Terra
12-05-1998, 05:35 PM
I have been knee deep in QMail for the last couple *daze*... http://www.aota.net/ubb/wink.gif
Problem: CGI scripts that send out mail, are not properly setting a "Return-Path:" header that controls where bounces are sent back to... This causes all customers bounce notifications to end up in the system box...
The switch that controls this is '-fuser@yourdomain.com'... Without it, the mail system will use 'anonymous@futurequest.net', which in turns bounces everything back to FutureQuest core mailboxes... This is definitely not good, since some of you have large customer lists that you send mail to... What is needed is a method to make these changes happen transparently to the domain owner...
Solution: Pound head against desk for several days till some slick creative solution dawns upon you...
Well, ummm, today that solution came to me, after days of staring at extremely complicated QMail C source code... If you have never read RFC822 and Email tokenization -- spare your sanity and *DON'T*!!!
This is a two pronged attack...
1) System Login level: When you telnet/SSH into your account, your environment will adjust to a new variable 'QMAILHOST' for which the qmail-inject or the 'sendmail wrapper' will pick up on and use for Return-Path... This will automatically be set for both BASH and TCSH (csh) users... So that takes care of the command line users...
2) Apache and CGI scripts: This was the tough one... Apache sanitizes a users environment before running a CGI script... So even if QMAILHOST was set properly, the sendmail program would never see it... http://www.aota.net/ubb/frown.gif
Next alternative was to notify every customer with FutureQuest to start using 'sendmail -fyou@yourdomain.com' and usually the '-t' is there as well... Hmmmm, I don't think that would be in our 'Support@FutureQuest.net' mailbox best interest... http://www.aota.net/ubb/wink.gif
So, back to the code to figure out how to do this internally, with least amount of modifications... Until 2 hours ago, I was faced with an unbelievable task of doing just this... Then something miraculous happened -- The hours/hours/hours of estimated adjustments to make this a reality, suddenly morphed into 6 simple lines of code change... It happened right after I switched from Folgers Decaf coffee to some Mr. Bean cappachino (hi octane mocha flavor)... http://www.aota.net/ubb/smile.gif
Hmmm, you may ask *why* is he writing all this??? hehehehe...
Well, many things happen during the course of my day Building/Administrating the server -- 90% of it, you never get to really see... This is a sneak peak into one of the many tasks-->accomplishments that my job entails...
Also to let you know that all CGI mail will bounce back to 'webmaster@xxxxx.xxx' if you don't set the '-f' switch-variable in your CGI scripts, instead of bouncing back to 'anonymous@futurequest.net'...
On the surface, the problem looks simple enough... Just change 'anonymous@futureQuest.net' --> 'webmaster@xxxx.xxx'... Ummm, that's what I thought to, until I started digging deep into the QMail source code... There was *no* straightforward way to do so, without breaking things... The round-a-bout way has been thoroughly stress-tested and is now rolled out in production use... All domains will now benefit from this change to our mail system...
In the end - just a day in the life of the sysAdmin they call Terra...
--
Andrew Gillespie
Systems Administrator
FutureQuest.net
------------------
www.FutureQuest.net (http://www.FutureQuest.net)
--Knowledge spawns creative solutions for complex problems--
[This message has been edited by ccTech (edited 12-05-98).]
Problem: CGI scripts that send out mail, are not properly setting a "Return-Path:" header that controls where bounces are sent back to... This causes all customers bounce notifications to end up in the system box...
The switch that controls this is '-fuser@yourdomain.com'... Without it, the mail system will use 'anonymous@futurequest.net', which in turns bounces everything back to FutureQuest core mailboxes... This is definitely not good, since some of you have large customer lists that you send mail to... What is needed is a method to make these changes happen transparently to the domain owner...
Solution: Pound head against desk for several days till some slick creative solution dawns upon you...
Well, ummm, today that solution came to me, after days of staring at extremely complicated QMail C source code... If you have never read RFC822 and Email tokenization -- spare your sanity and *DON'T*!!!
This is a two pronged attack...
1) System Login level: When you telnet/SSH into your account, your environment will adjust to a new variable 'QMAILHOST' for which the qmail-inject or the 'sendmail wrapper' will pick up on and use for Return-Path... This will automatically be set for both BASH and TCSH (csh) users... So that takes care of the command line users...
2) Apache and CGI scripts: This was the tough one... Apache sanitizes a users environment before running a CGI script... So even if QMAILHOST was set properly, the sendmail program would never see it... http://www.aota.net/ubb/frown.gif
Next alternative was to notify every customer with FutureQuest to start using 'sendmail -fyou@yourdomain.com' and usually the '-t' is there as well... Hmmmm, I don't think that would be in our 'Support@FutureQuest.net' mailbox best interest... http://www.aota.net/ubb/wink.gif
So, back to the code to figure out how to do this internally, with least amount of modifications... Until 2 hours ago, I was faced with an unbelievable task of doing just this... Then something miraculous happened -- The hours/hours/hours of estimated adjustments to make this a reality, suddenly morphed into 6 simple lines of code change... It happened right after I switched from Folgers Decaf coffee to some Mr. Bean cappachino (hi octane mocha flavor)... http://www.aota.net/ubb/smile.gif
Hmmm, you may ask *why* is he writing all this??? hehehehe...
Well, many things happen during the course of my day Building/Administrating the server -- 90% of it, you never get to really see... This is a sneak peak into one of the many tasks-->accomplishments that my job entails...
Also to let you know that all CGI mail will bounce back to 'webmaster@xxxxx.xxx' if you don't set the '-f' switch-variable in your CGI scripts, instead of bouncing back to 'anonymous@futurequest.net'...
On the surface, the problem looks simple enough... Just change 'anonymous@futureQuest.net' --> 'webmaster@xxxx.xxx'... Ummm, that's what I thought to, until I started digging deep into the QMail source code... There was *no* straightforward way to do so, without breaking things... The round-a-bout way has been thoroughly stress-tested and is now rolled out in production use... All domains will now benefit from this change to our mail system...
In the end - just a day in the life of the sysAdmin they call Terra...
--
Andrew Gillespie
Systems Administrator
FutureQuest.net
------------------
www.FutureQuest.net (http://www.FutureQuest.net)
--Knowledge spawns creative solutions for complex problems--
[This message has been edited by ccTech (edited 12-05-98).]