NTLM and fetchmail

Raphael_MOUNEYRES · May 24, 2011, 9:31am

hi,

on a RT3.8.8 i’ve successfully configured NTLM authentification, but now i
have a problem with fetchmail wich takes the emails from an imap server.
Fetchmail is able to grab the messages, but when forwarding to
/opt/rt3/sbin/rt-mailgate, apache is answering an “401 Authorization
required” so emails are not passed to RT (nor deleted from the server)

I beleive i have a misconfiguration either in apache or fetchmail rc file,
but can’t get it to work correctly, may someone have a look ?

/etc/crontab
*/1 * * * 1-5 root fetchmail -f /root/.fetchmailrc -v

.fetchmailrc (placed in /root/)
poll imapserver proto imap
user user@yy.com
pass xxxxx
mda “perl /opt/rt3/bin/rt-mailgate --url http://myserver --queue General
–action correspond”

rt3.conf

ServerName myserver
ServerAdmin xx@yy.com

DocumentRoot /opt/rt3/share/html
AddDefaultCharset UTF-8

<Directory /opt/rt3/share/html/>
Order allow,deny
Allow from all
AuthName “Request Tracker”
AuthType NTLM
NTLMAuth on
NTLMAuthoritative on
NTLMDomain mydomain
NTLMServer machine.mydomain
require valid-user

PerlModule Apache2::compat
PerlModule Apache::DBI
PerlRequire /opt/rt3/bin/webmux.pl

SetHandler perl-script PerlHandler RT::Mason Satisfy any Allow from all

Raphaï¿½l
" Ce courriel et les documents qui lui sont joints peuvent contenir des
informations confidentielles ou ayant un caractï¿½re privï¿½. S’ils ne vous sont
pas destinï¿½s, nous vous signalons qu’il est strictement interdit de les
divulguer, de les reproduire ou d’en utiliser de quelque maniï¿½re que ce
soit le contenu. Si ce message vous a ï¿½tï¿½ transmis par erreur, merci d’en
informer l’expï¿½diteur et de supprimer immï¿½diatement de votre systï¿½me
informatique ce courriel ainsi que tous les documents qui y sont attachï¿½s."

" This e-mail and any attached documents may contain confidential or
proprietary information. If you are not the intended recipient, you are
notified that any dissemination, copying of this e-mail and any attachments
thereto or use of their contents by any means whatsoever is strictly
prohibited. If you have received this e-mail in error, please advise the
sender immediately and delete this e-mail and all attached documents
from your computer system."

Ruslan_Zakirov1 · May 24, 2011, 9:46am

Hi,

/REST/1.0/NoAuth/mail-gateway location should be excluded from
authentication. However, it’s better to limit hosts that can access by
IP.2011/5/24 Raphaël MOUNEYRES raphael.mouneyres@sagemcom.com:

hi,

on a RT3.8.8 i’ve successfully configured NTLM authentification, but now i
have a problem with fetchmail wich takes the emails from an imap server.
Fetchmail is able to grab the messages, but when forwarding to
/opt/rt3/sbin/rt-mailgate, apache is answering an “401 Authorization
required” so emails are not passed to RT (nor deleted from the server)

I beleive i have a misconfiguration either in apache or fetchmail rc file,
but can’t get it to work correctly, may someone have a look ?

/etc/crontab
*/1 * * * 1-5 root fetchmail -f /root/.fetchmailrc -v

.fetchmailrc (placed in /root/)
poll imapserver proto imap
user user@yy.com
pass xxxxx
mda “perl /opt/rt3/bin/rt-mailgate --url http://myserver --queue General
–action correspond”

rt3.conf

ServerName myserver
ServerAdmin xx@yy.com

DocumentRoot /opt/rt3/share/html
AddDefaultCharset UTF-8

<Directory /opt/rt3/share/html/>
Order allow,deny
Allow from all
AuthName “Request Tracker”
AuthType NTLM
NTLMAuth on
NTLMAuthoritative on
NTLMDomain mydomain
NTLMServer machine.mydomain
require valid-user

PerlModule Apache2::compat
PerlModule Apache::DBI
PerlRequire /opt/rt3/bin/webmux.pl
SetHandler perl-script PerlHandler RT::Mason Satisfy any Allow from all
Raphaël

