Rt4 MailgateInstallation: Stubborn 403 Forbidden Error

RT Users
1

Hi List

I’ve installed RT4 via the Debian package management system using the
following Wikia guide:
http://requesttracker.wikia.com/wiki/PostfixConfig , and operations
via the web interface seem to be working fine. I am using
“apache2-modperl2.conf”.

However, I am having an issue trying to get MailGate to work so that I
can log tickets via email. Most notably, my attempts to log tickets
via email fail with the following errors:

From the Postfix logs:

Jan 28 15:27:22 centcomm postfix/local[5921]: A864E9AA9:
to=test@engeneon.net, relay=local, delay=8903,
delays=8903/0.06/0/0.21, dsn=4.3.0, status=deferred (temporary
failure. Command output: An Error Occurred ================= 403
Forbidden )

From the Apache logs:

[Mon Jan 28 01:47:22 2013] [error] [client xxx.yyy.zzz.www] client
denied by server configuration:
/usr/share/request-tracker4/html/REST/1.0/NoAuth/mail-gateway

I have reviewed and tested the solution on these 2 threads, without success:

  1. [rt-users] 403 returned by rt-mailgate / mail-gateway
  2. http://www.mentby.com/Group/rt-users/maillog-403-forbidden.html

Other than this I cannot find any other solutions on the internet
based on similar experiences from other users of RT4.

My questions are:

a) Is this a known issue with a known fix? If so, I’d appreciate a
pointer to it?
b) If not, is there some approach I could use to debugging this in
more detail so that I can pinpoint exactly what should be changed to
allow rt-mailgate to post messages to the REST API for Rt4 ?

Below are elements of my configuration for RT, mail and Apache:

I am using the following Apache configuration:

My /etc/aliases configuration looks like this:

test: “|/usr/bin/rt-mailgate --queue test --action correspond --url
http://centcomm.engeneon.net/rt
test-comment: "|/usr/bin/rt-mailgate --queue testt --action comment
–url http://centcomm.engeneon.net/rt

A manual test of the rt-mailgate script produces the following:

root@centcomm:~# cat testfile.txt |/usr/bin/rt-mailgate --queue
support --action correspond --url http://centcomm.engeneon.net/rt
An Error Occurred

403 Forbidden

My apache2-modperl2.conf looks like this:

PerlSetEnv RT_SITE_CONFIG /etc/request-tracker4/RT_SiteConfig.pm
Alias /rt /usr/share/request-tracker4/html
<Location /rt>
SetHandler modperl
PerlResponseHandler Plack::Handler::Apache2
PerlSetVar psgi_app /usr/share/request-tracker4/libexec/rt-server

<Location /rt/NoAuth>
Order allow,deny
Allow from all
Satisfy any

<Location /rt/REST/1.0/NoAuth>
Order Allow,Deny
Allow from all

<Directory /usr/share/request-tracker4>
Options Indexes MultiViews
AllowOverride AuthConfig
Order allow,deny
Allow from all


use Plack::Handler::Apache2;
Plack::Handler::Apache2->preload(“/usr/share/request-tracker4/libexec/rt-server”);

My 000-default apache configuration file looks like this:

<VirtualHost *:80>
ServerAdmin webmaster@localhost

    DocumentRoot /var/www
    <Directory />
            Options FollowSymLinks
            AllowOverride None
    </Directory>
    <Directory /var/www/>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride None
            Order allow,deny
            allow from all
    </Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
            AllowOverride None
            Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
            Order allow,deny
            Allow from all
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel debug

    CustomLog ${APACHE_LOG_DIR}/access.log combined

<Directory “/usr/share/request-tracker3.6/html/”>
Order allow,deny
Allow from all

Include /etc/request-tracker4/apache2-modperl2.conf
RedirectMatch ^/$ /rt

2

Hello,

I’m also running RT4 ob Debian Squueze, indeed with Exim4.
Just a few thoughts after reading your post:

1

My /etc/aliases configuration looks like this:

test: “|/usr/bin/rt-mailgate --queue test --action correspond --url
http://centcomm.engeneon.net/rt
test-comment: "|/usr/bin/rt-mailgate --queue testt --action comment
–url http://centcomm.engeneon.net/rt

There seems to be a mistake in line 3: Isn’t your queue called “test”
and not “testt”?

2

A manual test of the rt-mailgate script produces the following:

root@centcomm:~# cat testfile.txt |/usr/bin/rt-mailgate --queue
support --action correspond --url http://centcomm.engeneon.net/rt
An Error Occurred

The queue “support” you’re trying to mail to is not defined in the
/etc/aliases you’ve posted here.

3

My 000-default apache configuration file looks like this:

<VirtualHost *:80>
ServerAdmin webmaster@localhost

     DocumentRoot /var/www
     <Directory />
             Options FollowSymLinks
             AllowOverride None
     </Directory>

As long as you don’t serve any content in / (you currently serve the
dafult “It works”-Page, you should turn off this directory. This has
nothing to do with RT itself, but it’s something I noticed. See also
http://httpd.apache.org/docs/2.2/misc/security_tips.html

     <Directory /var/www/>
             Options Indexes FollowSymLinks MultiViews
             AllowOverride None
             Order allow,deny
             allow from all
     </Directory>

Same here.

     ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
     <Directory "/usr/lib/cgi-bin">
             AllowOverride None
             Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
             Order allow,deny
             Allow from all
     </Directory>

     ErrorLog ${APACHE_LOG_DIR}/error.log

     # Possible values include: debug, info, notice, warn, error,

crit,

     # alert, emerg.
     LogLevel debug

     CustomLog ${APACHE_LOG_DIR}/access.log combined

<Directory “/usr/share/request-tracker3.6/html/”>

You’re runnig RT4, so this directory does not exist. Your directory is
/usr/share/request-tracker4.

 Order allow,deny
 Allow from all
Include /etc/request-tracker4/apache2-modperl2.conf RedirectMatch ^/$ /rt -----

hth + regards, pgsAm 28.01.2013 16:47, schrieb Traiano Welcome:

Hi List

I’ve installed RT4 via the Debian package management system using the
following Wikia guide:
http://requesttracker.wikia.com/wiki/PostfixConfig , and operations
via the web interface seem to be working fine. I am using
“apache2-modperl2.conf”.

However, I am having an issue trying to get MailGate to work so that I
can log tickets via email. Most notably, my attempts to log tickets
via email fail with the following errors:

From the Postfix logs:

Jan 28 15:27:22 centcomm postfix/local[5921]: A864E9AA9:
to=test@engeneon.net, relay=local, delay=8903,
delays=8903/0.06/0/0.21, dsn=4.3.0, status=deferred (temporary
failure. Command output: An Error Occurred ================= 403
Forbidden )

From the Apache logs:

[Mon Jan 28 01:47:22 2013] [error] [client xxx.yyy.zzz.www] client
denied by server configuration:
/usr/share/request-tracker4/html/REST/1.0/NoAuth/mail-gateway

I have reviewed and tested the solution on these 2 threads, without success:

  1. [rt-users] 403 returned by rt-mailgate / mail-gateway
  2. http://www.mentby.com/Group/rt-users/maillog-403-forbidden.html

Other than this I cannot find any other solutions on the internet
based on similar experiences from other users of RT4.

My questions are:

a) Is this a known issue with a known fix? If so, I’d appreciate a
pointer to it?
b) If not, is there some approach I could use to debugging this in
more detail so that I can pinpoint exactly what should be changed to
allow rt-mailgate to post messages to the REST API for Rt4 ?

Below are elements of my configuration for RT, mail and Apache:

I am using the following Apache configuration:

My /etc/aliases configuration looks like this:

test: “|/usr/bin/rt-mailgate --queue test --action correspond --url
http://centcomm.engeneon.net/rt
test-comment: "|/usr/bin/rt-mailgate --queue testt --action comment
–url http://centcomm.engeneon.net/rt

A manual test of the rt-mailgate script produces the following:

root@centcomm:~# cat testfile.txt |/usr/bin/rt-mailgate --queue
support --action correspond --url http://centcomm.engeneon.net/rt
An Error Occurred

403 Forbidden

My apache2-modperl2.conf looks like this:

PerlSetEnv RT_SITE_CONFIG /etc/request-tracker4/RT_SiteConfig.pm
Alias /rt /usr/share/request-tracker4/html
<Location /rt>
SetHandler modperl
PerlResponseHandler Plack::Handler::Apache2
PerlSetVar psgi_app /usr/share/request-tracker4/libexec/rt-server

<Location /rt/NoAuth>
Order allow,deny
Allow from all
Satisfy any

<Location /rt/REST/1.0/NoAuth>
Order Allow,Deny
Allow from all

<Directory /usr/share/request-tracker4>
Options Indexes MultiViews
AllowOverride AuthConfig
Order allow,deny
Allow from all


use Plack::Handler::Apache2;
Plack::Handler::Apache2->preload(“/usr/share/request-tracker4/libexec/rt-server”);

My 000-default apache configuration file looks like this:

<VirtualHost *:80>
ServerAdmin webmaster@localhost

     DocumentRoot /var/www
     <Directory />
             Options FollowSymLinks
             AllowOverride None
     </Directory>
     <Directory /var/www/>
             Options Indexes FollowSymLinks MultiViews
             AllowOverride None
             Order allow,deny
             allow from all
     </Directory>

     ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
     <Directory "/usr/lib/cgi-bin">
             AllowOverride None
             Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
             Order allow,deny
             Allow from all
     </Directory>

     ErrorLog ${APACHE_LOG_DIR}/error.log

     # Possible values include: debug, info, notice, warn, error, crit,
     # alert, emerg.
     LogLevel debug

     CustomLog ${APACHE_LOG_DIR}/access.log combined

<Directory “/usr/share/request-tracker3.6/html/”>
Order allow,deny
Allow from all

Include /etc/request-tracker4/apache2-modperl2.conf
RedirectMatch ^/$ /rt

-----