I have installed the wsgetmail and registered on O365. Now I’m able to get the system to attempt to pull emails. Problem comes now to this error I’m receiving now.
fetching mail using configuration wsgetmail.json
failed to run command "/opt/rt5/bin/rt-mailgate " for file /tmp/vLFcolmVi8.mime : 19200 at /usr/local/share/perl/5.30.0/App/wsgetmail/MDA.pm line 204.
Struggling to get wsgetmail working on my Ubuntu Jammy system.
API permissions
$ wsgetmail --debug --dry-run --config=wsgetmail.json
fetching mail using configuration wsgetmail.json
making GET request to url https://graph.microsoft.com/v1.0/users/xxxxxxxx@real-time.com/mailFolders at /usr/share/perl/5.34/App/wsgetmail/MS365/Client.pm line 224.
getting system access token at /usr/share/perl/5.34/App/wsgetmail/MS365/Client.pm line 290.
failed to fetch folder detail 403 Forbidden at /usr/share/perl/5.34/App/wsgetmail/MS365.pm line 370.
response from server : {"error":{"code":"ErrorAccessDenied","message":"Access is denied. Check credentials and try again."}} at /usr/share/perl/5.34/App/wsgetmail/MS365.pm line 371.
unable to fetch messages, can't find folder Inbox at /usr/share/perl/5.34/App/wsgetmail/MS365.pm line 418.
All my dependencies ok?
$ perl Makefile.PL
*** Module::AutoInstall version 1.19
*** Checking for Perl dependencies...
[Core Features]
- Azure::AD::ClientCredentials ...loaded. (0.02)
- Clone ...loaded. (0.45)
- FindBin ...loaded. (1.52)
- File::Slurp ...loaded. (9999.32)
- File::Temp ...loaded. (0.2311)
- Getopt::Long ...loaded. (2.52)
- IPC::Run ...loaded. (20200505.0)
- JSON ...loaded. (4.04)
- LWP::UserAgent ...loaded. (6.61 >= 6.42)
- Module::Load ...loaded. (0.36)
- Moo ...loaded. (2.005004)
- Pod::Usage ...loaded. (2.01)
- strict ...loaded. (1.12)
- Test::LWP::UserAgent ...loaded. (0.036)
- Test::More ...loaded. (1.302183)
- URI::Escape ...loaded. (5.10)
- URI ...loaded. (5.10)
- warnings ...loaded. (1.51)
Is this the right Azure::AD::ClientCredentials?
Every other dependency I was able to install via apt-get.
Powershell testing would indicate success?
Test-ApplicationAccessPolicy -Identity xxxxxx@real-time.com -AppId 2bxxxxxx-xxxx-xxxx-829c-xxxxxxxxxxad
AppId : 2bxxxxxx-xxxx-xxxx-xxxxxxxxxxxxxxxad
Mailbox : cxxxxxxxxl
MailboxId : b9xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx4c
MailboxSid : S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-xxxxxx47
AccessCheckResult : Granted
Any help would be appreciated.
Any help on this issue?
Hi, @Bob_Tanner
The instructions aren´t very clear about the permissions.
Also the permissions changed some are delegated other are application.
Try to setup the permissoes like this:
Also be careful with the name of the inbox folder.
In my case it wans’t “Inbox” it was “A Receber”.
Thanks for the response @ricardoc. I adjusted my permissions to match your screenshot but I cannot get the Admin consent required columns to match yours.
And how to I confirm the inbox folder name? I assumed when I log in via the Outlook web interface, if the folder name is Inbox in the web UI it would be name of the folder I use is wsgetmail?
After your permissions tweaks, still getting permission problem.
$ wsgetmail --debug --dry-run --config=wsgetmail.json
fetching mail using configuration wsgetmail.json
making GET request to url https://graph.microsoft.com/v1.0/users/xxxxxxxx@real-time.com/mailFolders at /usr/share/perl/5.34/App/wsgetmail/MS365/Client.pm line 224.
getting system access token at /usr/share/perl/5.34/App/wsgetmail/MS365/Client.pm line 290.
failed to fetch folder detail 403 Forbidden at /usr/share/perl/5.34/App/wsgetmail/MS365.pm line 370.
response from server : {"error":{"code":"ErrorAccessDenied","message":"Access is denied. Check credentials and try again."}} at /usr/share/perl/5.34/App/wsgetmail/MS365.pm line 371.
unable to fetch messages, can't find folder Inbox at /usr/share/perl/5.34/App/wsgetmail/MS365.pm line 418.
