I am new to RT. I was able to get the RT server installed, and I can get to the main page. I attempted to set up postfix, then later I realized that I would need some help pulling mail from O365, so I installed and configured wsgetmail to grab mail and send it over to rt-mailgate.
When I do a dry run wsgetmail, it appears to be successfully connecting to O365 and pulling down my test message, and placing it in tmp. But then I get the following error:
failed to run command "/opt/rt5/bin/rt-mailgate --url=https://rt.domain.com/ --queue=General --action=comment" for file /tmp/E2o_FoVtbe.mime : 19200 at /home/ubuntu/perl5/lib/perl5/App/wsgetmail/MDA.pm line 204.
output :
error:HTTP request failed: 500 Can't connect to rt.domain.com:443 (certificate verify failed). Your webserver logs may have more information or there may be a network problem.
EDIT: I sort of figured this out (and now I have a new problem). I added --no-verify-ssl to the command, just for testing. Now that cert error is gone, but it’s timing out:
IPC::Run: timeout on timer #1 at /usr/local/share/perl/5.34.0/IPC/Run.pm line 3007.
Additionally, when I look in my rt-server logs, when I try to create a ticket, I get the following error every few seconds:
Google tells me that’s a file permissions issue in the /var/spool/postfix directory, but I’ve checked the permissions and they look fine. If I run postfix check, it comes up all clear.
Once I try to submit the ticket, this error pops up endlessly and the page 503s until I restart the rt-server service.
I’m at a bit of a loss here. Any suggestions on what I can do to find a root cause?
Oh! Also, if I look in syslog, postfix is throwing a bunch of bounced emails to ubuntu@mydomain.com and I’m not sure why.
Dec 7 01:58:02 rt postfix/pickup[4167]: 010F53F1B2: uid=1000 from=<ubuntu>
Dec 7 01:58:02 rt postfix/cleanup[4473]: 010F53F1B2: message-id=<20231207015802.010F53F1B2@domain.com>
Dec 7 01:58:02 rt postfix/qmgr[4168]: 010F53F1B2: from=<ubuntu@domain.com>, size=648, nrcpt=1 (queue active)
Dec 7 01:58:02 rt postfix/error[4475]: 010F53F1B2: to=<ubuntu@domain.com>, orig_to=<ubuntu>, relay=none, delay=0.03, delays=0.02/0.01/0/0.01, dsn=5.0.0, status=bounced (domain.com)
Dec 7 01:58:02 rt postfix/cleanup[4473]: 063403F3C5: message-id=<20231207015802.063403F3C5@domain.com>
Dec 7 01:58:02 rt postfix/bounce[4476]: 010F53F1B2: sender non-delivery notification: 063403F3C5
Dec 7 01:58:02 rt postfix/qmgr[4168]: 063403F3C5: from=<>, size=2535, nrcpt=1 (queue active)
Dec 7 01:58:02 rt postfix/qmgr[4168]: 010F53F1B2: removed
Dec 7 01:58:02 rt postfix/error[4475]: 063403F3C5: to=<ubuntu@domain.com>, relay=none, delay=0.01, delays=0/0/0/0, dsn=5.0.0, status=bounced (domain.com)
Dec 7 01:58:02 rt postfix/qmgr[4168]: 063403F3C5: removed
Just for the sake of argument, I re-ran the postfix config and switched the main choice to local instead of internet for mail handling. Before that, it was throwing timeouts to O365 like it was trying to deliver those ubuntu@mydomain.com emails to my actual domain. All this is probably vaguely related, but I seem to have made a solid mess here. My boss wants this thing working ASAP, so I’m a little hard up for ideas on how to fix. Thanks in advance.
My first check in case of permission problems is to see if SELinux is turned on. If it is, try temporarily putting it into non-enforcing mode and see if your problem goes away. If it does, you’ll need to work out an SELinux policy based on the audit log to allow your system to write to the files it needs.
So, this is running on a vanilla AWS EC2 instance running Ubuntu 22.04. As far as I can tell, SELinux isn’t running. sestatus is an unknown command, but there’s a /etc/selinux/semanage.conf file that exists. …But that file appears to be effectively empty. (There’s no reference to getenforce, etc., it’s just designating how to apply a policy?). It’s… weird. I thought about SELinux as a culprit, but I don’t think it’s running. I feel like I read somewhere that it’s not included in the AWS image because AWS has external services (ACLs/NSGs) that secure it instead.
Alright. I seem to resolved the access denied errors I was getting by chmod’ing /var/spool/postfix/maildrop to 777. Despite a lack of errors/warnings when I ran postfix check, this seemed to be the culprit. Moving on.
Since this whole installation is a comedy of errors, I’m going to create a new thread to address the set of issues I have now so things are a little less spread out. Thanks for everyone that took a look in here.
EDIT Just kidding. When I reboot, it looks like that folder reverts to faulty permissions again. I break RT if I try to submit a ticket until that folder’s permissions are changed back to 777. Why?