Mailgate and EX_TEMPFAIL

I’ve trolled through the last two months of the mailing lists and found
plenty on this topic but none that alleviated my problem. All mail to RT
via e-mail is failing with this condition. Installed software:

rt-3.0.2pre4
ESMTP Sendmail 8.11.6/8.11.6
mysql Ver 12.18 Distrib 4.0.12, for pc-linux (i686)
apache-1.3.26
mod_perl-1.27
linux-2.2.22-7.0.3smp

Here are the mail-related configuration directives from RT_SiteConfig.pm:

Set($MailCommand , ‘sendmail’);
Set($SendmailArguments,"-oi -t -ODeliveryMode=b -OErrorMode=m");
Set($SendmailPath , “/usr/sbin/sendmail”);
Set($UseFriendlyToLine , 0);
Set($SenderMustExistInExternalDatabase , 1);

I have altered /opt/rt3/lib/RT/EmailParser.pm by inserting the same code
from RT2 (modulo the altered input argument object) for the
LookupExternalUserInfo method (which is what is found from me in the rt2
contrib tree). Otherwise, I have made no modifications to RT. The
following two files were resting in /var/spool/mqueue after the failed
transaction.

This is a multipart message in MIME format.
–=alternative 00606D7286256D1E=
Content-Type: text/plain; charset=“us-ascii”

testing

Thanks,
Christian

Christian Gilmore
Technology Leader
GeT Support Application Development
IBM Software Group

–=alternative 00606D7286256D1E=
Content-Type: text/html; charset=“us-ascii”


testing



Thanks,

Christian



----------------------

Christian Gilmore

Technology Leader

GeT Support Application Development

IBM Software Group


–=alternative 00606D7286256D1E=–

V4
T1052242533
K1052242533
N1
P30624
I8/7/226486
MDeferred: prog mailer (/usr/sbin/smrsh) exited with EX_TEMPFAIL
Fb
$_westrelay02.boulder.ibm.com [9.17.195.11]
$rESMTP
$swestrelay02.boulder.ibm.com
${daemon_flags}
${if_addr}146.84.104.70
Scag@us.ibm.com
Cwebreq:8:0:webreq@norad1.tivoli.com
RPFDA:"|/opt/rt3/bin/rt-mailgate --debug --queue webreq --action
correspond --url http://norad1.tivoli.com/rt"
H?P?Return-Path: <?g>
H??Received: from westrelay02.boulder.ibm.com (westrelay02.boulder.ibm.com
[9.17.195.11])
by norad1.tivoli.com (8.11.6/8.11.6) with ESMTP id h46HZWr28476
for webreq@norad1.tivoli.com; Tue, 6 May 2003 12:35:33 -0500
H??Received: from d03nm119.boulder.ibm.com (d03av02.boulder.ibm.com
[9.17.193.82])
by westrelay02.boulder.ibm.com (8.12.9/NCO/VER6.5) with ESMTP id
h46HZWfP047472
for webreq@norad1.tivoli.com; Tue, 6 May 2003 11:35:32 -0600
H??To: webreq@norad1.tivoli.com
H??MIME-Version: 1.0
H??Subject: Test
H??X-Mailer: Lotus Notes Release 5.0.11 July 24, 2002
H??From: Christian Gilmore cag@us.ibm.com
H??Message-ID:
OF12782C46.40491FF8-ON86256D1E.00606792-86256D1E.00606DEB@us.ibm.com
H??Date: Tue, 6 May 2003 12:35:31 -0500
H??X-MIMETrack: Serialize by Router on D03NM119/03/M/IBM(Release 6.0.1
[IBM]|April 17, 2003) at
05/06/2003 11:35:32,
Serialize complete at 05/06/2003 11:35:32
H??Content-Type: multipart/alternative; boundary="=alternative
00606D7286256D1E
="
.

