Hi, folks.

I need some help with that: There is a Postfix MTA running in the same
server of RT.

I configured procmail to deliver the messages to rt-mailgate, but after
some tests I still can’t create a ticket through e-mail messages.

This is my rt.log:

403 Forbidden
This is /usr/bin/rt-mailgate exiting because of an undefined server
error at /usr/bin/rt-mailgate line 150, <> line 1.
procmail: [8934] Mon Feb 8 11:09:13 2010
procmail: Program failure (75) of “rt-mailgate”
procmail: Rescue of unfiltered data succeeded
procmail: [8934] Mon Feb 8 11:09:13 2010
procmail: Match on !
“^From:.@(cais.rnp.br|pop-ba.rnp.br|outrocliente.dominio)"
procmail: Match on ! "(^(Mailing-List:|Precedence:.(junk|bulk|list)|To:
Multiple recipients of
|(((Resent-)?(From|Sender)|X-Envelope-From):|>?From
)([^>][^(.%@a-z0-9])?(Post(ma?(st(e?r)?|n)|office)|(send)?Mail(er)?|daemon|m(mdf|ajordomo)|n?uucp|LIST(SERV|proc)|NETSERV|o(wner|ps)|r(e(quest|sponse)|oot)|b(ounce|bs.smtp)|echo|mirror|s(erv(ices?|er)|mtp(error)?|ystem)|A(dmin(istrator)?|MMGR|utoanswer))(([^).!:a-z0-9][-_a-z0-9])?[%@>
][^<)]((.).*)?)?$([^>]|$)))”
procmail: Executing " (formail -r -I “Precedence: junk”
-A"X-Loop: root@pop-sp.rnp.br" ;
cat $DIR/resp) | $SENDMAIL -t -F “PoP-SP/RNP” -f postmaster@pop-sp.rnp.br "
procmail: Assigning “LASTFOLDER= (formail -r -I “Precedence: junk”
-A"X-Loop: root@pop-sp.rnp.br” ;
cat $DIR/resp) | $SENDMAIL -t -F “PoP-SP/RNP” -f postmaster@pop-sp.rnp.br "
procmail: Assigning “PATH=/nonexistent/bin:/usr/local/bin:/usr/bin:/bin”
cat: /home/rt/resp: No such file or directory
procmail: Assigning
“LASTFOLDER=/home/rt/default/new/1265634553.8934_0.rtracker.rt”
procmail: Notified comsat:
“nobody@0:/home/rt/default/new/1265634553.8934_0.rtracker.rt”
From wpereira@pop-sp.rnp.br Mon Feb 8 11:09:12 2010
Folder:
/home/rt/default/new/1265634553.8934_0.rtracker.rt 869

Ans this is my procmailrc file:

Configuracao do Procmailrc

DIR=/home/rt
MAILDIR=$DIR/default
#DEFAULT=$DIR/default
DEFAULT=$MAILDIR/
LOGFILE=$DIR/rt.log
SHELL=/bin/bash
DEBUG=yes
VERBOSE=yes

FILA=“$1”
OPC=“$2”

Caso 1 - clientes autorizados

:0fw

• ^From:.*@(pop-sp.rnp.br|rtracker.rt.pop-sp.rnp.br|usp.br)
  | rt-mailgate --debug --queue ${FILA} --action ${OPC} --url
  https://rtracker.rt.pop-sp.rnp.br/rt

Caso 2 - cliente nao autorizado

:0 h c

• !^From:.*@(cais.rnp.br|pop-ba.rnp.br|outrocliente.dominio)
• !^FROM_DAEMON
  | (formail -r -I “Precedence: junk”
  -A"X-Loop: root@pop-sp.rnp.br" ;
  cat $DIR/resp) | $SENDMAIL -t -F “PoP-SP/RNP” -f postmaster@pop-sp.rnp.br

Thank you all a lot.

Wagner Pereira

PoP-SP/RNP - Ponto de Presen�a da RNP em S�o Paulo
CCE/USP - Centro de Computa��o Eletr�nica da Universidade de S�o Paulo
http://www.pop-sp.rnp.br
Tel. (11) 3091-8901

Hi, folks.

I need some help with that: There is a Postfix MTA running in the same
server of RT.

I configured procmail to deliver the messages to rt-mailgate, but after
some tests I still can’t create a ticket through e-mail messages.

