Re: [rt-users] RT mailgate

2017-02-13 Thread Thomas Bätzler 
Lorraine Johnson wrote:



*  I noticed that mails sent outside rt are not being delivered in the system. 
I think my RT- mailgate is not working.  Autopreply messages are also not being 
received.

*   

*  Kindly help if you have an  idea.

*   

*  thank you

 

You’ve got the function of rt-mailgate backwards – it’s only responsible for 
delivering mail to RT; not for sending it. There are many possible causes why 
mails supposedly sent by RT are not reaching their intended recipients.

 

Are you using the local mail system of the box you’re running RT on to deliver 
outgoing mail? If so, start by verifying that it is working as intended by 
sending mail from the command line. Check the local mail logs to see whether 
your mails are getting rejected. If your primary mail hub is on a different 
system and you’re using its mail domain, make sure that you’re not getting 
rejections because your RT box is not  listed as a trusted sender in your 
domain’s SPF policy.

 

 

MfG,

Thomas Bätzler

-- 

BRINGE Informationstechnik GmbH

Zur Seeplatte 12

D-76228 Karlsruhe

Germany

 

Fon: +49 721 94246-0

Fon: +49 171 5438457

Fax: +49 721 94246-66

Web: http://www.bringe.de/

 

Geschäftsführer: Dipl.-Ing. (FH) Martin Bringe

Ust.Id: DE812936645, HRB 108943 Mannheim



smime.p7s
Description: S/MIME cryptographic signature

[rt-users] RT mailgate

2017-02-13 Thread Lorraine Johnson 
Goodmorning all,

I noticed that mails sent outside rt are not being delivered in the system.
I think my RT- mailgate is not working.  Autopreply messages are also not
being received.

Kindly help if you have an  idea.

thank you

Re: [rt-users] rt-mailgate in lab environment stopped working

2017-02-07 Thread Cena, Stephen (ext. 300) 
Ok; I figured out what it is but I don't know why. 

"Time Management for System Administrators" - page 30 "Some general advice" - 
#7 - "The strangest problems often turn out to be misconfigured DNS."

If I use the IP address for the server versus the FQDN, tickets flow in 
perfectly. If I use the FQDN of the server, it breaks.

It's bizarre: DNS appears to be functioning properly  in the test environment, 
but clearly based on this discovery it isn't.

I'll consider this "solved" as this is more than likely my own d#mn fault.

Stephen Cena
Senior Systems Administrator 
Quality Vision International, Inc.
Phone: (585) 544-0450 x300
To notify helpdesk: http://helpdesk.ogp.qvii.com or email: hd-gene...@qvii.com
To report email issues: postmas...@qvii.com

[rt-users] rt-mailgate in lab environment stopped working

2017-02-07 Thread Cena, Stephen (ext. 300) 
Thomas - You are correct. It wouldn't be so bad if the RT site wasn't working. 
If I use the exact same address I use for the web server in the rt-mailgate 
scripts it fails. If I put that address into a web browser, I can use the 
system as expected. I'm trying to figure out what the "disconnect" is now 
between rt-mailgate and the server.


Well, that error message is pretty clear ? when fetchmail tries to spawn 
rt-mailgate, that process can?t connect to RT.

You should replace SERVER:80 in your fetchmailrc with the URL you?re using to 
connect  to RT in your browser.


HTH,

Thoomas

-- next part --

Re: [rt-users] rt-mailgate in lab environment stopped working

2017-02-03 Thread Thomas Bätzler 
Hi,

 

Stephen Cena asked:

*  I’ve been beating my head against this for days now and can’t figure this
out. I original had

*  (as much as possible) a clone of our production environment in a lab. I
reached a point

*  where I was forced to re-IP the lab environment which went well. Now,
rt-mailgate

*  simply doesn’t work. Outbound mail does work (postfix). If I use the
/etc/aliases file for

*  commands like I usually to, fetchmail attempts to contact an SMTP server
for local

*  delivery. If I actually embed the rt-mailgate command inside fetchmailrc
I now get

*  “http request failed: 500 can’t connect to SERVER:80. Web server logs may
have more

*  info”. I can’t find anything.

 

Well, that error message is pretty clear – when fetchmail tries to spawn
rt-mailgate, that process can’t connect to RT.

 

You should replace SERVER:80 in your fetchmailrc with the URL you’re using
to connect  to RT in your browser.

 

 

HTH,

Thoomas

 

 



smime.p7s
Description: S/MIME cryptographic signature

[rt-users] rt-mailgate in lab environment stopped working

2017-02-02 Thread Cena, Stephen (ext. 300) 
I've been beating my head against this for days now and can't figure this out. 
I original had (as much as possible) a clone of our production environment in a 
lab. I reached a point where I was forced to re-IP the lab environment which 
went well. Now, rt-mailgate simply doesn't work. Outbound mail does work 
(postfix). If I use the /etc/aliases file for commands like I usually to, 
fetchmail attempts to contact an SMTP server for local delivery. If I actually 
embed the rt-mailgate command inside fetchmailrc I now get "http request 
failed: 500 can't connect to SERVER:80. Web server logs may have more info". I 
can't find anything.

I've put in a new mail server to see if that was the issue, but I simply cannot 
get the lab server to pick up mail anymore. As far as I can tell, DNS is 
functioning properly. What am I missing?

Stephen Cena
Senior Systems Administrator
Quality Vision International, Inc.
Phone: (585) 544-0450 x300
To notify helpdesk: http://helpdesk.ogp.qvii.com or email: 
hd-gene...@qvii.com
To report email issues: postmas...@qvii.com

Re: [rt-users] rt-mailgate issues with 4.2.12 (Use of uninitialized value $NewSubject)

2016-02-10 Thread Poulter, Dale 
All,

It appears that the problem is even more widespread.  The system will not 
accept any email.  The errors appear to point to missing subjects and from 
addresses but the process worked before the upgrade.  ANY help will be 
appreciated.  I am out of ideas.


-Dale

From: Poulter, Dale
Sent: Tuesday, February 09, 2016 12:41 PM
To: rt-users@lists.bestpractical.com
Subject: rt-mailgate issues with 4.2.12 (Use of uninitialized value $NewSubject)

We upgraded to 4.2.12 and everything looked ok.  However,  we are now unable to 
submit tickets via email using rt-mailgate. I have seen many posts but none of 
the proposed solutions seem to work.  We are using the same command as we did 
in 3.8.7 for sendmail .  Here is our setup.

Perl: 5.16.3
Rt-mailgate is using sendmail

testemail: "|/apps/rt4/bin/rt-mailgate  \
  --queue 'General' --action correspond \
  --url https://requesttracker.edu/ --no-verify-ssl"

In RT_SiteConfig.pm
Set($WebFallbackToRTLogin, "true");
Set($WebRemoteUserAutocreate, 1);


Error:
Command line  : not ok - Could not load a valid user

RT debug log; [20557] [Tue Feb  9 18:36:23 2016] [warning]: Use of 
uninitialized value $NewSubject in scalar chomp at 
/apps/rt4/sbin/../lib/RT/Interface/Email.pm line 1374. 
(/apps/rt4/sbin/../lib/RT/Interface/Email.pm:1374)
[20557] [Tue Feb  9 18:36:23 2016] [error]: Couldn't parse or find sender's 
address (/apps/rt4/sbin/../lib/RT/Interface/Email/Auth/MailFrom.pm:74)
[20557] [Tue Feb  9 18:36:23 2016] [error]: Could not record email: Could not 
load a valid user (/apps/rt4/share/html/REST/1.0/NoAuth/mail-gateway:75)







--Dale

---
Dale Poulter
Coordinator, Search and Core Services
Library Digital Services
Vanderbilt University
419 21st Avenue South, Room 812
Nashville, TN  37203-2427
(615)343-5388
(615)207-9705 (cell)
dale.poul...@vanderbilt.edu


-
RT 4.4 and RTIR Training Sessions 
(http://bestpractical.com/services/training.html)
* Hamburg Germany — March 14 & 15, 2016

[rt-users] rt-mailgate issues with 4.2.12 (Use of uninitialized value $NewSubject)

2016-02-09 Thread Poulter, Dale 
We upgraded to 4.2.12 and everything looked ok.  However,  we are now unable to 
submit tickets via email using rt-mailgate. I have seen many posts but none of 
the proposed solutions seem to work.  We are using the same command as we did 
in 3.8.7 for sendmail .  Here is our setup.