Also, the /var/log/maillog shows the following two lines:

May 6 12:35:33 norad1 sendmail[28476]: h46HZWr28476:
from=cag@us.ibm.com, size=1351, class=0, nrcpts=1,
msgid=OF12782C46.40491FF8-ON86256D1E.00606792-86256D1E.00606DEB@us.ibm.com,
proto=ESMTP, daemon=MTA, relay=westrelay02.boulder.ibm.com [9.17.195.11]
May 6 12:35:33 norad1 sendmail[28477]: h46HZWr28476:
to="|/opt/rt3/bin/rt-mailgate --debug --queue webreq --action correspond
–url http://norad1.tivoli.com/rt", ctladdr=webreq@norad1.tivoli.com
(8/0), delay=00:00:00, xdelay=00:00:00, mailer=prog, pri=30624, dsn=4.0.0,
stat=Deferred: prog mailer (/usr/sbin/smrsh) exited with EX_TEMPFAIL

No mail ever gets returned to the user. Transactions via the web interface
are successful and generate appropriate outbound e-mail messages.

Thanks,
Christian

Christian Gilmore
Technology Leader
GeT Support Application Development
IBM Software Group

I really need some help with this problem I posted yesterday. I have only
a few more days to get my RT3 upgrade to work before I’ll have to pull the
plug and continue to use RT2 for a long while. I have the log levels set
to debug, but no useful output comes out. I’m stuck, pending digging into
the source code which I don’t have enough time to do at the moment. Any
help would be greatly appreciated.

Thanks,
Christian

Christian Gilmore
Technology Leader
GeT Support Application Development
IBM Software Group

Christian Gilmore/Austin/IBM@IBMUS
Sent by: rt-users-admin@lists.fsck.com
05/06/03 12:53 PMTo: rt-users@lists.fsck.com
cc:
Subject: [rt-users] mailgate and EX_TEMPFAIL

I’ve trolled through the last two months of the mailing lists and found
plenty on this topic but none that alleviated my problem. All mail to RT
via e-mail is failing with this EX_TEMPFAIL condition. Installed software:

rt-3.0.2pre4
ESMTP Sendmail 8.11.6/8.11.6
mysql Ver 12.18 Distrib 4.0.12, for pc-linux (i686)
apache-1.3.26
mod_perl-1.27
linux-2.2.22-7.0.3smp

Here are the mail-related configuration directives from RT_SiteConfig.pm:

Set($MailCommand , ‘sendmail’);
Set($SendmailArguments,"-oi -t -ODeliveryMode=b -OErrorMode=m");
Set($SendmailPath , “/usr/sbin/sendmail”);
Set($UseFriendlyToLine , 0);
Set($SenderMustExistInExternalDatabase , 1);

I have altered /opt/rt3/lib/RT/EmailParser.pm by inserting the same code
from RT2 (modulo the altered input argument object) for the
LookupExternalUserInfo method (which is what is found from me in the rt2
contrib tree). Otherwise, I have made no modifications to RT. The
following two files were resting in /var/spool/mqueue after the failed
transaction.

This is a multipart message in MIME format.
–=alternative 00606D7286256D1E=
Content-Type: text/plain; charset=“us-ascii”

testing

Thanks,
Christian

Christian Gilmore
Technology Leader
GeT Support Application Development
IBM Software Group

–=alternative 00606D7286256D1E=
Content-Type: text/html; charset=“us-ascii”