This is my rt.log:

===========================
403 Forbidden

your webserver refuse access to RT to rt-mailgate, rt-mailgate use a
subpart of RT to POST the mail and it seems that you configured your
apache server in a way that this subpart require authentication.

are you using HTTP authentication?

if so, either allow localhost to connect without a password or create an
account and set credentials in your rt-mailgate call.

Hi, Emmanuel. Thanks for answered me.

My authentication is HTTPS: https://rtracker.rt.pop-sp.rnp.br/rt/

“if so, either allow localhost to connect without a password or create
an account and set credentials in your rt-mailgate call.”

How can I implement that?

P.S.: I observed a thing: every time I make a test, sending an e-mail
message to rt@pop-sp.rnp.br, one file is generated in
/home/rt/default/new, as follows:

rtracker:/home/rt/default# ls -la new
total 16
drwx------ 2 nobody mail 4096 Fev 8 11:09 .
drwxrwxrwx 5 root root 4096 Jan 29 09:10 …
-rw------- 1 nobody mail 869 Jan 29 09:10 1264763438.10146_0.rtracker.rt
-rw------- 1 nobody mail 869 Fev 8 11:09 1265634553.8934_0.rtracker.rt

Wagner Pereira

PoP-SP/RNP - Ponto de Presen�a da RNP em S�o Paulo
CCE/USP - Centro de Computa��o Eletr�nica da Universidade de S�o Paulo

Tel. (11) 3091-8901

Emmanuel Lacour escreveu:> On Mon, Feb 08, 2010 at 12:21:47PM -0200, Wagner Pereira wrote:

Hi, folks.

I need some help with that: There is a Postfix MTA running in the same
server of RT.

I configured procmail to deliver the messages to rt-mailgate, but after
some tests I still can’t create a ticket through e-mail messages.

This is my rt.log:

===========================
403 Forbidden

your webserver refuse access to RT to rt-mailgate, rt-mailgate use a
subpart of RT to POST the mail and it seems that you configured your
apache server in a way that this subpart require authentication.

are you using HTTP authentication?

if so, either allow localhost to connect without a password or create an
account and set credentials in your rt-mailgate call.

---

The rt-users Archives

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

2010 RT Training Sessions!
San Francisco, CA, USA - Feb 22 & 23
Dublin, Ireland - Mar 15 & 16
Boston, MA, USA - April 5 & 6
Washington DC, USA - Oct 25 & 26

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

My authentication is HTTPS: https://rtracker.rt.pop-sp.rnp.br/rt/

That’s the way you access your RT server, not the way you authenticate
to it. Can you give us your VirtualHost configuration?

P.S.: I observed a thing: every time I make a test, sending an e-mail
message to rt@pop-sp.rnp.br, one file is generated in
/home/rt/default/new, as follows:

rtracker:/home/rt/default# ls -la new
total 16
drwx------ 2 nobody mail 4096 Fev 8 11:09 .
drwxrwxrwx 5 root root 4096 Jan 29 09:10 …
-rw------- 1 nobody mail 869 Jan 29 09:10 1264763438.10146_0.rtracker.rt
-rw------- 1 nobody mail 869 Fev 8 11:09 1265634553.8934_0.rtracker.rt

I’m not a procmail master, so either :0fw keeps a copy in the user
maildir or it deliver to the maildir if the pipe to command fails??

AW, you can use those files to test your rt-mailgate command, just doing
“cat FILE | rt-mailgate …”.

Emmanuel,

That’s my VirtualHost file:

<VirtualHost *:443>
ServerName rtracker.rt.pop-sp.rnp.br
RedirectMatch ^/$ https://rtracker.rt.pop-sp.rnp.br/rt/
DocumentRoot /var/www
CustomLog /var/log/apache2/rt.log combined
ServerSignature Off
LogLevel warn

And according to man procmailrc:

:0fw A line starting with ‘:’ marks the beginning of a recipe.
f Consider the pipe as a filter.
w Wait for the filter or program to finish and check its exitcode (normally ignored); if the filter is unsuccessful, then the text will not have been filtered.

Ok, that’s what I did, following your suggestion:

cat test.txt | /usr/local/bin/rt-mailgate-3.6 --queue general --action
correspond --url https://rtracker.rt.pop-sp.rnp.br/rt/ --debug

And here is the debug output:

Connecting to
https://rtracker.rt.pop-sp.rnp.br/rt//REST/1.0/NoAuth/mail-gateway at
/usr/local/bin/rt-mailgate-3.6 line 102, <> line 1.
An Error Occurred

403 Forbidden
This is /usr/local/bin/rt-mailgate-3.6 exiting because of an undefined
server error at /usr/local/bin/rt-mailgate-3.6 line 150, <> line 1.