Perl: 5.16.3
Rt-mailgate is using sendmail

testemail: "|/apps/rt4/bin/rt-mailgate  \
  --queue 'General' --action correspond \
  --url https://requesttracker.edu/ --no-verify-ssl"

In RT_SiteConfig.pm
Set($WebFallbackToRTLogin, "true");
Set($WebRemoteUserAutocreate, 1);


Error:
Command line  : not ok - Could not load a valid user

RT debug log; [20557] [Tue Feb  9 18:36:23 2016] [warning]: Use of 
uninitialized value $NewSubject in scalar chomp at 
/apps/rt4/sbin/../lib/RT/Interface/Email.pm line 1374. 
(/apps/rt4/sbin/../lib/RT/Interface/Email.pm:1374)
[20557] [Tue Feb  9 18:36:23 2016] [error]: Couldn't parse or find sender's 
address (/apps/rt4/sbin/../lib/RT/Interface/Email/Auth/MailFrom.pm:74)
[20557] [Tue Feb  9 18:36:23 2016] [error]: Could not record email: Could not 
load a valid user (/apps/rt4/share/html/REST/1.0/NoAuth/mail-gateway:75)







--Dale

---
Dale Poulter
Coordinator, Search and Core Services
Library Digital Services
Vanderbilt University
419 21st Avenue South, Room 812
Nashville, TN  37203-2427
(615)343-5388
(615)207-9705 (cell)
dale.poul...@vanderbilt.edu


-
RT 4.4 and RTIR Training Sessions 
(http://bestpractical.com/services/training.html)
* Hamburg Germany — March 14 & 15, 2016

Re: [rt-users] rt-mailgate needs http for comment

2015-09-06 Thread Joseph D. Wagner 
Ok, I'm inching closer.  I found out that it works if I run it from the 
command line, but not when sendmail fires it off.  (This probably gave 
me the false sense that it worked by switching to HTTP.)


I turned on debug level logging in RT.  It logged a bunch of stuff when 
run from the command line, but it didn't log anything when sendmail did it.


Joseph D. Wagner

Re: [rt-users] rt-mailgate needs http for comment

2015-09-06 Thread Joseph D. Wagner 
Figured it out.  I created a catch-all address in virtusertable. Unknown 
to me, virtusertable gets processed before aliases, so it was hitting 
the catch-all and never made it to aliases.


Joseph D. Wagner

On 09/06/2015 12:13 PM, Alex Vandiver wrote:

On Sun, Sep 06, 2015 at 12:31:28AM -0700, Joseph D. Wagner wrote:

Here it is.  I left everything intact except the url.
[snip]

Those look fine.  Double-check that you have not multiply-defined
prc-staff elsewhere in aliases, and that you've run `newaliases`.
Short of that, my only suggestion is to turn on bug logging in your
MTA -- I can say with certainty that rt-mailgate doesn't deal
differently with correspond vs comment and http/https connections.
  - Alex

Re: [rt-users] rt-mailgate needs http for comment

2015-09-06 Thread Alex Vandiver 
On Sat, Sep 05, 2015 at 11:22:48PM -0700, Joseph D. Wagner wrote:
> I had apache set to allow rt over https only.  Trying over http would fail.
> 
> rt-mailgate was working perfectly fine over https when using
> "--action correspond".  However, when using "--action comment", it
> fails saying it is unable to connect.
>
> When I changed my apache configuration to allow http on local
> connections, it started working.
> 
> I suspect there is some code in the comment path of rt-mailgate that
> is forcing it over the http connection, rather than properly
> deriving the connection from the url parameter.
> 
> Being new to rt, I am open to the possibility I misconfigured
> something.  Is anyone else able to reproduce this?

I strongly suspect misconfiguration in your /etc/aliases.  The only
difference between correspond and comment paths is the value of a
query parameter that they POST:

https://github.com/bestpractical/rt/blob/stable/bin/rt-mailgate.in#L168-L170

Check to make sure that you have https:// on all of your aliases, and
that you've run newaliases (or equivalent) after updating them.
 - Alex

Re: [rt-users] rt-mailgate needs http for comment

2015-09-06 Thread Joseph D. Wagner 

Here it is.  I left everything intact except the url.

prc:"|/usr/bin/rt-mailgate --queue 'Performance Review' 
--action correspond --url https://./rt;
prc-staff:  "|/usr/bin/rt-mailgate --queue 'Performance Review' 
--action comment--url https://./rt;


Joe

On 09/05/2015 11:32 PM, Alex Vandiver wrote:

On Sat, Sep 05, 2015 at 11:22:48PM -0700, Joseph D. Wagner wrote:

I had apache set to allow rt over https only.  Trying over http would fail.

rt-mailgate was working perfectly fine over https when using
"--action correspond".  However, when using "--action comment", it
fails saying it is unable to connect.

When I changed my apache configuration to allow http on local
connections, it started working.

I suspect there is some code in the comment path of rt-mailgate that
is forcing it over the http connection, rather than properly
deriving the connection from the url parameter.

Being new to rt, I am open to the possibility I misconfigured
something.  Is anyone else able to reproduce this?

I strongly suspect misconfiguration in your /etc/aliases.  The only
difference between correspond and comment paths is the value of a
query parameter that they POST:

 
https://github.com/bestpractical/rt/blob/stable/bin/rt-mailgate.in#L168-L170

Check to make sure that you have https:// on all of your aliases, and
that you've run newaliases (or equivalent) after updating them.
  - Alex

Re: [rt-users] rt-mailgate needs http for comment

2015-09-06 Thread Alex Vandiver 
On Sun, Sep 06, 2015 at 12:31:28AM -0700, Joseph D. Wagner wrote:
> Here it is.  I left everything intact except the url.
> [snip]

Those look fine.  Double-check that you have not multiply-defined
prc-staff elsewhere in aliases, and that you've run `newaliases`.
Short of that, my only suggestion is to turn on bug logging in your
MTA -- I can say with certainty that rt-mailgate doesn't deal
differently with correspond vs comment and http/https connections.
 - Alex

[rt-users] rt-mailgate: Permission denied

2015-06-16 Thread Jeff Melton 
I'm setting up a new RT server, and I'm having some trouble getting rt-mailgate to accept email piped from postfix. 


`Command output: local: fatal: execvp /opt/rt4/bin/rt-mailgate: 
Permission denied`

Best I can tell, it's likely to be a permissions issue. What owner, group and 
mode should RT be using? Are there any other gotchas I need to be looking at? 
(I've configured role, group and user permissions in the RT GUI.)

JM

Re: [rt-users] rt-mailgate: Permission denied

2015-06-16 Thread Matt Brennan 
On my system, the application is world executable. I don't recall if that's
the default or I changed it. I'm sure someone here will say that's a bad
idea, security wise.

At a minimum, it needs to be executable by whatever user ID postfix is
running as. If you want to lock down the executable, you'd need to check
what user ID you have postfix running as and set the group to one which
contains that user ID (you'd also need to make sure it's group executable).


On Tue, Jun 16, 2015 at 11:33 AM, Jeff Melton j...@ifworld.com wrote:

 I'm setting up a new RT server, and I'm having some trouble getting
 rt-mailgate to accept email piped from postfix.
 `Command output: local: fatal: execvp /opt/rt4/bin/rt-mailgate:
 Permission denied`

 Best I can tell, it's likely to be a permissions issue. What owner, group
 and mode should RT be using? Are there any other gotchas I need to be
 looking at? (I've configured role, group and user permissions in the RT
 GUI.)

 JM

Re: [rt-users] rt-mailgate: Permission denied

2015-06-16 Thread Jeff Melton 

On Tue, Jun 16, 2015 at 11:54:52AM -0400, Matt Brennan wrote:

On my system, the application is world executable. I don't recall if that's
the default or I changed it. I'm sure someone here will say that's a bad
idea, security wise.

At a minimum, it needs to be executable by whatever user ID postfix is
running as. If you want to lock down the executable, you'd need to check
what user ID you have postfix running as and set the group to one which
contains that user ID (you'd also need to make sure it's group executable).


Thanks! The whole of /opt/rt4 is 755 right now, with everything executed by 
root. The postfix master process is owned by root; qmgr and pickup are owned by 
postfix. /opt/rt4 is root:www-data right now, but I've tried it root:root as 
well. I've tried adding the postfix user to the root and www-data groups, and 
that has no effect.



On Tue, Jun 16, 2015 at 11:33 AM, Jeff Melton j...@ifworld.com wrote:


I'm setting up a new RT server, and I'm having some trouble getting
rt-mailgate to accept email piped from postfix.
`Command output: local: fatal: execvp /opt/rt4/bin/rt-mailgate:
Permission denied`

Best I can tell, it's likely to be a permissions issue. What owner, group
and mode should RT be using? Are there any other gotchas I need to be
looking at? (I've configured role, group and user permissions in the RT
GUI.)

JM

Re: [rt-users] rt-mailgate: Permission denied

2015-06-16 Thread Jeff Melton 

It is chrooted, but when I s/-/n for all the chrooted processes in master.cf 
and restarted postfix, it didn't make any difference. I just swapped the 
original master.cf back in.

I'll update to add that my aliases were quoted incorrectly to begin with, and 
having changed that, the full error output now reads:

Command died with status 126: /opt/rt4/bin/rt-mailgate --queue 'Network 
Support' --action correspond --url http://rt.ifworld.com;. Command output: sh: 1: 
/opt/rt4/bin/rt-mailgate: Permission denied

On Tue, Jun 16, 2015 at 12:39:15PM -0700, Aaron C. de Bruyn wrote:

AppArmor?  (Or is that just Ubuntu?)

Also, is the postfix process running in a chroot?
Check /etc/postfix/master.cf to see if the service that is doing the
rt-mailgate delivery has a 'y' in the chroot column.

-A

On Tue, Jun 16, 2015 at 12:29 PM, Jeff Melton j...@ifworld.com wrote:

It's Debian Wheezy. No SELinux in this case.