testing



Thanks,

Christian



----------------------

Christian Gilmore

Technology Leader

GeT Support Application Development

IBM Software Group


–=alternative 00606D7286256D1E=–

V4
T1052242533
K1052242533
N1
P30624
I8/7/226486
MDeferred: prog mailer (/usr/sbin/smrsh) exited with EX_TEMPFAIL
Fb
$_westrelay02.boulder.ibm.com [9.17.195.11]
$rESMTP
$swestrelay02.boulder.ibm.com
${daemon_flags}
${if_addr}146.84.104.70
Scag@us.ibm.com
Cwebreq:8:0:webreq@norad1.tivoli.com
RPFDA:"|/opt/rt3/bin/rt-mailgate --debug --queue webreq --action
correspond --url http://norad1.tivoli.com/rt"
H?P?Return-Path: <?g>
H??Received: from westrelay02.boulder.ibm.com (westrelay02.boulder.ibm.com
[9.17.195.11])
by norad1.tivoli.com (8.11.6/8.11.6) with ESMTP id h46HZWr28476
for webreq@norad1.tivoli.com; Tue, 6 May 2003 12:35:33 -0500
H??Received: from d03nm119.boulder.ibm.com (d03av02.boulder.ibm.com
[9.17.193.82])
by westrelay02.boulder.ibm.com (8.12.9/NCO/VER6.5) with ESMTP id
h46HZWfP047472
for webreq@norad1.tivoli.com; Tue, 6 May 2003 11:35:32 -0600
H??To: webreq@norad1.tivoli.com
H??MIME-Version: 1.0
H??Subject: Test
H??X-Mailer: Lotus Notes Release 5.0.11 July 24, 2002
H??From: Christian Gilmore cag@us.ibm.com
H??Message-ID:
OF12782C46.40491FF8-ON86256D1E.00606792-86256D1E.00606DEB@us.ibm.com
H??Date: Tue, 6 May 2003 12:35:31 -0500
H??X-MIMETrack: Serialize by Router on D03NM119/03/M/IBM(Release 6.0.1
[IBM]|April 17, 2003) at
05/06/2003 11:35:32,
Serialize complete at 05/06/2003 11:35:32
H??Content-Type: multipart/alternative; boundary="=alternative
00606D7286256D1E
="
.

Also, the /var/log/maillog shows the following two lines:

May 6 12:35:33 norad1 sendmail[28476]: h46HZWr28476:
from=cag@us.ibm.com, size=1351, class=0, nrcpts=1,
msgid=OF12782C46.40491FF8-ON86256D1E.00606792-86256D1E.00606DEB@us.ibm.com,
proto=ESMTP, daemon=MTA, relay=westrelay02.boulder.ibm.com [9.17.195.11]
May 6 12:35:33 norad1 sendmail[28477]: h46HZWr28476:
to="|/opt/rt3/bin/rt-mailgate --debug --queue webreq --action correspond
–url http://norad1.tivoli.com/rt", ctladdr=webreq@norad1.tivoli.com (8/0), delay=00:00:00,
xdelay=00:00:00, mailer=prog, pri=30624, dsn=4.0.0, stat=Deferred: prog
mailer (/usr/sbin/smrsh) exited with EX_TEMPFAIL

No mail ever gets returned to the user. Transactions via the web interface
are successful and generate appropriate outbound e-mail messages.

Thanks,
Christian

Christian Gilmore
Technology Leader
GeT Support Application Development
IBM Software Group

the mail gateway has a --debug flag. It might be helpful to hand-pipe a
message to it with that flag enabled to see what the server says…On Wed, May 07, 2003 at 02:40:04PM -0500, Christian Gilmore wrote:

I really need some help with this problem I posted yesterday. I have only
a few more days to get my RT3 upgrade to work before I’ll have to pull the
plug and continue to use RT2 for a long while. I have the log levels set
to debug, but no useful output comes out. I’m stuck, pending digging into
the source code which I don’t have enough time to do at the moment. Any
help would be greatly appreciated.

Thanks,
Christian


Christian Gilmore
Technology Leader
GeT Support Application Development
IBM Software Group

Christian Gilmore/Austin/IBM@IBMUS
Sent by: rt-users-admin@lists.fsck.com
05/06/03 12:53 PM

    To:     rt-users@lists.fsck.com
    cc: 
    Subject:        [rt-users] mailgate and EX_TEMPFAIL

I’ve trolled through the last two months of the mailing lists and found
plenty on this topic but none that alleviated my problem. All mail to RT
via e-mail is failing with this EX_TEMPFAIL condition. Installed software:

rt-3.0.2pre4
ESMTP Sendmail 8.11.6/8.11.6
mysql Ver 12.18 Distrib 4.0.12, for pc-linux (i686)
apache-1.3.26
mod_perl-1.27
linux-2.2.22-7.0.3smp

Here are the mail-related configuration directives from RT_SiteConfig.pm:

Set($MailCommand , ‘sendmail’);
Set($SendmailArguments,"-oi -t -ODeliveryMode=b -OErrorMode=m");
Set($SendmailPath , “/usr/sbin/sendmail”);
Set($UseFriendlyToLine , 0);
Set($SenderMustExistInExternalDatabase , 1);

I have altered /opt/rt3/lib/RT/EmailParser.pm by inserting the same code
from RT2 (modulo the altered input argument object) for the
LookupExternalUserInfo method (which is what is found from me in the rt2
contrib tree). Otherwise, I have made no modifications to RT. The
following two files were resting in /var/spool/mqueue after the failed
transaction.