In order to see the folder name @Bob_Tanner you are right.
If you access via web and the folder name is Inbox in the outlook web page that is the folder name.
About the permisssions, when you add new permissions, under the Microsoft Graph you dont see this:
These two buttons: Delegated permissions or Application Permissions lets you decide which type of permissions are you attribuing
You should first click on one and then do the search for the required permission
Not sure which change “fixed” my problem. Just documenting my “stuff” here in case it helps someone else.
I changed the Admin consent required to yes
I played around in Powershell on macOS.
> $PSVersionTable
Name Value
---- -----
PSVersion 7.2.7
PSEdition Core
GitCommitId 7.2.7
OS Darwin 21.6.0 Darwin Kernel Version 21.6.0: Thu Sep 29 20:13:56 PDT 2022; root:xnu-8020.240.7~1/RELEASE_ARM64_T6000
Platform Unix
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0
Connect to Graph so I can do some troubleshooting/debugging
> Connect-MgGraph -Scopes "Mail.Read","Mail.Read.Shared","Mail.ReadWrite","Mail.ReadWrite.Shared","openid","User.Read.All" -TenantId 91xxxxxxxxxxx-xxxx-xxxx-xxxxxxxxxx51
Welcome To Microsoft Graph!
Get users UPN’s
> Get-MgUser
Get user folders
> Get-MgUserMailFolder -UserId b9xxxxxxxxxxx-xxxx-xxxx-xxxxxxxxxx4c
I’m stuck trying to get email working. I have an Ubuntu 20.04 vm running RT 5.0.3 / postgres. I have configured wsgetmail, and followed the instructions to setup Microsoft Graph API.
I run:
wsgetmail --debug --dry-run --config=wsgetmail.json
and get the following when the email Inbox is empty:
fetching mail using configuration wsgetmail.json
making GET request to url https://graph.microsoft.com/v1.0/users/something@xxxxxxx.com/mailFolders at /usr/local/share/perl/5.30.0/App/wsgetmail/MS365/Client.pm line 224.
getting system access token at /usr/local/share/perl/5.30.0/App/wsgetmail/MS365/Client.pm line 290.
processed 0 messages
I run it again when there is an email in the Inbox and get a timeout error:
fetching mail using configuration wsgetmail.json
making GET request to url https://graph.microsoft.com/v1.0/users/something@xxxxxxx.com/mailFolders at /usr/local/share/perl/5.30.0/App/wsgetmail/MS365/Client.pm line 224.
getting system access token at /usr/local/share/perl/5.30.0/App/wsgetmail/MS365/Client.pm line 290.
making GET request to url https://graph.microsoft.com/v1.0/users/something@xxxxxxx.com/mailFolders/AQMkADcyYTA4N2QxLTY4YzUtNDU1ADMtOWMwOC03ZTJkMmExMDABNjUALgAAA_rX4iJdqq5Lk89Ay2Cn9bQBABn0ld1zgcdJntejDgwN0YwAAAIBDAAAAA==/messages at /usr/local/share/perl/5.30.0/App/wsgetmail/MS365/Client.pm line 224.
making GET request to url https://graph.microsoft.com/v1.0/users/something@xxxxxxx.com/messages/AAMkADcyYTA4N2QxLTY4YzUtNDU1My05YzA4LTdlMmQyYTEwMDA2NQBGAAAAAADq1_IiXaquS5PPQMtgp-W0BwAZ9JXdc4HHSZ7Xow4MDdGMAAAAAAEMAAAZ9JXdc4HHSZ7Xow4MDdGMAAABEKuoAAA=/$value at /usr/local/share/perl/5.30.0/App/wsgetmail/MS365/Client.pm line 224.
IPC::Run: timeout on timer #1 at /usr/local/share/perl/5.30.0/IPC/Run.pm line 3007.
I’ve noticed that this timeout when running the command seems to coincide with my rt-server no longer responding. I restarted it and noted the following new errors, but still can’t reach RT any longer.
Nov 10 19:12:03 hrutil02 systemd[1]: Started RT FCGI server.