On Tue, Jun 16, 2015 at 09:25:02PM +0200, Joop wrote:


On 16-6-2015 17:33, Jeff Melton wrote:


I'm setting up a new RT server, and I'm having some trouble getting
rt-mailgate to accept email piped from postfix.
`Command output: local: fatal: execvp /opt/rt4/bin/rt-mailgate:
Permission denied`


You don't state which OS you're using but if you're using CentOS/Rhel
base/derived you could be facing a SELinux problem. Check
/var/log/messages /var/log/audit or see what happens if you run
setenforce 0.

Regards,

Joop

Re: [rt-users] rt-mailgate: Permission denied

2015-06-16 Thread Jeff Melton 

I figured this out. I was using this project as an opportunity to try out 
plenv, but used /root/.plenv to set global Perl. When we set /root +x, it 
started working. Now I just need to figure out how best to fix it long-term.

Thanks, all.

On Tue, Jun 16, 2015 at 12:39:15PM -0700, Aaron C. de Bruyn wrote:

AppArmor?  (Or is that just Ubuntu?)

Also, is the postfix process running in a chroot?
Check /etc/postfix/master.cf to see if the service that is doing the
rt-mailgate delivery has a 'y' in the chroot column.

-A

On Tue, Jun 16, 2015 at 12:29 PM, Jeff Melton j...@ifworld.com wrote:

It's Debian Wheezy. No SELinux in this case.


On Tue, Jun 16, 2015 at 09:25:02PM +0200, Joop wrote:


On 16-6-2015 17:33, Jeff Melton wrote:


I'm setting up a new RT server, and I'm having some trouble getting
rt-mailgate to accept email piped from postfix.
`Command output: local: fatal: execvp /opt/rt4/bin/rt-mailgate:
Permission denied`


You don't state which OS you're using but if you're using CentOS/Rhel
base/derived you could be facing a SELinux problem. Check
/var/log/messages /var/log/audit or see what happens if you run
setenforce 0.

Regards,

Joop

Re: [rt-users] rt-mailgate: Permission denied

2015-06-16 Thread Jeff Melton 

It's Debian Wheezy. No SELinux in this case.

On Tue, Jun 16, 2015 at 09:25:02PM +0200, Joop wrote:

On 16-6-2015 17:33, Jeff Melton wrote:

I'm setting up a new RT server, and I'm having some trouble getting
rt-mailgate to accept email piped from postfix.
`Command output: local: fatal: execvp /opt/rt4/bin/rt-mailgate:
Permission denied`


You don't state which OS you're using but if you're using CentOS/Rhel
base/derived you could be facing a SELinux problem. Check
/var/log/messages /var/log/audit or see what happens if you run
setenforce 0.

Regards,

Joop

Re: [rt-users] rt-mailgate: Permission denied

2015-06-16 Thread Aaron C. de Bruyn 
AppArmor?  (Or is that just Ubuntu?)

Also, is the postfix process running in a chroot?
Check /etc/postfix/master.cf to see if the service that is doing the
rt-mailgate delivery has a 'y' in the chroot column.

-A

On Tue, Jun 16, 2015 at 12:29 PM, Jeff Melton j...@ifworld.com wrote:
 It's Debian Wheezy. No SELinux in this case.


 On Tue, Jun 16, 2015 at 09:25:02PM +0200, Joop wrote:

 On 16-6-2015 17:33, Jeff Melton wrote:

 I'm setting up a new RT server, and I'm having some trouble getting
 rt-mailgate to accept email piped from postfix.
 `Command output: local: fatal: execvp /opt/rt4/bin/rt-mailgate:
 Permission denied`

 You don't state which OS you're using but if you're using CentOS/Rhel
 base/derived you could be facing a SELinux problem. Check
 /var/log/messages /var/log/audit or see what happens if you run
 setenforce 0.

 Regards,

 Joop

Re: [rt-users] rt-mailgate: Permission denied

2015-06-16 Thread Joop 
On 16-6-2015 17:33, Jeff Melton wrote:
 I'm setting up a new RT server, and I'm having some trouble getting
 rt-mailgate to accept email piped from postfix.
 `Command output: local: fatal: execvp /opt/rt4/bin/rt-mailgate:
 Permission denied`

You don't state which OS you're using but if you're using CentOS/Rhel
base/derived you could be facing a SELinux problem. Check
/var/log/messages /var/log/audit or see what happens if you run
setenforce 0.

Regards,

Joop

Re: [rt-users] rt-mailgate ignoring --no-verify-ssl?

2015-05-01 Thread Aaron C. de Bruyn 
Fixed it.  Apparently --no-verify-ssl only deals with the hostname on
the certificate.

I added the following to the 'use' section at the top of rt-mailgate:

use IO::Socket::SSL;

and then in the get_useragent function, I added the following ssl_opts line:

$ua-ssl_opts( SSL_verify_mode = IO::Socket::SSL::SSL_VERIFY_NONE );

Now my legitimately signed wildcard cert (*.mydomain.tld) doesn't
error out because of a bad hostname, or an untrusted cert in the
middle of the chain.

-A



On Wed, Apr 29, 2015 at 9:01 PM, Aaron C. de Bruyn aa...@heyaaron.com wrote:
 Mailgate has been driving me nuts.  I downloaded 4.2.10 and set it up
 on a bright, shiny new server.

 I'm running fetchmail on my RT box using the following to send tickets to RT:

 poll mail.mydomain.tld with protocol pop3
username engineering password -redacted- mda
 /opt/rt4/bin/rt-mailgate --no-verify-ssl --queue engineering --action
 correspond --url https://tickets.mydomain.tld --debug

 Fetchmail complains about the MDA erroring out.  Increasing fetchmail
 debugging shows:

 fetchmail: about to deliver with: /opt/rt4/bin/rt-mailgate
 --no-verify-ssl --queue engineering --action correspond --url
 https://tickets.mydomain.tld/ --debug
 #***/opt/rt4/bin/rt-mailgate: temp file is '/tmp/Ax6Or2dgc1/23FBulXCfc'
 /opt/rt4/bin/rt-mailgate: connecting to
 https://tickets.mydomain.tld//REST/1.0/NoAuth/mail-gateway
 HTTP request failed: 500 Can't connect to tickets.mydomain.tld:443
 (certificate verify failed). Your webserver logs may have more
 information or there may be a network problem.

 /opt/rt4/bin/rt-mailgate: undefined server error
 fetchmail: MDA returned nonzero status 75
  not flushed
 fetchmail: POP3 QUIT


 I even get an SSL error when running from the command line:

 root@tickets:/opt# /opt/rt4/bin/rt-mailgate --no-verify-ssl --queue
 engineering --action correspond --url https://tickets.mydomain.tld/
 --debug
 test ctrl+d
 /opt/rt4/bin/rt-mailgate: temp file is '/tmp/9vlYhx9C9X/kI4IQo0RRw'
 /opt/rt4/bin/rt-mailgate: connecting to
 https://tickets.mydomain.tld//REST/1.0/NoAuth/mail-gateway
 HTTP request failed: 500 Can't connect to tickets.mydomain.tld:443
 (certificate verify failed). Your webserver logs may have more
 information or there may be a network problem.

 /opt/rt4/bin/rt-mailgate: undefined server error
 root@tickets:/opt#

 It's acting like it's ignoring --no-verify-ssl.

 Am I missing something?

 Thanks,

 -A

[rt-users] rt-mailgate ignoring --no-verify-ssl?

2015-04-29 Thread Aaron C. de Bruyn 
Mailgate has been driving me nuts.  I downloaded 4.2.10 and set it up
on a bright, shiny new server.

I'm running fetchmail on my RT box using the following to send tickets to RT:

poll mail.mydomain.tld with protocol pop3
   username engineering password -redacted- mda
/opt/rt4/bin/rt-mailgate --no-verify-ssl --queue engineering --action
correspond --url https://tickets.mydomain.tld --debug

Fetchmail complains about the MDA erroring out.  Increasing fetchmail
debugging shows:

fetchmail: about to deliver with: /opt/rt4/bin/rt-mailgate
--no-verify-ssl --queue engineering --action correspond --url
https://tickets.mydomain.tld/ --debug
#***/opt/rt4/bin/rt-mailgate: temp file is '/tmp/Ax6Or2dgc1/23FBulXCfc'
/opt/rt4/bin/rt-mailgate: connecting to
https://tickets.mydomain.tld//REST/1.0/NoAuth/mail-gateway
HTTP request failed: 500 Can't connect to tickets.mydomain.tld:443
(certificate verify failed). Your webserver logs may have more
information or there may be a network problem.

/opt/rt4/bin/rt-mailgate: undefined server error
fetchmail: MDA returned nonzero status 75
 not flushed
fetchmail: POP3 QUIT


I even get an SSL error when running from the command line:

root@tickets:/opt# /opt/rt4/bin/rt-mailgate --no-verify-ssl --queue
engineering --action correspond --url https://tickets.mydomain.tld/
--debug
test ctrl+d
/opt/rt4/bin/rt-mailgate: temp file is '/tmp/9vlYhx9C9X/kI4IQo0RRw'
/opt/rt4/bin/rt-mailgate: connecting to
https://tickets.mydomain.tld//REST/1.0/NoAuth/mail-gateway
HTTP request failed: 500 Can't connect to tickets.mydomain.tld:443
(certificate verify failed). Your webserver logs may have more
information or there may be a network problem.