This is a multipart message in MIME format.
–=alternative 00606D7286256D1E=
Content-Type: text/plain; charset=“us-ascii”

testing

Thanks,
Christian


Christian Gilmore
Technology Leader
GeT Support Application Development
IBM Software Group

–=alternative 00606D7286256D1E=
Content-Type: text/html; charset=“us-ascii”


testing



Thanks,

Christian



----------------------

Christian Gilmore

Technology Leader

GeT Support Application Development

IBM Software Group


–=alternative 00606D7286256D1E=–

V4
T1052242533
K1052242533
N1
P30624
I8/7/226486
MDeferred: prog mailer (/usr/sbin/smrsh) exited with EX_TEMPFAIL
Fb
$_westrelay02.boulder.ibm.com [9.17.195.11]
$rESMTP
$swestrelay02.boulder.ibm.com
${daemon_flags}
${if_addr}146.84.104.70
Scag@us.ibm.com
Cwebreq:8:0:webreq@norad1.tivoli.com
RPFDA:"|/opt/rt3/bin/rt-mailgate --debug --queue webreq --action
correspond --url http://norad1.tivoli.com/rt"
H?P?Return-Path: <?g>
H??Received: from westrelay02.boulder.ibm.com (westrelay02.boulder.ibm.com
[9.17.195.11])
by norad1.tivoli.com (8.11.6/8.11.6) with ESMTP id h46HZWr28476
for webreq@norad1.tivoli.com; Tue, 6 May 2003 12:35:33 -0500
H??Received: from d03nm119.boulder.ibm.com (d03av02.boulder.ibm.com
[9.17.193.82])
by westrelay02.boulder.ibm.com (8.12.9/NCO/VER6.5) with ESMTP id
h46HZWfP047472
for webreq@norad1.tivoli.com; Tue, 6 May 2003 11:35:32 -0600
H??To: webreq@norad1.tivoli.com
H??MIME-Version: 1.0
H??Subject: Test
H??X-Mailer: Lotus Notes Release 5.0.11 July 24, 2002
H??From: Christian Gilmore cag@us.ibm.com
H??Message-ID:
OF12782C46.40491FF8-ON86256D1E.00606792-86256D1E.00606DEB@us.ibm.com
H??Date: Tue, 6 May 2003 12:35:31 -0500
H??X-MIMETrack: Serialize by Router on D03NM119/03/M/IBM(Release 6.0.1
[IBM]|April 17, 2003) at
05/06/2003 11:35:32,
Serialize complete at 05/06/2003 11:35:32
H??Content-Type: multipart/alternative; boundary="=alternative
00606D7286256D1E
="
.

Also, the /var/log/maillog shows the following two lines:

May 6 12:35:33 norad1 sendmail[28476]: h46HZWr28476:
from=cag@us.ibm.com, size=1351, class=0, nrcpts=1,
msgid=OF12782C46.40491FF8-ON86256D1E.00606792-86256D1E.00606DEB@us.ibm.com,
proto=ESMTP, daemon=MTA, relay=westrelay02.boulder.ibm.com [9.17.195.11]
May 6 12:35:33 norad1 sendmail[28477]: h46HZWr28476:
to="|/opt/rt3/bin/rt-mailgate --debug --queue webreq --action correspond
–url http://norad1.tivoli.com/rt", ctladdr=webreq@norad1.tivoli.com (8/0), delay=00:00:00,
xdelay=00:00:00, mailer=prog, pri=30624, dsn=4.0.0, stat=Deferred: prog
mailer (/usr/sbin/smrsh) exited with EX_TEMPFAIL

No mail ever gets returned to the user. Transactions via the web interface
are successful and generate appropriate outbound e-mail messages.

