[10692]: NOQUEUE: reject: RCPT from mout-p-101.mailbox.org[2001:67c:2050:0:465::101]: 450 4.2.0 <mout-p-101.mailbox.org[2001:67c:2050:0:465::101]>: Client host rejected: Service temporarily unavailable, please retry later; from=<mail@georg-pfuetzenreuter.net> to=<reply+896aaedca02fde6b2e2f69c538de9ab81605a20b3dcb8ebd260d26199236a279de459cf5305b701d5b7445230bcd12e53ce11c0e14f5e36a9b97b5daa2d7fd11@code.opensuse.org> proto=ESMTP helo=<mout-p-101.mailbox.org>
Jul 14 05:55:07 mx2 postfix/smtpd[11088]: NOQUEUE: reject: RCPT from mout-p-101.mailbox.org[2001:67c:2050:0:465::101]: 450 4.2.0 <mout-p-101.mailbox.org[2001:67c:2050:0:465::101]>: Client host rejected: Service temporarily unavailable, please retry later; from=<mail@georg-pfuetzenreuter.net> to=<reply+896aaedca02fde6b2e2f69c538de9ab81605a20b3dcb8ebd260d26199236a279de459cf5305b701d5b7445230bcd12e53ce11c0e14f5e36a9b97b5daa2d7fd11@code.opensuse.org> proto=ESMTP helo=<mout-p-101.mailbox.org>
Jul 14 06:00:36 mx2 postfix/smtpd[10692]: proxy-accept: END-OF-MESSAGE: 250 2.0.0 Ok: queued as 4B8B137EB; from=<mail@georg-pfuetzenreuter.net> to=<reply+896aaedca02fde6b2e2f69c538de9ab81605a20b3dcb8ebd260d26199236a279de459cf5305b701d5b7445230bcd12e53ce11c0e14f5e36a9b97b5daa2d7fd11@code.opensuse.org> proto=ESMTP helo=<mout-p-101.mailbox.org>
Jul 14 06:00:36 mx2 postfix/relay/smtp[11189]: 4B8B137EB: to=<reply+896aaedca02fde6b2e2f69c538de9ab81605a20b3dcb8ebd260d26199236a279de459cf5305b701d5b7445230bcd12e53ce11c0e14f5e36a9b97b5daa2d7fd11@code.opensuse.org>, relay=mx1.opensuse.org[195.135.223.51]:25, delay=5.4, delays=5.3/0.02/0.04/0.01, dsn=4.2.0, status=deferred (host mx1.opensuse.org[195.135.223.51] said: 450 4.2.0 <unknown[172.16.131.12]>: Client host rejected: Service temporarily unavailable, please retry later (in reply to RCPT TO command))

The mailer daemon reply says:

<reply+896aaedca02fde6b2e2f69c538de9ab81605a20b3dcb8ebd260d26199236a279de459cf5305b701d5b7445230bcd12e53ce11c0e14f5e36a9b97b5daa2d7fd11@code.opensuse.org>:
    mail for code.opensuse.org loops back to myself

I did not find any references to "code.o*" or "pagure" in /etc/postfix on mx{1,2}, except for the relay_domains entry.

I now configured the following (for now just temporarily, for testing):

• Postfix transport entry on mx{1,2}, routing @code.o.o to pagure01.i.o.o
• Firewalld rule on pagure01, allowing incoming SMTP traffic from mx{1,2}
• Add file ACL on pagure01, allowing the postfix group to read /etc/pagure/pagure.cfg -> the pagure_milter service running as postfix:postfix is a rather odd choice in my opinion - not being sandboxed either it basically is allowed to tamper with Postfix out of the box - this should be changed in the package to use at least a designated user (and ideally also some hardening) - the socket under the /run directory could then be made group readable by Postfix.
• Postfix milter configuration on pagure01.i.o.o as per https://docs.pagure.org/pagure/install_pagure_milter.html#configure-your-system

This makes the email setup work, but the result in Pagure upon replying to a notification email is rather .. interesting:

https://code.opensuse.org/crameleon/test/issue/1#comment-2699

It seems to be the email but encoded in base64:

~> echo 'cmVwbHkgdmlhIGVtYWlsDQoNCk9uIDcvMTQvMjQgNzo1NCBBTSwgUmljaGFyZCBSYWhsIHdyb3RlOg0KPiANCj4gcnJhaGwwIGFkZGVkIGEgbmV3IGNvbW1lbnQgdG8gYW4gaXNzdWUgeW91IGFyZSBmb2xsb3dpbmc6DQo+IGBgDQo+IFRlc3QNCj4gYGANCj4gDQo+IFRvIHJlcGx5LCB2aXNpdCB0aGUgbGluayBiZWxvdyBvciBqdXN0IHJlcGx5IHRvIHRoaXMgZW1haWwNCj4gaHR0cHM6Ly9jb2RlLm9wZW5zdXNlLm9yZy9jcmFtZWxlb24vdGVzdC9pc3N1ZS8xDQo='|base64 -d
reply via email

On 7/14/24 7:54 AM, Richard Rahl wrote:
>
> rrahl0 added a new comment to an issue you are following:
> ``
> Test
> ``
>
> To reply, visit the link below or just reply to this email
> https://code.opensuse.org/crameleon/test/issue/1