Wagner Pereira

PoP-SP/RNP - Ponto de Presen�a da RNP em S�o Paulo
CCE/USP - Centro de Computa��o Eletr�nica da Universidade de S�o Paulo

Tel. (11) 3091-8901

Emmanuel Lacour escreveu:> On Mon, Feb 08, 2010 at 12:40:00PM -0200, Wagner Pereira wrote:

My authentication is HTTPS: https://rtracker.rt.pop-sp.rnp.br/rt/

That’s the way you access your RT server, not the way you authenticate
to it. Can you give us your VirtualHost configuration?

P.S.: I observed a thing: every time I make a test, sending an e-mail
message to rt@pop-sp.rnp.br, one file is generated in
/home/rt/default/new, as follows:

rtracker:/home/rt/default# ls -la new
total 16
drwx------ 2 nobody mail 4096 Fev 8 11:09 .
drwxrwxrwx 5 root root 4096 Jan 29 09:10 …
-rw------- 1 nobody mail 869 Jan 29 09:10 1264763438.10146_0.rtracker.rt
-rw------- 1 nobody mail 869 Fev 8 11:09 1265634553.8934_0.rtracker.rt

I’m not a procmail master, so either :0fw keeps a copy in the user
maildir or it deliver to the maildir if the pipe to command fails??

AW, you can use those files to test your rt-mailgate command, just doing
“cat FILE | rt-mailgate …”.

Emmanuel,

That’s my VirtualHost file:

===========================
<VirtualHost *:443>
ServerName rtracker.rt.pop-sp.rnp.br
RedirectMatch ^/$ https://rtracker.rt.pop-sp.rnp.br/rt/
DocumentRoot /var/www
CustomLog /var/log/apache2/rt.log combined
ServerSignature Off
LogLevel warn

And according to man procmailrc:

:0fw A line starting with ‘:’ marks the beginning of a recipe.
f Consider the pipe as a filter.
w Wait for the filter or program to finish and check its exitcode (normally ignored); if the filter is unsuccessful, then the text will not have been filtered.

===========================

Ok, that’s what I did, following your suggestion:

cat test.txt | /usr/local/bin/rt-mailgate-3.6 --queue general --action
correspond --url https://rtracker.rt.pop-sp.rnp.br/rt/ --debug

And here is the debug output:

===========================

Connecting to
https://rtracker.rt.pop-sp.rnp.br/rt//REST/1.0/NoAuth/mail-gateway at
/usr/local/bin/rt-mailgate-3.6 line 102, <> line 1.
An Error Occurred

403 Forbidden
This is /usr/local/bin/rt-mailgate-3.6 exiting because of an undefined
server error at /usr/local/bin/rt-mailgate-3.6 line 150, <> line 1.

And what do your apache logs say

-kevin

Emmanuel,

That’s my VirtualHost file:

===========================
<VirtualHost *:443>
ServerName rtracker.rt.pop-sp.rnp.br
RedirectMatch ^/$ https://rtracker.rt.pop-sp.rnp.br/rt/
DocumentRoot /var/www
CustomLog /var/log/apache2/rt.log combined
ServerSignature Off
LogLevel warn

So you have somewhere else something that define that /rt runs RT, yes?

cat test.txt | /usr/local/bin/rt-mailgate-3.6 --queue general --action
correspond --url https://rtracker.rt.pop-sp.rnp.br/rt/ --debug

And here is the debug output:

===========================

Connecting to
https://rtracker.rt.pop-sp.rnp.br/rt//REST/1.0/NoAuth/mail-gateway at
/usr/local/bin/rt-mailgate-3.6 line 102, <> line 1.
An Error Occurred

403 Forbidden

That’s what I said, your webserver configuration seems broken in a way
it disallow access to /rt//REST/1.0/NoAuth/mail-gateway. Explanation
should be in your apache logs…

Kevin and Emmanuel,

Q: So you have somewhere else something that define that /rt runs RT, yes?

A: I’m affraid don’t understand that question.