Thanks,
Christian


Christian Gilmore
Technology Leader
GeT Support Application Development
IBM Software Group

http://www.bestpractical.com/rt – Trouble Ticketing. Free.

Harald Wagener wrote:

What happens if You do
’/opt/rt3/bin/rt-mailgate < bla.txt’, where bla.txt is a genuine
message ?

Here is what happened.

    norad1% /opt/rt3/bin/rt-mailgate < ~/foo 
    /opt/rt3/bin/rt-mailgate invoked improperly

    No url provided to mail gateway!


    norad1% /opt/rt3/bin/rt-mailgate --url http://norad1.tivoli.com/rt 

< ~/foo
An Error Occurred

    401 Authorization Required

Looks like this may be the problem. I read in the rt-mailgate POD about
needing an RT user for gateway, but I’ve not seen any documentation that
tells me how to tell the mailgate which user/password to use. I carefully
read the RT3 PDF sections that would pertain to mail and saw no mention of
needing this user.

Also, I see that the setgid bit is set in RT2 but not in RT3. I’m assuming
that, since it is attempting to talk to the database via the web service,
mailgate no longer needs the setgid bit.

Jesse Vincent wrote:

the mail gateway has a --debug flag. It might be helpful to hand-pipe a
message to it with that flag enabled to see what the server says…

I have that flag set. Not a bit of logging is done, though. Here’s what I
have set:

    webreq: "|/opt/rt3/bin/rt-mailgate --debug --queue webreq --action 

correspond
–url http://norad1.tivoli.com/rt"

    Set($LogToSyslog    , 'debug');
    Set($LogToScreen    , undef);
    Set($LogToFile      , 'debug');
    Set($LogToFileNamed , "$LogDir/rt.log.$$");    #log to 

rt.log..

Thank you both for responding!

Thanks,
Christian

Christian Gilmore
Technology Leader
GeT Support Application Development
IBM Software Group

So. you appear to be using some form of external authentication to force
all users to authenticate before talking to your apache. apache isn’t
letting the mail gateway talk to the web server. You can (I believe)
encode credentials in the url the mail gateway is trying to visit as
http://user:pass@host/… OR you can tell apache to let the mail
gateway through.On Thu, May 08, 2003 at 03:22:52PM -0500, Christian Gilmore wrote:

Harald Wagener wrote:

What happens if You do
’/opt/rt3/bin/rt-mailgate < bla.txt’, where bla.txt is a genuine
message ?

Here is what happened.

    norad1% /opt/rt3/bin/rt-mailgate < ~/foo 
    /opt/rt3/bin/rt-mailgate invoked improperly

    No url provided to mail gateway!


    norad1% /opt/rt3/bin/rt-mailgate --url http://norad1.tivoli.com/rt 

< ~/foo
An Error Occurred
=================

    401 Authorization Required

Looks like this may be the problem. I read in the rt-mailgate POD about
needing an RT user for gateway, but I’ve not seen any documentation that
tells me how to tell the mailgate which user/password to use. I carefully
read the RT3 PDF sections that would pertain to mail and saw no mention of
needing this user.

Also, I see that the setgid bit is set in RT2 but not in RT3. I’m assuming
that, since it is attempting to talk to the database via the web service,
mailgate no longer needs the setgid bit.

Jesse Vincent wrote:

the mail gateway has a --debug flag. It might be helpful to hand-pipe a
message to it with that flag enabled to see what the server says…

I have that flag set. Not a bit of logging is done, though. Here’s what I
have set:

    webreq: "|/opt/rt3/bin/rt-mailgate --debug --queue webreq --action 

correspond
–url http://norad1.tivoli.com/rt"

    Set($LogToSyslog    , 'debug');
    Set($LogToScreen    , undef);
    Set($LogToFile      , 'debug');
    Set($LogToFileNamed , "$LogDir/rt.log.$$");    #log to 

rt.log..

Thank you both for responding!

Thanks,
Christian


Christian Gilmore
Technology Leader
GeT Support Application Development
IBM Software Group
http://www.bestpractical.com/rt – Trouble Ticketing. Free.