/opt/rt4/bin/rt-mailgate: undefined server error
root@tickets:/opt#

It's acting like it's ignoring --no-verify-ssl.

Am I missing something?

Thanks,

-A

Re: [rt-users] RT-Mailgate timeout error after upgrade to 4.2.6

2014-08-11 Thread Kevin Falcone 
On Wed, Aug 06, 2014 at 09:44:40PM +, Richards, Matthew E ERDC-RDE-CERL-IL 
wrote:
  If you're going to the localhost, I'm not actually sure why you're
  involving SSL, but that's a separate issue.
 
 Actually, that was the issue. You're right, there's no need to use SSL
 with localhost. We have a rewrite from 80 to 443 for all interfaces
 and it always forces us to use https. I guess we could have created a
 non-SSL site just for localhost. The DoD has its own root CA that we
 added in a ca_file, but I think it's very slow and was causing the
 timeouts. I changed the rt-mailgate get_useragent to $ua-
 ssl_opts(SSL_verify_mode = 'SSL_VERIFY_NONE'); and that solved the
 issue. It's a temporary fix until we create a locahost:80 binding. I
 don't like maintaining custom source. Thanks for all the help.

If you don't want to verify, why not just use the flag?

$ ./bin/rt-mailgate --help | grep verify
   --ca-file or --no-verify-ssl, below.
   authority that should be used to verify the website's SSL certificate.
   preferentially use this option over --no-verify-ssl, as it will
--no-verify-ssl

-kevin


pgpEGC686EGKR.pgp
Description: PGP signature
-- 
RT Training - Boston, September 9-10
http://bestpractical.com/training

Re: [rt-users] RT-Mailgate timeout error after upgrade to 4.2.6

2014-08-06 Thread Kevin Falcone 
On Mon, Aug 04, 2014 at 08:29:02PM +, Richards, Matthew E ERDC-RDE-CERL-IL 
wrote:
 443 is listening on localhost. As you suggested, we tried curl from
 the localhost with both the FQDN and localhost URLs. We had limited
 success (without any message content), but it still fails with rt-
 mailgate. I suspect we need some content to test it further with curl.
 Do you have a sample curl command line with post params for testing?

Just run rt-mailgate by hand, handing it a correctly formatted
message and the --debug setting. If it works sporadically, you have some
serious problem with your webserver config.

If you're going to the localhost, I'm not actually sure why you're
involving SSL, but that's a separate issue.

-kevin



pgpY5fR35cHTa.pgp
Description: PGP signature
-- 
RT Training - Boston, September 9-10
http://bestpractical.com/training

Re: [rt-users] RT-Mailgate timeout error after upgrade to 4.2.6

2014-08-06 Thread Richards, Matthew E ERDC-RDE-CERL-IL 
 If you're going to the localhost, I'm not actually sure why you're
 involving SSL, but that's a separate issue.

Actually, that was the issue.  You're right, there's no need to use SSL with 
localhost.  We have a rewrite from 80 to 443 for all interfaces and it always 
forces us to use https.  I guess we could have created a non-SSL site just for 
localhost.  The DoD has its own root CA that we added in a ca_file, but I think 
it's very slow and was causing the timeouts.  I changed the rt-mailgate 
get_useragent to $ua-ssl_opts(SSL_verify_mode = 'SSL_VERIFY_NONE'); and 
that solved the issue.  It's a temporary fix until we create a locahost:80 
binding.  I don't like maintaining custom source.  Thanks for all the help.

Matt
-- 
RT Training - Boston, September 9-10
http://bestpractical.com/training

Re: [rt-users] RT-Mailgate timeout error after upgrade to 4.2.6

2014-08-04 Thread Kevin Falcone 
On Thu, Jul 31, 2014 at 09:03:16PM +, Richards, Matthew E ERDC-RDE-CERL-IL 
wrote:
 I increased the timeout from 180 to 750 added extra debugging to the code to
 get more information.  I replaced our URL with localhost for security:

Are you actually listening with SSL on localhost?  Is your webserver
configured to listen and allow that through to RT?


 see an entry in the access.log.  Fiddler gives us the same error (504 - 
 Gateway
 Timeout Error).  If I execute consecutive posts very quickly in Fiddler, after
 about seven 504 errors, I finally get a string of 200 (success) responses and
 some entries in the rt.log file to indicate it couldn’t find a valid user
 (because I didn’t supply one).  If I let it set for a minute, I get the 504
 errors again.

Is fiddler running on the machine connecting to localhost or somewhere
else?  It's a much more relevant test to use something like curl to
connect to localhost with the same arguments as rt-mailgate.

rt-mailgate isn't doing anything complicated, and if RT isn't logging
anything in debug mode, then normally this means your webserver is
bound only to the external hostname.

-kevin


pgpSxy8xFKVHk.pgp
Description: PGP signature
-- 
RT Training - Boston, September 9-10
http://bestpractical.com/training

Re: [rt-users] RT-Mailgate timeout error after upgrade to 4.2.6

2014-08-04 Thread Richards, Matthew E ERDC-RDE-CERL-IL 
Hi Kevin,

Thank you for the reply.  

  Are you actually listening with SSL on localhost?  Is your webserver
  configured to listen and allow that through to RT?

443 is listening on localhost.  As you suggested, we tried curl from the 
localhost with both the FQDN and localhost URLs.  We had limited success 
(without any message content), but it still fails with rt-mailgate.  I suspect 
we need some content to test it further with curl.  Do you have a sample curl 
command line with post params for testing?

user@rt:~$ curl -I 
https://rt.fully.qualified.domain.name/REST/1.0/NoAuth/mail-gateway
HTTP/1.1 200 OK
Date: Mon, 04 Aug 2014 17:09:29 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Frame-Options: DENY
Vary: Accept-Encoding
Content-Type: text/plain; charset=utf-8

user@rt:~$ curl -I https://localhost/REST/1.0/NoAuth/mail-gateway
HTTP/1.1 200 OK
Date: Mon, 04 Aug 2014 17:10:29 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Frame-Options: DENY
Vary: Accept-Encoding
Content-Type: text/plain; charset=utf-8

Running rt-mailgate with fetchmail:

2 messages for RTUSER at hostmaster.fully.qualified.domain.name (36925 octets).
fetchmail: POP3 LIST 1
fetchmail: POP3 +OK 1 34826
fetchmail: POP3 TOP 1 
fetchmail: POP3 +OK
reading message rtu...@hostmaster.fully.qualified.domain.name:1 of 2 (34826 
octets) 
#**.***..*.*.*.*.*.*.*.**.*.*.*.*.*.*.*.**.*.*.*.*.*.*.*.**.*.*.*.*.*.*.**.*.*.*.*.*/opt/rt4/bin/rt-mailgate:
 temp file is '/tmp/63WuokOupY/OIpKtEaLCc'
/opt/rt4/bin/rt-mailgate: connecting to https://rt.fully.qualified.domain.name 
/REST/1.0/NoAuth/mail-gateway
HTTP request failed: 500 Can't connect to rt.fully.qualified.domain.name:443. 
Your webserver logs may have more information or there may be a network problem.

/opt/rt4/bin/rt-mailgate: undefined server error
fetchmail: MDA returned nonzero status 75
 not flushed
fetchmail: POP3 LIST 2
fetchmail: POP3 +OK 2 2099
fetchmail: POP3 TOP 2 
fetchmail: POP3 +OK


Again, when we added some additional debugging messages and the actual error is:
LWP::Protocol::https::Socket: Timeout at /usr/share/perl5/LWP/Protocol/http.pm 
line 41.

-- 
RT Training - Boston, September 9-10
http://bestpractical.com/training

[rt-users] RT-Mailgate timeout error after upgrade to 4.2.6

2014-07-31 Thread Richards, Matthew E ERDC-RDE-CERL-IL 
We are fighting an issue after updating RT from 4.2.3 to 4.2.6 and rt-mailgate. 
 We also updated our OS to Ubuntu 14.04.  Everything seems to be working in RT 
except rt-mailgate.  I've isolated it to an LWP::Protocol::https::Socket: 
Timeout error returned from the post to the RESTful service: my $r = $ua-post( 
$full_url, $post_params, Content_Type = 'form-data' );

I increased the timeout from 180 to 750 added extra debugging to the code to 
get more information.  I replaced our URL with localhost for security:

/opt/rt4/bin/rt-mailgate: connecting to 
https://localhost/REST/1.0/NoAuth/mail-gateway
ua-timeout: 750
ua-post full_url: https://localhost/REST/1.0/NoAuth/mail-gateway
ua-post post_params: HASH(0x149a6d0)
r-content : Can't connect to localhost:443

LWP::Protocol::https::Socket: Timeout at /usr/share/perl5/LWP/Protocol/http.pm 
line 41.

HTTP request failed: 500 Can't connect to localhost:443. Your webserver logs 
may have more information or there may be a network problem.

/opt/rt4/bin/rt-mailgate: undefined server error
fetchmail: MDA returned nonzero status 75
not flushed

There are no log entries in the apache error.log.  We have Set($LogToFile , 
'debug'); and did see one error that we corrected (a missing $RTAddressRegexp 
configuration).  There are no other errors in the rt.log file.   I don't even 
see an entry in the access.log.  Fiddler gives us the same error (504 - Gateway 
Timeout Error).  If I execute consecutive posts very quickly in Fiddler, after 
about seven 504 errors, I finally get a string of 200 (success) responses and 
some entries in the rt.log file to indicate it couldn't find a valid user 
(because I didn't supply one).  If I let it set for a minute, I get the 504 
errors again.

