RHEL 6.5
mail: postfix – running on RT server box
RT: 4.0.20
RTIR: latest
Everyone group is allowed to create tickets in the queue. Kinda stumped
here - an advice would be much appreciated.
From maillog
Doesn’t work
Jul 1 18:13:50 myRTserver postfix/smtpd[13562]: connect from
splunk.mydomain.net [10.xxx.xxx.xxx]
Jul 1 18:13:50 myRTserver postfix/smtpd[13562]: 35CBC2006B: client=
splunk.mydomain.net [10.xxx.xxx.xxx]
Jul 1 18:13:50 myRTserver postfix/cleanup[13565]: 35CBC2006B: message-id=<>
Jul 1 18:13:50 myRTserver postfix/qmgr[12896]: 35CBC2006B: from=<
splunk@Splunk.myRTserverDomain.net >, size=5744, nrcpt=1 (queue active)
Jul 1 18:13:50 myRTserver postfix/smtpd[13562]: disconnect from
splunk.mydomain.net [10.xxx.xxx.xxx]
Jul 1 18:13:50 myRTserver postfix/local[13566]: 35CBC2006B: to=<
rtir@rtir.myRTServerDomain.net >, relay=local, delay=0.29,
delays=0.08/0.01/0/0.2, dsn=2.0.0, status=sent (delivered to command:
/opt/rt4/bin/rt-mailgate --no-verify-ssl --queue ‘Incident Reports’
–action correspond --url https://rtir.myRTServerDomain.net/ )
Jul 1 18:13:50 myRTserver postfix/qmgr[12896]: 35CBC2006B: removed
Works
Jul 1 18:14:34 myRTserver postfix/pickup[13508]: D3CF02006F: uid=0
from=
Jul 1 18:14:34 myRTserver postfix/cleanup[13565]: D3CF02006F: message-id=<
20140701221434.D3CF02006F@rtir.myRTServerDomain.net >
Jul 1 18:14:34 myRTserver postfix/qmgr[12896]: D3CF02006F: from=<
root@rtir.myRTServerDomain.net >, size=444, nrcpt=1 (queue active)
Jul 1 18:14:35 myRTserver postfix/pickup[13508]: 2F7ED20070: uid=48
from=
Jul 1 18:14:35 myRTserver postfix/cleanup[13565]: 2F7ED20070: message-id=<
rt-4.0.20-12451-1404252875-1771.10-3-0@rtir.myRTServerDomain.net >
Jul 1 18:14:35 myRTserver postfix/qmgr[12896]: 2F7ED20070: from=<
apache@rtir.myRTServerDomain.net >, size=1431, nrcpt=1 (queue active)
Jul 1 18:14:35 myRTserver postfix/local[13576]: 2F7ED20070: to=<
root@rtir.myRTServerDomain.net >, relay=local, delay=0.02,
delays=0.01/0/0/0.01, dsn=2.0.0, status=sent (delivered to mailbox)
Jul 1 18:14:35 myRTserver postfix/qmgr[12896]: 2F7ED20070: removed
Jul 1 18:14:35 myRTserver postfix/local[13566]: D3CF02006F: to=<
rtir@rtir.myRTServerDomain.net >, relay=local, delay=0.4,
delays=0.01/0/0/0.39, dsn=2.0.0, status=sent (delivered to command:
/opt/rt4/bin/rt-mailgate --no-verify-ssl --queue ‘Incident Reports’
–action correspond --url https://rtir.myRTServerDomain.net/ )
Jul 1 18:14:35 myRTserver postfix/qmgr[12896]: D3CF02006F: removed
postfix config
RECEIVING MAIL
inet_interfaces = all
mynetworks = 127.0.0.0/8, 10.0.0.0/8
Thanks!
What does the RT debug log say in both instances?On 02/07/2014 8:45 am, “john bradley” jbradley.mail@gmail.com wrote:
RHEL 6.5
mail: postfix – running on RT server box
RT: 4.0.20
RTIR: latest
Everyone group is allowed to create tickets in the queue. Kinda stumped
here - an advice would be much appreciated.