" Ce courriel et les documents qui lui sont joints peuvent contenir des
informations confidentielles ou ayant un caractère privé. S’ils ne vous sont
pas destinés, nous vous signalons qu’il est strictement interdit de les
divulguer, de les reproduire ou d’en utiliser de quelque manière que ce
soit le contenu. Si ce message vous a été transmis par erreur, merci d’en
informer l’expéditeur et de supprimer immédiatement de votre système
informatique ce courriel ainsi que tous les documents qui y sont attachés."
                           ******
" This e-mail and any attached documents may contain confidential or
proprietary information. If you are not the intended recipient, you are
notified that any dissemination, copying of this e-mail and any attachments
thereto or use of their contents by any means whatsoever is strictly
prohibited. If you have received this e-mail in error, please advise the
sender immediately and delete this e-mail and all attached documents
from your computer system."

Best regards, Ruslan.

Raphael_MOUNEYRES · May 24, 2011, 10:10am

Brilliant, works perfectly Thanks Ruz

just a comment : i’m surprised to have to exclude a REST directory that is
not used here, but i beleive it’s the RT internal logic.

May it be documented somewhere in the wiki ?

Ruslan Zakirov ruz@bestpractical.com
Envoyï¿½ par : ruslan.zakirov@gmail.com
24/05/2011 11:47

A
Raphaï¿½l MOUNEYRES raphael.mouneyres@sagemcom.com
cc
rt-users@lists.bestpractical.com
Objet
Re: [rt-users] NTLM and fetchmail

Hi,

/REST/1.0/NoAuth/mail-gateway location should be excluded from
authentication. However, it’s better to limit hosts that can access by
IP.

hi,

on a RT3.8.8 i’ve successfully configured NTLM authentification, but now
i
have a problem with fetchmail wich takes the emails from an imap server.
Fetchmail is able to grab the messages, but when forwarding to
/opt/rt3/sbin/rt-mailgate, apache is answering an “401 Authorization
required” so emails are not passed to RT (nor deleted from the server)

I beleive i have a misconfiguration either in apache or fetchmail rc
file,
but can’t get it to work correctly, may someone have a look ?

/etc/crontab
*/1 * * * 1-5 root fetchmail -f /root/.fetchmailrc -v

.fetchmailrc (placed in /root/)
poll imapserver proto imap
user user@yy.com
pass xxxxx
mda “perl /opt/rt3/bin/rt-mailgate --url http://myserver --queue General
–action correspond”

rt3.conf

ServerName myserver
ServerAdmin xx@yy.com

DocumentRoot /opt/rt3/share/html
AddDefaultCharset UTF-8

<Directory /opt/rt3/share/html/>
Order allow,deny
Allow from all
AuthName “Request Tracker”
AuthType NTLM
NTLMAuth on
NTLMAuthoritative on
NTLMDomain mydomain
NTLMServer machine.mydomain
require valid-user

PerlModule Apache2::compat
PerlModule Apache::DBI
PerlRequire /opt/rt3/bin/webmux.pl
SetHandler perl-script PerlHandler RT::Mason Satisfy any Allow from all
Raphaï¿½l

Best regards, Ruslan.

" Ce courriel et les documents qui lui sont joints peuvent contenir des
informations confidentielles ou ayant un caractï¿½re privï¿½. S’ils ne vous sont
pas destinï¿½s, nous vous signalons qu’il est strictement interdit de les
divulguer, de les reproduire ou d’en utiliser de quelque maniï¿½re que ce
soit le contenu. Si ce message vous a ï¿½tï¿½ transmis par erreur, merci d’en
informer l’expï¿½diteur et de supprimer immï¿½diatement de votre systï¿½me
informatique ce courriel ainsi que tous les documents qui y sont attachï¿½s."

" This e-mail and any attached documents may contain confidential or
proprietary information. If you are not the intended recipient, you are
notified that any dissemination, copying of this e-mail and any attachments
thereto or use of their contents by any means whatsoever is strictly
prohibited. If you have received this e-mail in error, please advise the
sender immediately and delete this e-mail and all attached documents
from your computer system."