Thank you for any help,

Matthew E. Richards

-- 
RT Training - Boston, September 9-10
http://bestpractical.com/training

[rt-users] rt-mailgate error

2014-07-18 Thread Dan Mcqueen 
Hi rt-users

I am trying to install rt 4.2.6 and I am getting this error when I send
email to rt-mailgate.
I am using

 centos 6.5
 postfix
 rt 4.2.6 with smime enabled
 https

Can anyone help point me to what might be wrong?

   Thanks,
-Dan

(temporary failure. Command output: RT server error.  The RT server which
handled your email did not behave as expected. It said:   !DOCTYPE html
html lang=en   head titleLogin/title meta
http-equiv=X-UA-Compatible content=IE=edge / !-- The
X-UA-Compatible meta tag above must be very early in head --
script window.RT = {}; RT.CurrentUser = {}; RT.Config  =
{WebPath:,MessageBoxRichTextHeight:200,rtname:rt-de.mars.com};
RT.I18N = {}; RT.I18N.Catalog = {quote_in_filename:Filenames with double
quotes can not be uploaded.}; /script   link rel=stylesheet
href=/NoAuth/css/rudder/squished-a6ecd9cac12ad7882b058c189d8356f0.css
type=text/css media=all /  link rel=shortcut icon
href=/static/images/favicon.png type=image/png /   !--[if lt IE 8]
link rel=stylesheet href=/static/css/rudder/msie.css type=text/css
media=all / ![endif]--   !-- Site CSS from theme editor -- style
type=text/css media=all id=sitecss /style   script
type=text/javascript
src=/NoAuth/js/squished-46e33086cae34b18193091278fdfb134.js/script
script type=text/javascript!-- jQuery( loadTitleBoxStates );
jQuery(function () { jQuery('\x23user').focus() }); --/script   script
if (window.top !== window.self) { document.write = ;
window.top.location = window.self.location;  setTimeout(function(){
document.body.innerHTML = ; }, 1);  window.self.onload =
function(){ document.body.innerHTML = ; }; } /script
/head   body class=rudder sidebyside id=comp-NoAuth-Login  div
id=logo a href=http://bestpractical.com;img
src=/static/images/bpslogo.png alt=Best Practical Solutions, LLC
corporate logo width=181 height=38 //a span
class=rtnameRT for rt-de.mars.com/span /div   div id=quickbar
div id=quick-personal span class=hidea href=#skipnavSkip
Menu/a | /span span id=not-logged-inNot logged in./span
/div  /div div id=headerh1Login/h1/divdiv id=body
class=login-body div id=login-box div class=   div
class=titlebox id=   div class=titlebox-title span
class=leftLogin/span span class=right4.2.6
/span   /div   div class=titlebox-content 
id=TitleBox--_NoAuth_Login_html--TG9naW4_---0  form id=login
name=login method=post action=/NoAuth/Login.html  div
class=input-row span class=labelUsername:/span span
class=inputinput name=user value= id=user //span /div  div
class=input-row span class=labelPassword:/span span
class=inputinput type=password name=pass autocomplete=off
//span /div  input type=hidden name=next
value=24586f91ce1b1eec42bdabfc5857b8b6 /  script
type=text/javascript jQuery(function(){ if (window.location.hash) {
var form = jQuery(form[name=login]); form.attr('action',
form.attr('action') + '#' + window.location.hash.replace(/^#/, '')); }
}); /script  div class=button-row span class=inputinput
type=submit class=button value=Login //span /div   /form
hr class=clear /   /div /div /div   /div!-- #login-box --
/div!-- #login-body --   hr class=clear / /div div id=footer
  p id=timespanTime to display: 0.017673/span/p   p
id=bpscreditsspan#187;#124;#171; RT 4.2.6 Copyright 1996-2014 a
href=http://www.bestpractical.com?rt=4.2.6
http://www.bestpractical.com/?rt=4.2.6Best Practical Solutions,
LLC/a. /span/p   p id=legalDistributed under a href=
http://www.gnu.org/licenses/gpl-2.0.html;version 2 of the GNU GPL/a.br
/To inquire about support, training, custom development or licensing,
please contact a href=mailto:sa...@bestpractical.com;
sa...@bestpractical.com/a.br //p /div   /body /html)
-- 
RT Training - Boston, September 9-10
http://bestpractical.com/training

Re: [rt-users] rt-mailgate error

2014-07-18 Thread Alex Vandiver 
On 07/18/2014 05:23 PM, Dan Mcqueen wrote:
 Hi rt-users
 
 I am trying to install rt 4.2.6 and I am getting this error when I send
 email to rt-mailgate.
 I am using
 
  centos 6.5
  postfix
  rt 4.2.6 with smime enabled
  https
 
 Can anyone help point me to what might be wrong?

What aliases line are you using?  That is, how are you calling rt-mailgate?
 - Alex
-- 
RT Training - Boston, September 9-10
http://bestpractical.com/training

Re: [rt-users] rt-mailgate error

2014-07-18 Thread Dan Mcqueen 
That was the tip I needed, I had a trailing /rt/, which was incorrect, on
on my mailgate --url

   Thanks!


On Fri, Jul 18, 2014 at 2:37 PM, Alex Vandiver ale...@bestpractical.com
wrote:

 On 07/18/2014 05:23 PM, Dan Mcqueen wrote:
  Hi rt-users
 
  I am trying to install rt 4.2.6 and I am getting this error when I send
  email to rt-mailgate.
  I am using
 
   centos 6.5
   postfix
   rt 4.2.6 with smime enabled
   https
 
  Can anyone help point me to what might be wrong?

 What aliases line are you using?  That is, how are you calling rt-mailgate?
  - Alex

-- 
RT Training - Boston, September 9-10
http://bestpractical.com/training

Re: [rt-users] RT-mailgate question

2014-07-08 Thread Yavor Marinov 
Thanks for your time Peter.

Currently in the received mail i need to add the username which took
action over the ticket, nothing more

On 7/8/2014 3:26 AM, Alex Peters wrote:

 From your description, it seems that the managers are currently
 watching the ticket as AdminCCs.

 Can you please give an example of the information that you need in the
 emails that are sent to the managers?

 The emails already show the name and email address of the person
 adding correspondence to the ticket.  Ticket owner information is
 already emailed when owner change occurs.

 On 08/07/2014 1:03 am, Yavor Marinov ymari...@neterra.net
 mailto:ymari...@neterra.net wrote:

 hey guys,

 i have again (probably) silly question. Is there any chance when using
 RT web interface, when replying the rt-mailgate to attach the username
 who did the action. Now, when replying to a ticket, via email we
 receive
 only the actual information written by user plus link to the
 ticket. I'm
 asking this, because some of our managers don't want to handle
 with RT's
 web interface, but needs info who actually took action over the ticket

 Thanks in advance

 --
 RT Training - Boston, September 9-10
 http://bestpractical.com/training


-- 
RT Training - Boston, September 9-10
http://bestpractical.com/training

Re: [rt-users] RT-mailgate question

2014-07-08 Thread Alex Peters 
A list of useful template snippets can be found on the wiki:

http://requesttracker.wikia.com/wiki/TemplateSnippets#People

It seems that you would get the desired information by adding this to the
appropriate templates:

{ $Transaction-CreatorObj-Name }


In your case, you probably want to add this to the Admin Correspondence,
Admin Comment and Transaction templates.


On 8 July 2014 18:02, Yavor Marinov ymari...@neterra.net wrote:

  Thanks for your time Peter.

 Currently in the received mail i need to add the username which took
 action over the ticket, nothing more


  On 7/8/2014 3:26 AM, Alex Peters wrote:

 From your description, it seems that the managers are currently watching
 the ticket as AdminCCs.

 Can you please give an example of the information that you need in the
 emails that are sent to the managers?

 The emails already show the name and email address of the person adding
 correspondence to the ticket.  Ticket owner information is already emailed
 when owner change occurs.
 On 08/07/2014 1:03 am, Yavor Marinov ymari...@neterra.net wrote:

 hey guys,

 i have again (probably) silly question. Is there any chance when using
 RT web interface, when replying the rt-mailgate to attach the username
 who did the action. Now, when replying to a ticket, via email we receive
 only the actual information written by user plus link to the ticket. I'm
 asking this, because some of our managers don't want to handle with RT's
 web interface, but needs info who actually took action over the ticket

 Thanks in advance

 --
 RT Training - Boston, September 9-10
 http://bestpractical.com/training



-- 
RT Training - Boston, September 9-10
http://bestpractical.com/training

Re: [rt-users] RT-mailgate question

2014-07-08 Thread Yavor Marinov 
Thanks Alex - it worked.

ps: excuse my previous mail since i mistaken your name

BR

On 7/8/2014 2:01 PM, Alex Peters wrote:
 A list of useful template snippets can be found on the wiki:

 http://requesttracker.wikia.com/wiki/TemplateSnippets#People

 It seems that you would get the desired information by adding this to
 the appropriate templates:

 { $Transaction-CreatorObj-Name }

 In your case, you probably want to add this to the Admin
 Correspondence, Admin Comment and Transaction templates.