The following is my /var/log/apache2/error.log

[Sun Feb 07 06:25:02 2010] [warn] RSA server certificate CommonName (CN)
`rtracker.pop-sp.rnp.br’ does NOT match server name!?
[Sun Feb 07 06:25:02 2010] [notice] Apache/2.2.9 (Debian) mod_ssl/2.2.9
OpenSSL/0.9.8g mod_perl/2.0.4 Perl/v5.10.0 configured – resuming normal
operations
[Sun Feb 07 11:11:17 2010] [error] [client 89.108.89.54] File does not
exist: /htdocs
[Mon Feb 08 10:16:48 2010] [error] [client 200.133.192.22] Log file
/var/log/apache2//rt.log couldn’t be written or created.
[Mon Feb 08 10:16:48 2010] [error] [client 200.133.192.22] RT can’t
run. at /usr/share/request-tracker3.6/lib/RT.pm line 300.
[Mon Feb 08 10:16:48 2010] [error] [client 200.133.192.22] Premature end
of script headers: mason_handler.scgi
[Mon Feb 08 10:16:49 2010] [error] [client 200.133.192.22] File does not
exist: /var/www/favicon.ico
[Mon Feb 08 10:16:52 2010] [error] [client 200.133.192.22] File does not
exist: /var/www/favicon.ico
[Mon Feb 08 10:16:53 2010] [error] [client 200.133.192.22] Log file
/var/log/apache2//rt.log couldn’t be written or created., referer:
https://200.133.192.79/rt/
[Mon Feb 08 10:16:53 2010] [error] [client 200.133.192.22] RT can’t
run. at /usr/share/request-tracker3.6/lib/RT.pm line 300., referer:
https://200.133.192.79/rt/
[Mon Feb 08 10:16:53 2010] [error] [client 200.133.192.22] Premature end
of script headers: mason_handler.scgi, referer: https://200.133.192.79/rt/
[Mon Feb 08 10:16:53 2010] [error] [client 200.133.192.22] Log file
/var/log/apache2//rt.log couldn’t be written or created., referer:
https://200.133.192.79/rt/
[Mon Feb 08 10:16:53 2010] [error] [client 200.133.192.22] RT can’t
run. at /usr/share/request-tracker3.6/lib/RT.pm line 300., referer:
https://200.133.192.79/rt/
[Mon Feb 08 10:16:53 2010] [error] [client 200.133.192.22] Premature end
of script headers: mason_handler.scgi, referer: https://200.133.192.79/rt/
[Mon Feb 08 11:09:13 2010] [error] [client 200.133.192.79] client denied
by server configuration:
/usr/share/request-tracker3.6/libexec/mason_handler.scgi
[Mon Feb 08 11:19:52 2010] [error] [client 200.133.192.22] File does not
exist: /var/www/favicon.ico
[Mon Feb 08 11:19:55 2010] [error] [client 200.133.192.22] File does not
exist: /var/www/favicon.ico
[Mon Feb 08 13:05:16 2010] [error] [client 200.133.192.22] Log file
/var/log/apache2//rt.log couldn’t be written or created., referer:
http://rtracker.rt.pop-sp.rnp.br/rt/
[Mon Feb 08 13:05:16 2010] [error] [client 200.133.192.22] RT can’t
run. at /usr/share/request-tracker3.6/lib/RT.pm line 300., referer:
http://rtracker.rt.pop-sp.rnp.br/rt/
[Mon Feb 08 13:05:16 2010] [error] [client 200.133.192.22] Premature end
of script headers: mason_handler.scgi, referer:
http://rtracker.rt.pop-sp.rnp.br/rt/
[Mon Feb 08 13:05:16 2010] [error] [client 200.133.192.22] Log file
/var/log/apache2//rt.log couldn’t be written or created., referer:
http://rtracker.rt.pop-sp.rnp.br/rt/
[Mon Feb 08 13:05:16 2010] [error] [client 200.133.192.22] RT can’t
run. at /usr/share/request-tracker3.6/lib/RT.pm line 300., referer:
http://rtracker.rt.pop-sp.rnp.br/rt/
[Mon Feb 08 13:05:16 2010] [error] [client 200.133.192.22] Premature end
of script headers: mason_handler.scgi, referer:
http://rtracker.rt.pop-sp.rnp.br/rt/
[Mon Feb 08 13:05:16 2010] [error] [client 200.133.192.22] Log file
/var/log/apache2//rt.log couldn’t be written or created., referer:
http://rtracker.rt.pop-sp.rnp.br/rt/
[Mon Feb 08 13:05:16 2010] [error] [client 200.133.192.22] RT can’t
run. at /usr/share/request-tracker3.6/lib/RT.pm line 300., referer:
http://rtracker.rt.pop-sp.rnp.br/rt/
[Mon Feb 08 13:05:16 2010] [error] [client 200.133.192.22] Premature end
of script headers: mason_handler.scgi, referer:
http://rtracker.rt.pop-sp.rnp.br/rt/
[Mon Feb 08 13:07:09 2010] [error] [client 200.133.192.22] File does not
exist: /htdocs
[Mon Feb 08 13:07:12 2010] [error] [client 200.133.192.22] File does not
exist: /htdocs
[Mon Feb 08 13:31:50 2010] [error] [client 200.133.192.79] client denied
by server configuration:
/usr/share/request-tracker3.6/libexec/mason_handler.scgi
[Mon Feb 08 15:01:06 2010] [error] [client 200.133.192.22] Log file
/var/log/apache2//rt.log couldn’t be written or created., referer:
https://200.133.192.79/rt/index.html
[Mon Feb 08 15:01:06 2010] [error] [client 200.133.192.22] RT can’t
run. at /usr/share/request-tracker3.6/lib/RT.pm line 300., referer:
https://200.133.192.79/rt/index.html
[Mon Feb 08 15:01:06 2010] [error] [client 200.133.192.22] Premature end
of script headers: mason_handler.scgi, referer:
https://200.133.192.79/rt/index.html
[Mon Feb 08 18:39:29 2010] [error] [client 200.133.192.22] Log file
/var/log/apache2//rt.log couldn’t be written or created., referer:
https://200.133.192.79/rt/
[Mon Feb 08 18:39:29 2010] [error] [client 200.133.192.22] RT can’t
run. at /usr/share/request-tracker3.6/lib/RT.pm line 300., referer:
https://200.133.192.79/rt/
[Mon Feb 08 18:39:29 2010] [error] [client 200.133.192.22] Premature end
of script headers: mason_handler.scgi, referer: https://200.133.192.79/rt/

