403 returned by rt-mailgate / mail-gateway

Hi everyone.

So my setup is Debian Lenny, Postfix, Apache2, RT3.6. This machine
was recently upgraded, my RT3.4 installation was removed by the
upgrade. I installed 3.6 via aptitude, pulled the 3.4 database in,
updated the schema etc. etc.

RT is largely working - I can log in, perform all administrative and
user functions, create tickets, reply to tickets etc - I thought this
was great!

The only fly in my ointment is that mail is not getting through to the system.

In /etc/aliases we direct mail to RT with:

support: "|/usr/bin/rt-mailgate --queue ‘BSU’ --action correspond
–url http://bsu.ncl.ac.uk/rt"
support-comment: “|/usr/bin/rt-mailgate --queue ‘BSU’ --action comment
–url http://bsu.ncl.ac.uk/rt

However all attempts to send mail result in (from Postfix mail.log):

Apr 29 09:48:09 bsu postfix/local[21497]: 1F6C4A0010:
to=support@bsu.ncl.ac.uk, relay=local, delay=8924,
delays=8923/0.04/0/0.9, dsn=4.3.0, status=deferred (temporary failure.
Command output: An Error Occurred ================= 403 Forbidden )

In the Apache2 logs we get:

[Wed Apr 29 10:01:40 2009] [error] [client 128.240.125.96] client
denied by server configuration:
/usr/share/request-tracker3.6/html/REST/1.0/NoAuth/mail-gateway

There’s a suggestion in the FAQ that adding this to to the Apache2
configs (sites-enabled/000-default in my case) might alleviate the
problem inside the VirtualHost directive.

<Directory “/usr/share/request-tracker3.6/html/”>
Order allow,deny
Allow from all

(It doesn’t)

The only other directive relating to RT in this file is:

Include “/etc/request-tracker3.6/apache2-modperl2.conf”

I realise this is probably an Apache setup issue, but I just cannot
figure out exactly what the issue is and it’s starting to tear my hair
out - we use RT a lot for many projects and I’ve already had a days
downtime on this :frowning:

I pasted the RT config here if it’s helpful: http://pastebin.com/m37e157e4

Any pointers would be gratefully received.

Dan

Bioinformatics Support Unit || http://bsu.ncl.ac.uk/
Institute for Cell and Molecular Biosciences,
Faculty of Medical Sciences, Framlington Place,
Newcastle University, Newcastle, NE2 4HH
Tel: +44 (0)191 222 7253 (Leech offices: Rooms M.2046/M.2046A - Mon/Wed)
Tel: +44 (0)191 246 4833 (Devonshire offices: Rooms G.25/G.26 - Thu/Fri)

However all attempts to send mail result in (from Postfix mail.log):

Apr 29 09:48:09 bsu postfix/local[21497]: 1F6C4A0010:
to=support@bsu.ncl.ac.uk, relay=local, delay=8924,
delays=8923/0.04/0/0.9, dsn=4.3.0, status=deferred (temporary failure.
Command output: An Error Occurred ================= 403 Forbidden )

In the Apache2 logs we get:

[Wed Apr 29 10:01:40 2009] [error] [client 128.240.125.96] client
denied by server configuration:
/usr/share/request-tracker3.6/html/REST/1.0/NoAuth/mail-gateway

There’s a suggestion in the FAQ that adding this to to the Apache2
configs (sites-enabled/000-default in my case) might alleviate the
problem inside the VirtualHost directive.

<Directory “/usr/share/request-tracker3.6/html/”>
Order allow,deny
Allow from all

(It doesn’t)

The only other directive relating to RT in this file is:

Include “/etc/request-tracker3.6/apache2-modperl2.conf”

If you look further down that file you’ll find:

Limit mail gateway access to localhost by default

<Location /rt/REST/1.0/NoAuth>
Order Allow,Deny
Allow from 127.0.0.1

As you’ve configured http://bsu.ncl.ac.uk/rt as the path to your
installation on the mailgate command line, your requests won’t be
coming from localhost (127.0.0.1). The least invasive fix is probably
adding:

Allow from 128.240.125.96

or

Allow from bsu.ncl.ac.uk

to that stanza in /etc/request-tracker3.6/apache2-modperl2.conf

Dominic Hargreaves, Systems Development and Support Team
Computing Services, University of Oxford

Dominic,

Include “/etc/request-tracker3.6/apache2-modperl2.conf”

If you look further down that file you’ll find:

Limit mail gateway access to localhost by default

<Location /rt/REST/1.0/NoAuth>
Order Allow,Deny
Allow from 127.0.0.1

As you’ve configured http://bsu.ncl.ac.uk/rt as the path to your
installation on the mailgate command line, your requests won’t be
coming from localhost (127.0.0.1). The least invasive fix is probably
adding:

Allow from 128.240.125.96

or

Allow from bsu.ncl.ac.uk

to that stanza in /etc/request-tracker3.6/apache2-modperl2.conf

That was exactly the route I ended up taking, and indeed worked.

thanks,

Dan

Bioinformatics Support Unit || http://bsu.ncl.ac.uk/
Institute for Cell and Molecular Biosciences,
Faculty of Medical Sciences, Framlington Place,
Newcastle University, Newcastle, NE2 4HH
Tel: +44 (0)191 222 7253 (Leech offices: Rooms M.2046/M.2046A - Mon/Wed)
Tel: +44 (0)191 246 4833 (Devonshire offices: Rooms G.25/G.26 - Thu/Fri)