 On 8 July 2014 18:02, Yavor Marinov ymari...@neterra.net
 mailto:ymari...@neterra.net wrote:

 Thanks for your time Peter.

 Currently in the received mail i need to add the username which
 took action over the ticket, nothing more


 On 7/8/2014 3:26 AM, Alex Peters wrote:

 From your description, it seems that the managers are currently
 watching the ticket as AdminCCs.

 Can you please give an example of the information that you need
 in the emails that are sent to the managers?

 The emails already show the name and email address of the person
 adding correspondence to the ticket.  Ticket owner information is
 already emailed when owner change occurs.

 On 08/07/2014 1:03 am, Yavor Marinov ymari...@neterra.net
 mailto:ymari...@neterra.net wrote:

 hey guys,

 i have again (probably) silly question. Is there any chance
 when using
 RT web interface, when replying the rt-mailgate to attach the
 username
 who did the action. Now, when replying to a ticket, via email
 we receive
 only the actual information written by user plus link to the
 ticket. I'm
 asking this, because some of our managers don't want to
 handle with RT's
 web interface, but needs info who actually took action over
 the ticket

 Thanks in advance

 --
 RT Training - Boston, September 9-10
 http://bestpractical.com/training




-- 
RT Training - Boston, September 9-10
http://bestpractical.com/training

[rt-users] RT-mailgate question

2014-07-07 Thread Yavor Marinov 
hey guys,

i have again (probably) silly question. Is there any chance when using
RT web interface, when replying the rt-mailgate to attach the username
who did the action. Now, when replying to a ticket, via email we receive
only the actual information written by user plus link to the ticket. I'm
asking this, because some of our managers don't want to handle with RT's
web interface, but needs info who actually took action over the ticket

Thanks in advance

-- 
RT Training - Boston, September 9-10
http://bestpractical.com/training

Re: [rt-users] RT-mailgate question

2014-07-07 Thread Alex Peters 
From your description, it seems that the managers are currently watching
the ticket as AdminCCs.

Can you please give an example of the information that you need in the
emails that are sent to the managers?

The emails already show the name and email address of the person adding
correspondence to the ticket.  Ticket owner information is already emailed
when owner change occurs.
On 08/07/2014 1:03 am, Yavor Marinov ymari...@neterra.net wrote:

 hey guys,

 i have again (probably) silly question. Is there any chance when using
 RT web interface, when replying the rt-mailgate to attach the username
 who did the action. Now, when replying to a ticket, via email we receive
 only the actual information written by user plus link to the ticket. I'm
 asking this, because some of our managers don't want to handle with RT's
 web interface, but needs info who actually took action over the ticket

 Thanks in advance

 --
 RT Training - Boston, September 9-10
 http://bestpractical.com/training

-- 
RT Training - Boston, September 9-10
http://bestpractical.com/training

[rt-users] rt-mailgate https - problem

2014-06-30 Thread DD DD 
Hello,

I have following problem:

root@rt:~# rt-mailgate --debug --action correspond --url=
https://localhost/rt --queue General  /root/test.msg
/usr/bin/rt-mailgate: temp file is '/tmp/4iP43YcvGf/qapxKbbAkW'
/usr/bin/rt-mailgate: connecting to
https://localhost/rt/REST/1.0/NoAuth/mail-gateway
An Error Occurred
=

500 Can't connect to localhost:443

/usr/bin/rt-mailgate: undefined server error
root@rt:~#

On my RT-server I can't checkin the tickets via https (https website via
browser works fine - certificte is ok) - via http it works fine!

The Apache errorlog is empty. what does this error mean?

Best Regards
-- 
RT Training - Boston, September 9-10
http://bestpractical.com/training

[rt-users] rt-mailgate https - problem

2014-06-30 Thread DD DD 
Hello,

I have following problem:

root@rt:~# rt-mailgate --debug --action correspond --url=
https://localhost/rt --queue General  /root/test.msg
/usr/bin/rt-mailgate: temp file is '/tmp/4iP43YcvGf/qapxKbbAkW'
/usr/bin/rt-mailgate: connecting to
https://localhost/rt/REST/1.0/NoAuth/mail-gateway
An Error Occurred
=

500 Can't connect to localhost:443

/usr/bin/rt-mailgate: undefined server error
root@rt:~#

On my RT-server I can't checkin the tickets via https (https website via
browser works fine - certificte is ok) - via http it works fine!

The Apache errorlog is empty. what does this error mean?

Best Regards
-- 
RT Training - Boston, September 9-10
http://bestpractical.com/training

Re: [rt-users] rt-mailgate https - problem

2014-06-30 Thread Christian Loos 
Replace in the URL parameter to rt-mailgate localhost with the FQDN.

Chris

Am 30.06.2014 11:17, schrieb DD DD:
 Hello,
 
 I have following problem:
 
 root@rt:~# rt-mailgate --debug --action correspond
 --url=https://localhost/rt --queue General  /root/test.msg
 /usr/bin/rt-mailgate: temp file is '/tmp/4iP43YcvGf/qapxKbbAkW'
 /usr/bin/rt-mailgate: connecting to
 https://localhost/rt/REST/1.0/NoAuth/mail-gateway
 An Error Occurred
 =
 
 500 Can't connect to localhost:443
 
 /usr/bin/rt-mailgate: undefined server error
 root@rt:~#
 
 On my RT-server I can't checkin the tickets via https (https website via
 browser works fine - certificte is ok) - via http it works fine!
 
 The Apache errorlog is empty. what does this error mean?
 
 Best Regards
 
 

-- 
RT Training - Boston, September 9-10
http://bestpractical.com/training

Re: [rt-users] rt-mailgate https - problem

2014-06-30 Thread Christian Loos 
Please keep replies to the list.

Which RT version are you using?

Because your apache making a redirect and rt-mailgate following
redirects only in RT 4.2.4 and newer.

Chris

Am 30.06.2014 12:09, schrieb DD DD:
 root@rt:~# wget https://HIDDEN/rt
 --2014-06-30 12:04:42--  https://HIDDEN/rt
 Resolving HIDDEN (HIDDEN)... HIDDEN
 Connecting to HIDDEN (HIDDEN)|HIDDEN|:443... connected.
 HTTP request sent, awaiting response... 301 Moved Permanently
 Location: https://HIDDEN/rt/ [following]
 --2014-06-30 12:04:42--  https://HIDDEN/rt/
 Reusing existing connection to HIDDEN:443.
 HTTP request sent, awaiting response... 200 OK
 Length: unspecified [text/html]
 Saving to: `rt'
 
 [
 =   
  
 ] 4,064   --.-K/s   in 0.01
 
 2014-06-30 12:04:43 (324 KB/s) - `rt' saved [4064]
 
 root@rt:~#
 
 It seems that Apache doesn't listen correct, but the hosts entry is correct.
-- 
RT Training - Boston, September 9-10
http://bestpractical.com/training

Re: [rt-users] rt-mailgate https - problem

2014-06-30 Thread DD DD 
on old and new server there runs 4.0.7

new machine:

root@rt:~# wget https://127.0.0.1/rt
--2014-06-30 12:24:15--  https://127.0.0.1/rt

Connecting to 127.0.0.1:443... connected.
The certificate's owner does not match hostname `127.0.0.1'
root@rt:~# wget https://localhost/rt
--2014-06-30 12:28:22--  https://localhost/rt
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:443... connected.

GnuTLS: A TLS warning alert has been received.
Unable to establish SSL connection.
root@rt:~#

Why occurs a TLS warning? This comes not from the certificate (I also tried
it with --no-check-certificate)


2014-06-30 12:21 GMT+02:00 Christian Loos cl...@netcologne.de:

 Please keep replies to the list.

 Which RT version are you using?

 Because your apache making a redirect and rt-mailgate following
 redirects only in RT 4.2.4 and newer.

 Chris

 Am 30.06.2014 12:09, schrieb DD DD:
  root@rt:~# wget https://HIDDEN/rt
  --2014-06-30 12:04:42--  https://HIDDEN/rt
  Resolving HIDDEN (HIDDEN)... HIDDEN
  Connecting to HIDDEN (HIDDEN)|HIDDEN|:443... connected.
  HTTP request sent, awaiting response... 301 Moved Permanently
  Location: https://HIDDEN/rt/ [following]
  --2014-06-30 12:04:42--  https://HIDDEN/rt/
  Reusing existing connection to HIDDEN:443.
  HTTP request sent, awaiting response... 200 OK
  Length: unspecified [text/html]
  Saving to: `rt'
 
  [
  =
  ] 4,064   --.-K/s   in 0.01
 
  2014-06-30 12:04:43 (324 KB/s) - `rt' saved [4064]
 
  root@rt:~#
 
  It seems that Apache doesn't listen correct, but the hosts entry is
 correct.