From maillog
Doesn’t work
#############
Jul 1 18:13:50 myRTserver postfix/smtpd[13562]: connect from
splunk.mydomain.net [10.xxx.xxx.xxx]
Jul 1 18:13:50 myRTserver postfix/smtpd[13562]: 35CBC2006B: client=
splunk.mydomain.net [10.xxx.xxx.xxx]
Jul 1 18:13:50 myRTserver postfix/cleanup[13565]: 35CBC2006B:
message-id=<>
Jul 1 18:13:50 myRTserver postfix/qmgr[12896]: 35CBC2006B: from=<
splunk@Splunk.myRTserverDomain.net >, size=5744, nrcpt=1 (queue active)
Jul 1 18:13:50 myRTserver postfix/smtpd[13562]: disconnect from
splunk.mydomain.net [10.xxx.xxx.xxx]
Jul 1 18:13:50 myRTserver postfix/local[13566]: 35CBC2006B: to=<
rtir@rtir.myRTServerDomain.net >, relay=local, delay=0.29,
delays=0.08/0.01/0/0.2, dsn=2.0.0, status=sent (delivered to command:
/opt/rt4/bin/rt-mailgate --no-verify-ssl --queue ‘Incident Reports’
–action correspond --url https://rtir.myRTServerDomain.net/ )
Jul 1 18:13:50 myRTserver postfix/qmgr[12896]: 35CBC2006B: removed
Works
#########
Jul 1 18:14:34 myRTserver postfix/pickup[13508]: D3CF02006F: uid=0
from=
Jul 1 18:14:34 myRTserver postfix/cleanup[13565]: D3CF02006F: message-id=<
20140701221434.D3CF02006F@rtir.myRTServerDomain.net >
Jul 1 18:14:34 myRTserver postfix/qmgr[12896]: D3CF02006F: from=<
root@rtir.myRTServerDomain.net >, size=444, nrcpt=1 (queue active)
Jul 1 18:14:35 myRTserver postfix/pickup[13508]: 2F7ED20070: uid=48
from=
Jul 1 18:14:35 myRTserver postfix/cleanup[13565]: 2F7ED20070: message-id=<
rt-4.0.20-12451-1404252875-1771.10-3-0@rtir.myRTServerDomain.net >
Jul 1 18:14:35 myRTserver postfix/qmgr[12896]: 2F7ED20070: from=<
apache@rtir.myRTServerDomain.net >, size=1431, nrcpt=1 (queue active)
Jul 1 18:14:35 myRTserver postfix/local[13576]: 2F7ED20070: to=<
root@rtir.myRTServerDomain.net >, relay=local, delay=0.02,
delays=0.01/0/0/0.01, dsn=2.0.0, status=sent (delivered to mailbox)
Jul 1 18:14:35 myRTserver postfix/qmgr[12896]: 2F7ED20070: removed
Jul 1 18:14:35 myRTserver postfix/local[13566]: D3CF02006F: to=<
rtir@rtir.myRTServerDomain.net >, relay=local, delay=0.4,
delays=0.01/0/0/0.39, dsn=2.0.0, status=sent (delivered to command:
/opt/rt4/bin/rt-mailgate --no-verify-ssl --queue ‘Incident Reports’
–action correspond --url https://rtir.myRTServerDomain.net/ )
Jul 1 18:14:35 myRTserver postfix/qmgr[12896]: D3CF02006F: removed
postfix config
RECEIVING MAIL
inet_interfaces = all
mynetworks = 127.0.0.0/8, 10.0.0.0/8
Thanks!
–
RT Training - Boston, September 9-10
http://bestpractical.com/training
It looks to me like the emails coming from Splunk are malformed. The
Postfix log shows that they’re not getting a Message-ID header (which may
not be important). The RT errors suggest to me that they don’t have a
valid From address.On 03/07/2014 1:07 am, “john bradley” jbradley.mail@gmail.com wrote:
enabled logging:
Set($LogToFile, ‘debug’);
Set($LogDir, ‘/var/log’);
Set($LogToFileNamed, “rt.log”);
#log to rt.log
[19480] [Wed Jul 2 13:25:40 2014] [debug]: Converting ‘utf-8’ to ‘utf-8’
for text/plain - Subjectless message (/opt/rt4/sbin/…/lib/RT/I18N.pm:244)
[19480] [Wed Jul 2 13:25:40 2014] [debug]: Encode::Guess guessed
encoding: ascii (/opt/rt4/sbin/…/lib/RT/I18N.pm:498)
[19480] [Wed Jul 2 13:25:40 2014] [debug]: Encode::Guess guessed
encoding: ascii (/opt/rt4/sbin/…/lib/RT/I18N.pm:498)
[19480] [Wed Jul 2 13:25:40 2014] [error]: Unable to parse an email
address from splunk: Couldn’t find row
(/opt/rt4/sbin/…/lib/RT/EmailParser.pm:543)
[19480] [Wed Jul 2 13:25:40 2014] [error]: Unable to parse an email
address from splunk: Couldn’t find row
(/opt/rt4/sbin/…/lib/RT/EmailParser.pm:543)
[19480] [Wed Jul 2 13:25:40 2014] [error]: Unable to parse an email
address from splunk: Couldn’t find row
(/opt/rt4/sbin/…/lib/RT/EmailParser.pm:543)
[19480] [Wed Jul 2 13:25:40 2014] [error]: Unable to parse an email
address from splunk: Couldn’t find row
(/opt/rt4/sbin/…/lib/RT/EmailParser.pm:543)
[19480] [Wed Jul 2 13:25:40 2014] [warning]: Failed to parse From: splunk
(/opt/rt4/sbin/…/lib/RT/Interface/Email/Auth/MailFrom.pm:70)
[19480] [Wed Jul 2 13:25:40 2014] [error]: Couldn’t parse or find
sender’s address
(/opt/rt4/sbin/…/lib/RT/Interface/Email/Auth/MailFrom.pm:74)
[19480] [Wed Jul 2 13:25:40 2014] [error]: Could not record email: Could
not load a valid user (/opt/rt4/share/html/REST/1.0/NoAuth/mail-gateway:75)
Checked that rtir user exists in RT to create tickets
Added:
Set($AutoCreate, {Privileged => 0});
Also tried with:
Set($AutoCreate, {Privileged => 1});
rtir: “|/opt/rt4/bin/rt-mailgate --no-verify-ssl --queue ‘Incident
Reports’ --action correspond --url https://rtir.vtitel.net/ ”
#newaliases
#service postfix restart
Still receiving the same error. Thanks for the help so far tracking this
down.