Wagner Pereira

PoP-SP/RNP - Ponto de Presen�a da RNP em S�o Paulo
CCE/USP - Centro de Computa��o Eletr�nica da Universidade de S�o Paulo

Tel. (11) 3091-8901

Emmanuel Lacour escreveu:> On Mon, Feb 08, 2010 at 01:34:51PM -0200, Wagner Pereira wrote:

Emmanuel,

That’s my VirtualHost file:

===========================
<VirtualHost *:443>
ServerName rtracker.rt.pop-sp.rnp.br
RedirectMatch ^/$ https://rtracker.rt.pop-sp.rnp.br/rt/
DocumentRoot /var/www
CustomLog /var/log/apache2/rt.log combined
ServerSignature Off
LogLevel warn

So you have somewhere else something that define that /rt runs RT, yes?

cat test.txt | /usr/local/bin/rt-mailgate-3.6 --queue general --action
correspond --url https://rtracker.rt.pop-sp.rnp.br/rt/ --debug

And here is the debug output:

===========================

Connecting to
https://rtracker.rt.pop-sp.rnp.br/rt//REST/1.0/NoAuth/mail-gateway at
/usr/local/bin/rt-mailgate-3.6 line 102, <> line 1.
An Error Occurred

403 Forbidden

That’s what I said, your webserver configuration seems broken in a way
it disallow access to /rt//REST/1.0/NoAuth/mail-gateway. Explanation
should be in your apache logs…

Kevin and Emmanuel,

Q: So you have somewhere else something that define that /rt runs RT, yes?

A: I’m affraid don’t understand that question.

There must be more Apache conf, because the part you sent was not
actually serving /rt

The following is my /var/log/apache2/error.log

[Mon Feb 08 10:16:48 2010] [error] [client 200.133.192.22] Log file
/var/log/apache2//rt.log couldn’t be written or created.
[Mon Feb 08 10:16:48 2010] [error] [client 200.133.192.22] RT can’t
run. at /usr/share/request-tracker3.6/lib/RT.pm line 300.
[Mon Feb 08 10:16:48 2010] [error] [client 200.133.192.22] Premature end
of script headers: mason_handler.scgi
[Mon Feb 08 10:16:49 2010] [error] [client 200.133.192.22] File does not
exist: /var/www/favicon.ico
[Mon Feb 08 10:16:52 2010] [error] [client 200.133.192.22] File does not
exist: /var/www/favicon.ico

This reads like RT isn’t even running, at all. Let alone for your
mailgate.

I suggest either making /var/log/apache2/rt.log exist and be writable
by apache, or changing your RT_SiteConfig.pm so that it doesn’t write
to rt.log

-kevin