Nov 10 19:12:08 hrutil02 RT[678654]: [678654] Failed attempt to create a ticket by email, from me@xxxxxxx.com: me@xxxxxxx.com attempted to create a ticket via email in the queue General; you
might need to grant ‘Everyone’ the CreateTicket right.
Nov 10 19:12:08 hrutil02 postfix/postdrop[678679]: warning: mail_queue_enter: create file maildrop/224998.678679: Permission denied
I’ve gone bald pulling my hair out creating this server. Really appreciate any help / insights you might have 
UPDATE:
Changed Default queue to allow “Everyone” to create tickets - Restarted rt-server, then reran wsgetmail dry run - Same timeout at line 3007 as before but RT log shows something different.
Nov 10 19:58:58 hrutil02 systemd[1]: Started RT FCGI server.
Nov 10 20:08:34 hrutil02 RT[681504]: [681504] rt-5.0.3-681504-1668110914-1074.2-7-0@blahSupport #2/43 - Scrip 7 On Create Autoreply To Requestors
Nov 10 20:08:34 hrutil02 postfix/postdrop[681886]: warning: mail_queue_enter: create file maildrop/435477.681886: Permission denied
Nov 10 20:08:44 hrutil02 postfix/postdrop[681886]: warning: mail_queue_enter: create file maildrop/435689.681886: Permission denied
Those errors don’t look like they’re coming from RT itself, but from your postfix/postdrop MTA. Looks like it doesn’t have permission to write its files - possibly a permission problem on its mail spool and/or temporary directory. See if you can send an email from outside of RT to check if that works, and if not check the documentation/config for this MTA to work out what user you need to give rights to on this directory.
@GreenJimll - Thank you for the reply - Yes, and just keeps throwing those errors.
It’s odd in that rt is running postdrop which gets the permission error, but rt can write to the maildrop directory. but postfix / MTA issues are another topic.
Regarding WSGetMail - I can see that it will pull mails from my Office 365 / with the MS Graph API permissions. Will it send directly through that same function?
Our old RT server uses fetchmail through a relay windows server to POP3 which is dead on Dec 31. If we still have to relay mails out and wsgetmail doesn’t handle that as well, I’m curious how people have set that up to work. My RT’s are Azure VM’s.
Thank you
Update: It is a permissions problem with /var/spool/postfix/maildrop directory
Postfix sets it to: drwxr-x–T
I’ve tried several other combinations of permissions and settled on 777 and then it works. All other email works with the default permissions but wsgetmail. 777 is OK for now.
So the next fsck’ing error is:
wsgetmail --debug --dry-run --config=/usr/local/etc/wsgetmail.json
failed to run command “/opt/rt5/bin/rt-mailgate --url=https://myrtserver.corp.company.com/ --queue=General --action=comment” for file /tmp/q5Lo1TFSZS.mime : 19200 at /usr/local/share/perl/5.30.0/App/wsgetmail/MDA.pm line 204.
output :
error:HTTP request failed: 503 Service Unavailable. Your webserver logs may have more information or there may be a network problem.
Apache2/error.log says:
[Tue Nov 15 21:56:11.793095 2022] [proxy_fcgi:error] [pid 1014:tid 140243902658304] [client 172.22.129.32:40678] AH01067: Failed to read FastCGI header
[Tue Nov 15 21:56:11.793125 2022] [proxy_fcgi:error] [pid 1014:tid 140243902658304] (70014)End of file found: [client 172.22.129.32:40678] AH01075: Error dispatching request to :
Apache2/access.log says:
“POST //REST/1.0/NoAuth/mail-gateway HTTP/1.1” 503 7408 “-” “rt-mailgate/5.0.3 libwww-perl/6.67”
Anybody know where I’ve gone wrong?
Anything in logged in /var/log/messages? Or RT’s own logs if you have debugging logs turned on?
The only thing I can spot in those Apache logs is that there’s double slash in front of REST, but I don’t know if that’s causing you an issue.