On Tue, Jul 1, 2014 at 7:36 PM, Alex Peters alex@peters.net wrote:
What does the RT debug log say in both instances?
On 02/07/2014 8:45 am, “john bradley” jbradley.mail@gmail.com wrote:
RHEL 6.5
mail: postfix – running on RT server box
RT: 4.0.20
RTIR: latest
Everyone group is allowed to create tickets in the queue. Kinda stumped
here - an advice would be much appreciated.
From maillog
Doesn’t work
#############
Jul 1 18:13:50 myRTserver postfix/smtpd[13562]: connect from
splunk.mydomain.net [10.xxx.xxx.xxx]
Jul 1 18:13:50 myRTserver postfix/smtpd[13562]: 35CBC2006B: client=
splunk.mydomain.net [10.xxx.xxx.xxx]
Jul 1 18:13:50 myRTserver postfix/cleanup[13565]: 35CBC2006B:
message-id=<>
Jul 1 18:13:50 myRTserver postfix/qmgr[12896]: 35CBC2006B: from=<
splunk@Splunk.myRTserverDomain.net >, size=5744, nrcpt=1 (queue active)
Jul 1 18:13:50 myRTserver postfix/smtpd[13562]: disconnect from
splunk.mydomain.net [10.xxx.xxx.xxx]
Jul 1 18:13:50 myRTserver postfix/local[13566]: 35CBC2006B: to=<
rtir@rtir.myRTServerDomain.net >, relay=local, delay=0.29,
delays=0.08/0.01/0/0.2, dsn=2.0.0, status=sent (delivered to command:
/opt/rt4/bin/rt-mailgate --no-verify-ssl --queue ‘Incident Reports’
–action correspond --url https://rtir.myRTServerDomain.net/ )
Jul 1 18:13:50 myRTserver postfix/qmgr[12896]: 35CBC2006B: removed
Works
#########
Jul 1 18:14:34 myRTserver postfix/pickup[13508]: D3CF02006F: uid=0
from=
Jul 1 18:14:34 myRTserver postfix/cleanup[13565]: D3CF02006F:
message-id=20140701221434.D3CF02006F@rtir.myRTServerDomain.net
Jul 1 18:14:34 myRTserver postfix/qmgr[12896]: D3CF02006F: from=<
root@rtir.myRTServerDomain.net >, size=444, nrcpt=1 (queue active)
Jul 1 18:14:35 myRTserver postfix/pickup[13508]: 2F7ED20070: uid=48
from=
Jul 1 18:14:35 myRTserver postfix/cleanup[13565]: 2F7ED20070:
message-id=<
rt-4.0.20-12451-1404252875-1771.10-3-0@rtir.myRTServerDomain.net >
Jul 1 18:14:35 myRTserver postfix/qmgr[12896]: 2F7ED20070: from=<
apache@rtir.myRTServerDomain.net >, size=1431, nrcpt=1 (queue active)
Jul 1 18:14:35 myRTserver postfix/local[13576]: 2F7ED20070: to=<
root@rtir.myRTServerDomain.net >, relay=local, delay=0.02,
delays=0.01/0/0/0.01, dsn=2.0.0, status=sent (delivered to mailbox)
Jul 1 18:14:35 myRTserver postfix/qmgr[12896]: 2F7ED20070: removed
Jul 1 18:14:35 myRTserver postfix/local[13566]: D3CF02006F: to=<
rtir@rtir.myRTServerDomain.net >, relay=local, delay=0.4,
delays=0.01/0/0/0.39, dsn=2.0.0, status=sent (delivered to command:
/opt/rt4/bin/rt-mailgate --no-verify-ssl --queue ‘Incident Reports’
–action correspond --url https://rtir.myRTServerDomain.net/ )
Jul 1 18:14:35 myRTserver postfix/qmgr[12896]: D3CF02006F: removed
postfix config
RECEIVING MAIL
inet_interfaces = all
mynetworks = 127.0.0.0/8, 10.0.0.0/8
Thanks!
–
RT Training - Boston, September 9-10
http://bestpractical.com/training
Hanen
May 6, 2019, 12:46pm
4
Hello, please how can I integrate SPLUNK with RTIR ? Many thanks