-- 
RT Training - Boston, September 9-10
http://bestpractical.com/training

Re: [rt-users] RT Mailgate question

2014-05-28 Thread Kevin Falcone 
On Sun, May 25, 2014 at 08:02:24PM -0700, Jeevan wrote:
 When I first started working on Request Tracker, the concept was simple
 cause I was working in a local environment where a mail message would be
 sent directly to a predefined RT queue e.g. que...@rt.example.com or just
 queue1. However, now I want to do something like this in which a ticket is
 created by sending an email to a Gmail account, the RT-Mailgate reads the
 account and creates the ticket. I am using Sendmail and relaying everything
 to a mailserver located within my network. Any thoughts or insights would be
 much appreciated. Please and thank you!

rt-mailgate does not do pop or imap or any other mail client
protocols.  You set up fetchmail or getmail or any of the other mail
client systems and have them pipe mail to rt-mailgate.

-kevin


pgp665p0MeUjZ.pgp
Description: PGP signature
-- 
RT Training - Boston, September 9-10
http://bestpractical.com/training

[rt-users] RT Mailgate question

2014-05-25 Thread Jeevan 
Hi there,

When I first started working on Request Tracker, the concept was simple
cause I was working in a local environment where a mail message would be
sent directly to a predefined RT queue e.g. que...@rt.example.com or just
queue1. However, now I want to do something like this in which a ticket is
created by sending an email to a Gmail account, the RT-Mailgate reads the
account and creates the ticket. I am using Sendmail and relaying everything
to a mailserver located within my network. Any thoughts or insights would be
much appreciated. Please and thank you!


Best regards,
Jeevan



--
View this message in context: 
http://requesttracker.8502.n7.nabble.com/RT-Mailgate-question-tp57494.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.
-- 
RT Training - Boston, September 9-10
http://bestpractical.com/training

Re: [rt-users] rt-mailgate +getmail issue

2014-02-18 Thread Kevin Falcone 
On Fri, Feb 14, 2014 at 09:14:08AM +0200, Yavor Marinov wrote:
Additional information won't hurt anyway. The only regexp which is 
 configured in
RT_Siteconfig.pm is
 
Set($RTAddressRegexp , '^r...@domain.com$');
 
What should be Regexp in order to detect the [] anywhere in the 
 Subject field

Not the relevant setting.

Your $rtname, $EmailSubjectTagRegex and any Queue level Subject tags
are relevant.

An outgoing Subject: line (taken from the history of the ticket) and
an incoming Subject that does not match and create a new ticket would
be needed to see what is going on.

The subjects cannot be changed, so putting [XXX] in defeats the
ability of anyone to debug.

You would also mention any plugins you have installed and enabled.

-kevin


pgpblnZ3hAPIN.pgp
Description: PGP signature
-- 
RT Training London, March 19-20 and Dallas May 20-21
http://bestpractical.com/training

Re: [rt-users] rt-mailgate +getmail issue

2014-02-13 Thread Yavor Marinov 
I've manage to solve this with RT-Interface-Email-Filter-CheckMessageId 
http://cpan.poldownload.com/modules/by-module/RT/NANARDON/RT-Interface-Email-Filter-CheckMessageId-0.2.tar.gz 
extension.


On 02/13/2014 12:29 PM, Yavor Marinov wrote:

Hello,

i have the following configs for getmail:

create a ticket to address requ...@company.com:
arguments = (--url, https://localhost;, --queue, Internal-IT, 
--action, correspond,)


comment to a ticket to address request-comm...@company.com:
arguments = (--url, https://localhost;, --queue, Internal-IT, 
--action, comment,)


everything works as it should be, but the following is annoying our 
colleagues, and I need to fix it. So, if someone create a ticket via 
email, the ticket is getting into the queue correctly and the members 
of the group (responsible for the queue) are getting mail from RT with 
subject:


[XX] Subject of the email which is send to corresponding email.

Once anyone tried to reply via email (e.g. reply from their email 
client - subject changes to Re: [X] ) the reply isn't inserted 
in the correct ticket, but instead RT creates a new ticket with 
subject Re: [X].


If they reply and remove the Re: and leave subject as in RT the 
comment is properly added to the ticket.
Summed up - getmail and rt-mailgate are working properly - the only 
problem is the subject, and what should i modify in order RT to lookup 
into the Subject field even if Re: is supplied.


Any help will be much appreciated!





-- 
RT Training London, March 19-20 and Dallas May 20-21
http://bestpractical.com/training

Re: [rt-users] rt-mailgate +getmail issue

2014-02-13 Thread Kevin Falcone 
On Thu, Feb 13, 2014 at 04:47:42PM +0200, Yavor Marinov wrote:
I've manage to solve this with [1]RT-Interface-Email-Filter-CheckMessageId 
 extension.

I'm glad that this fixed your issues, however for the archives, RT
works just fine and has for years with the subject tag (the [XX]
part) being anywhere in the subject.

Usually this points to a misconfiguration in RT's rtname, the regexp
that understands it or Queue level subject tags.  But since you didn't
provide enough information about that, we can't even guess.

-kevin

On 02/13/2014 12:29 PM, Yavor Marinov wrote:
 
  Hello,
 
  i have the following configs for getmail:
 
  create a ticket to address [2]requ...@company.com:
  arguments = (--url, [3]https://localhost;, --queue, Internal-IT, 
 --action,
  correspond,)
 
  comment to a ticket to address [4]request-comm...@company.com:
  arguments = (--url, [5]https://localhost;, --queue, Internal-IT, 
 --action,
  comment,)
 
  everything works as it should be, but the following is annoying our 
 colleagues, and I need
  to fix it. So, if someone create a ticket via email, the ticket is 
 getting into the queue
  correctly and the members of the group (responsible for the queue) are 
 getting mail from RT
  with subject:
 
  [XX] Subject of the email which is send to corresponding email.
 
  Once anyone tried to reply via email (e.g. reply from their email client 
 - subject changes
  to Re: [X] ) the reply isn't inserted in the correct ticket, but 
 instead RT creates
  a new ticket with subject Re: [X].
 
  If they reply and remove the Re: and leave subject as in RT the 
 comment is properly added
  to the ticket.
  Summed up - getmail and rt-mailgate are working properly - the only 
 problem is the subject,
  and what should i modify in order RT to lookup into the Subject field 
 even if Re: is
  supplied.


pgpgiFYganfPF.pgp
Description: PGP signature
-- 
RT Training London, March 19-20 and Dallas May 20-21
http://bestpractical.com/training

Re: [rt-users] rt-mailgate +getmail issue

2014-02-13 Thread Yavor Marinov 
Additional information won't hurt anyway. The only regexp which is 
configured in RT_Siteconfig.pm is


Set($RTAddressRegexp , '^r...@domain.com$');

What should be Regexp in order to detect the [] anywhere in the 
Subject field




---
Find out about our new Cloud service - Cloudware.bg 
http://cloudware.bg/?utm_source=emailutm_medium=signatureutm_content=linkutm_campaign=newwebsite

Access anywhere. Manage it yourself. Pay as you go.

*Yavor Marinov*
System Administrator

Neterra Ltd.
Telephone: +359 2 975 16 16
Fax: +359 2 975 34 36
Mobile: +359 888 610 048
www.neterra.net http://www.neterra.net


On 02/13/2014 05:13 PM, Kevin Falcone wrote:

On Thu, Feb 13, 2014 at 04:47:42PM +0200, Yavor Marinov wrote:

I've manage to solve this with [1]RT-Interface-Email-Filter-CheckMessageId 
extension.

I'm glad that this fixed your issues, however for the archives, RT
works just fine and has for years with the subject tag (the [XX]
part) being anywhere in the subject.

Usually this points to a misconfiguration in RT's rtname, the regexp
that understands it or Queue level subject tags.  But since you didn't
provide enough information about that, we can't even guess.

-kevin


On 02/13/2014 12:29 PM, Yavor Marinov wrote:

  Hello,

  i have the following configs for getmail:

  create a ticket to address [2]requ...@company.com:
  arguments = (--url, [3]https://localhost;, --queue, Internal-IT, 
--action,
  correspond,)

  comment to a ticket to address [4]request-comm...@company.com:
  arguments = (--url, [5]https://localhost;, --queue, Internal-IT, 
--action,
  comment,)

  everything works as it should be, but the following is annoying our 
colleagues, and I need
  to fix it. So, if someone create a ticket via email, the ticket is 
getting into the queue
  correctly and the members of the group (responsible for the queue) are 
getting mail from RT
  with subject:

  [XX] Subject of the email which is send to corresponding email.

  Once anyone tried to reply via email (e.g. reply from their email client 
- subject changes
  to Re: [X] ) the reply isn't inserted in the correct ticket, but 
instead RT creates
  a new ticket with subject Re: [X].

  If they reply and remove the Re: and leave subject as in RT the comment 
is properly added
  to the ticket.
  Summed up - getmail and rt-mailgate are working properly - the only 
problem is the subject,
  and what should i modify in order RT to lookup into the Subject field even if 
Re: is
  supplied.




-- 
RT Training London, March 19-20 and Dallas May 20-21
http://bestpractical.com/training

[rt-users] rt-mailgate issue with postfix

2013-07-23 Thread Rajat toshniwal 

Hi Folks

We have just installed RT4.0.13 in our environment. Our foremost 
requirement is ticket creation via email. In our setup we already have 
postfix running on separate server.
On RT we are having exim which is acting as relay server and using 
postfix mail server as master.