This is the test script and it’s output:
wsgetmail --debug --dry-run --config=/usr/local/etc/wsgetmail.json
fetching mail using configuration /usr/local/etc/wsgetmail.json
making GET request to url https://graph.microsoft.com/v1.0/users/hrsupport@company.com/mailFolders at /usr/local/share/perl/5.30.0/App/wsgetmail/MS365/Client.pm line 224.
getting system access token at /usr/local/share/perl/5.30.0/App/wsgetmail/MS365/Client.pm line 290.
making GET request to url https://graph.microsoft.com/v1.0/users/hrsupport@company.com/mailFolders/AQMkADcyYTA4N2QxLTY4YzUtNDU1ADMtOWMwOC03ZTJkMmExMDABNjUALgAAA_rX4iJdqq5Lk89Ay2Cn9bQBABn0ld1zgcdJntejDgwN0YwAAAIBDAAAAA==/messages at /usr/local/share/perl/5.30.0/App/wsgetmail/MS365/Client.pm line 224.
making GET request to url https://graph.microsoft.com/v1.0/users/hrsupport@company.com/messages/AAMkADcyYTA4N2QxLTY4YzUtNDU1My05YzA4LTdlMmQyYTEwMDA2NQBGAAAAAADq1_IiXaquS5PPQMtgp-W0BwAZ9JXdc4HHSZ7Xow4MDdGMAAAAAAEMAAAZ9JXdc4HHSZ7Xow4MDdGMAAABEKuoAAA=/$value at /usr/local/share/perl/5.30.0/App/wsgetmail/MS365/Client.pm line 224.
failed to run command “/opt/rt5/bin/rt-mailgate --url=https://hrsupport.corp.company.com/ --queue=General --action=comment” for file /tmp/EjlQvPw4Gi.mime : 19200 at /usr/local/share/perl/5.30.0/App/wsgetmail/MDA.pm line 204.
output :
error:HTTP request failed: 503 Service Unavailable. Your webserver logs may have more information or there may be a network problem.
Output from /var/log/syslog (I don’t have /var/log/messages)
Nov 17 18:27:44 hrutil02 RT: [14259] rt-5.0.3-14259-1668709664-1331.23-7-0@HRSupport #23/153 - Scrip 7 On Create Autoreply To Requestors
Nov 17 18:27:44 hrutil02 postfix/postdrop[109032]: warning: unable to look up public/pickup: Permission denied
Nov 17 18:27:44 hrutil02 RT: [14259] rt-5.0.3-14259-1668709664-1331.23-7-0@HRSupport sent To: admin@company.com
Nov 17 18:28:23 hrutil02 postfix/pickup[105988]: 83C77436C: uid=995 from=
Nov 17 18:28:23 hrutil02 postfix/cleanup[109056]: 83C77436C: message-id=rt-5.0.3-14259-1668709664-1331.23-7-0@HRSupport
Nov 17 18:28:23 hrutil02 postfix/qmgr[5346]: 83C77436C: from=rt@hrsupport.corp.company.com, size=4058, nrcpt=1 (queue active)
Nov 17 18:28:27 hrutil02 postfix/smtp[109059]: 83C77436C: to=admin@company.com, relay=mxb-004dc302.gslb.pphosted.com[185.183.30.93]:25, delay=42, delays=39/0.01/2.6/1.1, dsn=2.0.0, status=sent (250 2.0.0 3kwf24n2tt-1 Message accepted for delivery)
Nov 17 18:28:27 hrutil02 postfix/qmgr[5346]: 83C77436C: removed
I changed /var/spool/postfix/public to 777 from it’s default permissions which were drwx–s—
After that tried again and the public/pickup error is gone but still getting this:
/var/log/syslog:
Nov 17 18:37:59 hrutil02 RT: [14337] rt-5.0.3-14337-1668710279-158.24-7-0@HRSupport #24/158 - Scrip 7 On Create Autoreply To Requestors
Nov 17 18:37:59 hrutil02 RT: [14337] rt-5.0.3-14337-1668710279-158.24-7-0@HRSupport sent To: admin@company.com
Nov 17 18:37:59 hrutil02 postfix/pickup[105988]: 8D71B626F: uid=995 from=
Nov 17 18:37:59 hrutil02 postfix/cleanup[109417]: 8D71B626F: message-id=rt-5.0.3-14337-1668710279-158.24-7-0@HRSupport
Nov 17 18:37:59 hrutil02 postfix/qmgr[5346]: 8D71B626F: from=rt@hrsupport.corp.company.com, size=4057, nrcpt=1 (queue active)
Nov 17 18:38:01 hrutil02 CRON[109427]: (omsagent) CMD (/opt/omi/bin/OMSConsistencyInvoker >/dev/null 2>&1)
Nov 17 18:38:02 hrutil02 postfix/smtp[109420]: 8D71B626F: to=admin@company.com, relay=mxa-004dc302.gslb.pphosted.com[185.183.30.93]:25, delay=2.7, delays=0.04/0.03/1.7/0.93, dsn=2.0.0, status=sent (250 2.0.0 3kwf24n4w4-1 Message accepted for delivery)
I’m logged into RT as root, no sign of any ticket appearing. The email I get to admin looks like a ticket notification:
[Company IT-Test Support Queue #24] AutoReply: First Email to HR Support - Test
Greetings,
This message has been automatically generated in response to the creation of a trouble ticket regarding First Email to HR Support - Test, a summary of which appears below.