On the second suggestion, allowing the gateway to pass unauthenticated,
how does that fit with the documentation in the rt-mailgate POD? I am
confused where/why/how the mailgate should authenticate to the web
interface? It is a new concept for RT3, and I’m just not quite getting it
yet.

On the first suggestion, I’m going to need to do some kind of sleight of
hand. I don’t control the external LDAP to which I authenticate RT users,
so I can’t add a system account for rt-mailgate. My current thought is
that, if I go this path, I would need to chain in an additional Auth
handler that did file-based authentication against a file that just had
the mailgate’s credentials. My concern on this course, though, is that the
aliases file is world-readable (to only the handful of people who have
login accounts on the RT host). I’m not super comfortable putting the
credentials directly into the URL within the alias entries…

Thanks again for helping me out!

Thanks,
Christian

Christian Gilmore
Technology Leader
GeT Support Application Development
IBM Software Group

Jesse Vincent jesse@bestpractical.com
Sent by: rt-users-admin@lists.fsck.com
05/09/03 05:33 AMTo: Christian Gilmore/Austin/IBM@IBMUS
cc: rt-users@lists.fsck.com, Harald Wagener hwagener@hamburg.fcb.com
Subject: Re: [rt-users] mailgate and EX_TEMPFAIL

So. you appear to be using some form of external authentication to force
all users to authenticate before talking to your apache. apache isn’t
letting the mail gateway talk to the web server. You can (I believe)
encode credentials in the url the mail gateway is trying to visit as
http://user:pass@host/… OR you can tell apache to let the mail
gateway through.

Harald Wagener wrote:

What happens if You do
’/opt/rt3/bin/rt-mailgate < bla.txt’, where bla.txt is a genuine
message ?

Here is what happened.

    norad1% /opt/rt3/bin/rt-mailgate < ~/foo 
    /opt/rt3/bin/rt-mailgate invoked improperly

    No url provided to mail gateway!


    norad1% /opt/rt3/bin/rt-mailgate --url http://norad1.tivoli.com/rt 

< ~/foo
An Error Occurred
=================

    401 Authorization Required

Looks like this may be the problem. I read in the rt-mailgate POD about
needing an RT user for gateway, but I’ve not seen any documentation that

tells me how to tell the mailgate which user/password to use. I
carefully
read the RT3 PDF sections that would pertain to mail and saw no mention
of
needing this user.

Also, I see that the setgid bit is set in RT2 but not in RT3. I’m
assuming
that, since it is attempting to talk to the database via the web
service,
mailgate no longer needs the setgid bit.

Jesse Vincent wrote:

the mail gateway has a --debug flag. It might be helpful to hand-pipe
a

message to it with that flag enabled to see what the server says…

I have that flag set. Not a bit of logging is done, though. Here’s what
I
have set:

    webreq: "|/opt/rt3/bin/rt-mailgate --debug --queue webreq 

–action

correspond
–url http://norad1.tivoli.com/rt"

    Set($LogToSyslog    , 'debug');
    Set($LogToScreen    , undef);
    Set($LogToFile      , 'debug');
    Set($LogToFileNamed , "$LogDir/rt.log.$$");    #log to 

rt.log..

Thank you both for responding!

Thanks,
Christian


Christian Gilmore
Technology Leader
GeT Support Application Development
IBM Software Group
http://www.bestpractical.com/rt – Trouble Ticketing. Free.
rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users

Have you read the FAQ? The RT FAQ Manager lives at http://fsck.com/rtfm

On the second suggestion, allowing the gateway to pass unauthenticated,
how does that fit with the documentation in the rt-mailgate POD? I am
confused where/why/how the mailgate should authenticate to the web
interface? It is a new concept for RT3, and I’m just not quite getting it
yet.

It doesn’t and shouldn’t. there’s code in the mail gateway client to
support it. but it’s not needed. What is needed is to have whatever http
auth system you use pass through requests for the NoAuth path the
mailgate client calls. Just tell apache not to require auth for that
path.

http://www.bestpractical.com/rt – Trouble Ticketing. Free.