This page documentes the OTRS installation and setup for SoS, specially the configurations that are particular to SoS regarding the default one.

SoS is ran on a debian server, so we use the experimental debian package in order to have v2.0 of OTRS. We will probably switch to sources as OTRS has a quick development and debian package don't follow it.

Apache

We have setup our webserver with 3 ideas in mind:

• Having OTRS directly in the root path of http://sos.indymedia.org/
• Having admin interface residing in /admin path to have a separation between admins and users spaces.
• Rename customer.pl script to user.pl as we don't have customers ;] ...

So here is the way we have done that:

DocumentRoot /usr/share/otrs/bin/cgi-bin

   <Directory /usr/share/otrs/bin/cgi-bin/>
        AddHandler cgi-script .pl
        Options +ExecCGI
        DirectoryIndex index.html user.pl
        ErrorDocument 403 /user.pl
   </Directory>
   <Directory /usr/share/otrs/bin/cgi-bin/otrs-web/>
        SetHandler default-handler
   </Directory>ScriptAlias /admin/ "/usr/share/otrs/bin/cgi-bin/"

ScriptAlias /admin/ "/usr/share/otrs/bin/cgi-bin/"
<Location /admin>
        AllowOverride None
        ErrorDocument 403 /admin/index.pl
        ErrorDocument 404 /admin/index.pl
        Options +ExecCGI
        Order allow,deny
        Allow from all
</Location>

To have images correctly displayed, we had to add a symlink in /usr/share/otrs/bin/cgi-bin/ named 'otrs-web' pointing to '/var/lib/otrs/httpd/htdocs/'

Mysql

In order to have UTF-8 enabled, we had to install mysql v4.1 which is the first to fully support that encoding.

GPG

SoS gpg keyring is located in /var/lib/otrs/gnupg and owned by otrs:www-data as we don't have to manage it directly with the command-line. Users add theirs keys in the keyring via their account preferences. SoS have only one key and a subkey for each queue, wich is added automatically with the queue creation script and send to keys.indymedia.org.

Spamassassin

We use the basic way to have spamassassin handling incoming mail, that is to say a postmaster filter in /etc/otrs/Kernel/Config.pm as documented on http://doc.otrs.org.

What is particular to our install is that we have searched a way to have OTRS training spamassassin about its mistakes with sa-learn. The process for the queues admins had to be simple as possible, so we decided to assign the junk queue to the task of spam collection. Each time an admin find a spam, the only thing he/she have to do is to move it into the junk queue. Then a generic agent runs once a week a script of our own that collect spam from the junk queue and put it in a directory (/var/lib/otrs/mail/spam/) and other mail in the other queues in an other (/var/lib/otrs/mail/ham/). Then a cronjob passes them to sa-learn with the corresponding flag.

Here's the script:

#!/usr/bin/perl -w

# use ../ as lib location
use File::Basename;
use FindBin qw($RealBin);
use lib dirname($RealBin);
use lib dirname($RealBin)."/Kernel/cpan-lib";

use strict;

# --
# to get it readable for the webserver user and writable for otrs
# group (just in case)
# --
umask 002;

use Time::Local;
use Date::Parse;
use Kernel::Config;
use Kernel::System::Time;
use Kernel::System::Log;
use Kernel::System::DB;
use Kernel::System::Ticket;
use Kernel::System::Ticket::Article;

my $Self = shift;
my $ARG = $ARGV[0];
my $SpamQueueID = 3;     # ID of the queue where spam are stored


# Init stuffs

my $ConfigObject = Kernel::Config->new();
my $TimeObject    = Kernel::System::Time->new(
       ConfigObject => $ConfigObject,
   );
my $LogObject = Kernel::System::Log->new(
        ConfigObject => $ConfigObject,
   );
my $DBObject = Kernel::System::DB->new(
       ConfigObject => $ConfigObject,
   );

my $TicketObject = Kernel::System::Ticket->new (
       ConfigObject => $ConfigObject,
       LogObject => $LogObject,
       DBObject => $DBObject,
       TimeObject => $TimeObject,
   );

# Get last runtime and compare with ticket creation time. If ticket is newer, go on.

my $Now = $TimeObject->SystemTime();

#$Now -= 604800;                # Now a week ago


# get ArticleID

my @ArticleIDs = $TicketObject->ArticleIndex(
        TicketID => $ARGV[0],
);

my $AID = $ArticleIDs[0];


# Get Article Infos

my %Article = $TicketObject->ArticleGet(
                 ArticleID => $AID,
             );


# Format the creation date

 if ($Article{Created} =~ /(\d\d\d\d)-(\d\d|\d)-(\d\d|\d) (\d\d|\d):(\d\d|\d):(\d\d|\d)/) {
        my $Created = str2time($Article{Created});

# If the ticket has been created during the last week...

        if ($Created > $Now) {


# Get content for the first article (must be the first request of the ticket), others are notes and follow-up.

                my $PlainMessage = $TicketObject->ArticlePlain(
                ArticleID => $AID,
                );


# Put it in the dirs passed to sa-learn depending its queue.

                my $QID = $TicketObject->TicketQueueID(
                TicketID => $ARGV[0],
                );


                if ($QID != $SpamQueueID) {
                        if ( -e "/var/lib/otrs/mail/spam/$AID") {
                                unlink "/var/lib/otrs/mail/spam/$AID";
                        }
                        open(F, ">/var/lib/otrs/mail/ham/$AID");
                        print F $PlainMessage;
                        close(F);
                }
                else {
                        open(G, ">/var/lib/otrs/mail/spam/$AID");
                        print G $PlainMessage;
                        close(G);

                }

        }
}

None of us in the SoS group are perl programmers so if you have a better script, please tell us. :]

Privacy

By default, OTRS logs IPs each time an admin or a user identify him/herself in the interface. To avoid this in order to protect our users privacy, we had to modify a bunch of OTRS files, replacing log messages by something like 'Message => "User: $User authentication ok (REMOTE_ADDR: 0.0.0.0).",' These files are those located in /usr/share/otrs/Kernel/System/Auth/ and /usr/share/otrs/Kernel/CustomerAUth/. It has no incidence in the authentification mechanism.

SoS specific files

To help upgrading SoS, here are the files or folders we have modified/added to fit our needs.

• For apache configuration:
  • added a symlink named 'otrs-web' pointing to '/var/lib/otrs/httpd/htdocs/' in /usr/share/otrs/bin/cgi-bin'

• For the website design:
  • In /etc/otrs/Output/HTML/Standard/:
    • AgentNavigationBar.dtl
    • Customerfooter.dtl
    • CustomerHeader.dtl
    • CustomerLogin.dtl
    • Footer.dtl
    • Login.dtl
    • customer-css.dtl
    • added imc-logo '/var/lib/otrs/httpd/htdocs/images/Standard/imcbannerlogo.gif'

• For gpg support:
  • added /var/lib/otrs/gnupg/ (gpg home for SoS)

• For Spamassassin training:
  • added /var/lib/otrs/mail/ham/
  • added /var/lib/otrs/mail/spam/
  • added /usr/share/otrs/bin/GetSpam.pl
  • added /etc/cron.d/otrs_spam
  • added /usr/share/otrs/bin/otrs.sa-learn (called by the crontab above)

• For privacy:
  • /usr/share/otrs/Kernel/System/Auth/*
  • /usr/share/otrs/Kernel/System/CustomerAuth/*

-- BertAgaz - 09 Nov 2005