There is no need to reply to this message right now. Your ticket has been assigned an ID of [Company IT-Test Support Queue #24].
Please include the string [Company IT-Test Support Queue #24] in the subject line of all future correspondence about this issue. To do so, you may reply to this message.
Thank you,
Does this work?
-Charles
Each time I test it, the number in the test email goes up by one. Now it’s #24. Next test will be #25, yet nothing shows up in the queue logged into RT. Frustrating
I really appreciate your help @GreenJimll
Where is the config for hrsupport.corp.company.com for the mailgate pipe being set? Maybe try localhost instead?
Based on the example config for wsgetmail.json this is what I put which is the same URL that has RT running on it.
{
"client_id": "S E C R E T",
"tenant_id": "S E C R E T",
"secret": "S E C R E T",
"global_access": 1,
"username": "hrsupport@company.com",
"folder": "Inbox",
"command": "/opt/rt5/bin/rt-mailgate",
"command_args": "--url=https://hrsupport.corp.company.com/ --queue=General --action=comment",
"command_timeout": 30,
"action_on_fetched": "mark_as_read"
}
I’ve tried a number of other options there http://system name, http and https://localhost, http and https://127.0.0.1 I’m missing something basic here - Something that should be running that is not I’m guessing. All versions give the 503 error, except https://127.0.0.1 gives a 500 (hostname verification failed) and http://127.0.0.1 gives a 404 error
This is my /etc/apache2/sites-available/default-ssl.conf
I currently don’t have any other sites available file on the assumption that I don’t need anything running non SSL on port 80 or anywhere else:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/cnxwildc.crt
SSLCertificateKeyFile /etc/ssl/private/cnxwildc.key
SSLCertificateChainFile /etc/ssl/certs/gd_bundle-g2-g1.crt
ServerName hrsupport.corp.company.com
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
# SCRIPT_NAME should match RT's WebPath, without a trailing slash.
# This means when WebPath is /, it's the empty string "".
ProxyFCGISetEnvIf true SCRIPT_NAME ""
# The location path in the first argument should match the WebPath in your
# RT site configuration. The network location after fcgi:// should match
# the ListenStream in rt-server.socket.
ProxyPass / fcgi://[::1]:5000/
</VirtualHost>
</IfModule>
That does look like an outgoing email from RT, but you’ve not got a ticket 24 at all in your system? Even if you explicitly go to https://hrsupport.corp.company.com/Ticket/Display.html?id=24 in case some scrip has marked it as resolved/rejected so it isn’t showing up as an active ticket?
No, nothing appears anywhere that I can find it. Here’s a screenshot of what I get - “Could not load ticket 24”. Same for previous numbers.
As an update, I pointed the WSGetMail script at my running v4 RT system and it worked.
Something is misconfigured with either my RT or my Apache but I have not been able to figure out what. The site is working and can be logged into, but the rt-mailgate command can’t connect - Just gets a 503 Service unavailable error
Apache2 error log says:
[proxy_fcgi:error] [pid 675013:tid 140625709373184] [client 172.22.129.32:58216] AH01067: Failed to read FastCGI header
[proxy_fcgi:error] [pid 675013:tid 140625709373184] (70014)End of file found: [client 172.22.129.32:58216] AH01075: Error dispatching request to :
Short of blowing the whole thing away and starting over, I’ve been over the configs and tried many changes to no avail. Appreciate any help you can give
Finally have been able to get this working, using the debug dry run command, I was able to pin point the problem which was the name of the queue in the fetchmail file.
same issue “Can’t find config file wsgetmail at /usr/local/bin/wsgetmail line 72"
can you help me