Now I want to integrate my RT server with that mailbox.
In order to do that I installed rt-mailgate on my mail server and 
created below mentioned entries in /etc/aliases


*rt-database: |/opt/rt4/bin/rt-mailgate --queue database 
--action correspond --url http://rt.xyz.com/;
rt-database-comment: |/opt/rt4/bin/rt-mailgate --queue database 
--action comment --url http://rt.xyz.com/;

*
I have database queue configured on my RT box with the above mentioned 
email-address. I have also given create-ticket rights to everyone.
Both the email-ids rt-datab...@gml.com and rt-database-comm...@gml.com 
are configured on my AD.


But whenever i am trying to create ticket, I get the below mentioned 
error from mail.log


Jul 23 07:23:17 mail postfix/smtpd[7389]: connect from localhost[127.0.0.1]
Jul 23 07:23:17 mail postfix/smtpd[7389]: DC0DC45C61: 
client=localhost[127.0.0.1]
Jul 23 07:23:17 mail postfix/cleanup[7369]: DC0DC45C61: 
message-id=E1V1ag5-0001y3-Hu@dst-2
Jul 23 07:23:17 mail postfix/qmgr[5870]: DC0DC45C61: 
from=r...@gml.com, size=1448, nrcpt=1 (queue active)
Jul 23 07:23:17 mail postfix/smtpd[7389]: disconnect from 
localhost[127.0.0.1]
Jul 23 07:23:17 mail amavis[5064]: (05064-04) Passed CLEAN, 
[192.168.10.24] r...@gml.com - |/opt/rt4/bin/rt-mailgate --queue 
database --action correspond --url http://rt.tekmindz.com/@gml.com, 
Message-ID: E1V1ag5-0001y3-Hu@dst-2, mail_id: qXkzuLb1TZ4M, Hits: -1, 
size: 854, queued_as: DC0DC45C61, 28311 ms
Jul 23 07:23:17 mail postfix/smtp[7386]: 8553245C65: 
to=|/opt/rt4/bin/rt-mailgate --queue database --action correspond --url 
http://rt.tekmindz.com/@gml.com, relay=127.0.0.1[127.0.0.1]:10024, 
delay=28, delays=0.11/0.03/0.01/28, dsn=2.0.0, status=sent (250 2.0.0 
Ok, id=05064-04, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 
DC0DC45C61)

Jul 23 07:23:17 mail postfix/qmgr[5870]: 8553245C65: removed
Jul 23 07:23:18 mail postfix/virtual[7390]: DC0DC45C61: 
to=|/opt/rt4/bin/rt-mailgate --queue database --action correspond --url 
http://rt.tekmindz.com/@gml.com, relay=virtual, delay=0.17, 
delays=0.06/0.05/0/0.06, dsn=5.1.1, status=bounced (unknown user: 
|/opt/rt4/bin/rt-mailgate --queue database --action correspond --url 
http://rt.tekmindz.com/@gml.com;)
Jul 23 07:23:18 mail postfix/cleanup[7369]: 106A845C64: 
message-id=20130723112318.106a845...@mail.gml.com
Jul 23 07:23:18 mail postfix/qmgr[5870]: 106A845C64: from=, size=3673, 
nrcpt=1 (queue active)
Jul 23 07:23:18 mail postfix/bounce[7391]: DC0DC45C61: sender 
non-delivery notification: 106A845C64

Jul 23 07:23:18 mail postfix/qmgr[5870]: DC0DC45C61: removed
Jul 23 07:23:18 mail postfix/virtual[7390]: 106A845C64: 
to=r...@gml.com, relay=virtual, delay=0.12, delays=0.06/0.01/0/0.05, 
dsn=2.0.0, status=sent (delivered to maildir)

Jul 23 07:23:18 mail postfix/qmgr[5870]: 106A845C64: removed
Jul 23 07:24:29 mail postfix/smtpd[7363]: idle timeout -- exiting

Actually whole rt-mailgate entry is treated like a user. Right now i am 
clueless about what to do.

Kindly help me in troubleshooting this issue.

Regards



--
Disclaimer: The information contained in this communication is confidential, 
private, proprietary, or otherwise privileged and is intended only for the use 
of the addressee. Unauthorized use, disclosure, distribution or copying is 
strictly prohibited and may be unlawful. If you have received this 
communication in error, please delete this message and notify the sender 
immediately - Samin TekMindz India Pvt. Ltd.
--

Re: [rt-users] rt-mailgate issue with postfix

2013-07-23 Thread Tim Wiley 

On 07/23/2013 04:53 AM, Rajat toshniwal wrote:

Hi Folks

We have just installed RT4.0.13 in our environment. Our foremost
requirement is ticket creation via email. In our setup we already have
postfix running on separate server.
On RT we are having exim which is acting as relay server and using
postfix mail server as master.
Now I want to integrate my RT server with that mailbox.
In order to do that I installed rt-mailgate on my mail server and
created below mentioned entries in /etc/aliases

*rt-database: |/opt/rt4/bin/rt-mailgate --queue database
--action correspond --url http://rt.xyz.com/;
rt-database-comment: |/opt/rt4/bin/rt-mailgate --queue database
--action comment --url http://rt.xyz.com/;
*
I have database queue configured on my RT box with the above mentioned
email-address. I have also given create-ticket rights to everyone.
Both the email-ids rt-datab...@gml.com and rt-database-comm...@gml.com
are configured on my AD.

But whenever i am trying to create ticket, I get the below mentioned
error from mail.log

Jul 23 07:23:17 mail postfix/smtpd[7389]: connect from localhost[127.0.0.1]
Jul 23 07:23:17 mail postfix/smtpd[7389]: DC0DC45C61:
client=localhost[127.0.0.1]
Jul 23 07:23:17 mail postfix/cleanup[7369]: DC0DC45C61:
message-id=E1V1ag5-0001y3-Hu@dst-2
Jul 23 07:23:17 mail postfix/qmgr[5870]: DC0DC45C61:
from=r...@gml.com, size=1448, nrcpt=1 (queue active)
Jul 23 07:23:17 mail postfix/smtpd[7389]: disconnect from
localhost[127.0.0.1]
Jul 23 07:23:17 mail amavis[5064]: (05064-04) Passed CLEAN,
[192.168.10.24] r...@gml.com - |/opt/rt4/bin/rt-mailgate --queue
database --action correspond --url http://rt.tekmindz.com/@gml.com,
Message-ID: E1V1ag5-0001y3-Hu@dst-2, mail_id: qXkzuLb1TZ4M, Hits: -1,
size: 854, queued_as: DC0DC45C61, 28311 ms
Jul 23 07:23:17 mail postfix/smtp[7386]: 8553245C65:
to=|/opt/rt4/bin/rt-mailgate --queue database --action correspond --url
http://rt.tekmindz.com/@gml.com, relay=127.0.0.1[127.0.0.1]:10024,
delay=28, delays=0.11/0.03/0.01/28, dsn=2.0.0, status=sent (250 2.0.0
Ok, id=05064-04, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as
DC0DC45C61)
Jul 23 07:23:17 mail postfix/qmgr[5870]: 8553245C65: removed
Jul 23 07:23:18 mail postfix/virtual[7390]: DC0DC45C61:
to=|/opt/rt4/bin/rt-mailgate --queue database --action correspond --url
http://rt.tekmindz.com/@gml.com, relay=virtual, delay=0.17,
delays=0.06/0.05/0/0.06, dsn=5.1.1, status=bounced (unknown user:
|/opt/rt4/bin/rt-mailgate --queue database --action correspond --url
http://rt.tekmindz.com/@gml.com;)
Jul 23 07:23:18 mail postfix/cleanup[7369]: 106A845C64:
message-id=20130723112318.106a845...@mail.gml.com
Jul 23 07:23:18 mail postfix/qmgr[5870]: 106A845C64: from=, size=3673,
nrcpt=1 (queue active)
Jul 23 07:23:18 mail postfix/bounce[7391]: DC0DC45C61: sender
non-delivery notification: 106A845C64
Jul 23 07:23:18 mail postfix/qmgr[5870]: DC0DC45C61: removed
Jul 23 07:23:18 mail postfix/virtual[7390]: 106A845C64:
to=r...@gml.com, relay=virtual, delay=0.12, delays=0.06/0.01/0/0.05,
dsn=2.0.0, status=sent (delivered to maildir)
Jul 23 07:23:18 mail postfix/qmgr[5870]: 106A845C64: removed
Jul 23 07:24:29 mail postfix/smtpd[7363]: idle timeout -- exiting

Actually whole rt-mailgate entry is treated like a user. Right now i am
clueless about what to do.
Kindly help me in troubleshooting this issue.

Regards


You didn't post your exim.conf, so I'm pretty much stabbing in the dark, 
but my guess is a lack of address_pipe transport configuration.


That said, if your postfix machine is only used for routing to/from the 
RT machine, you may want to consider eliminating that machine  running 
postfix on your RT box.  And even if your postfix box is used for other 
things, you may want to consider using postfix on your RT box as well to 
eliminate the confusion of running 2 different MTAs.

Re: [rt-users] rt-mailgate Unknown encoding 'charset=utf-8'

2013-04-05 Thread Ruslan Zakirov 
This happens when email has encoding defined, but it's not correct value.
Newer versions convert such cases to application/octet-stream. Change is
in 4.0.9rc1.


On Fri, Apr 5, 2013 at 6:00 AM, charlyc...@yahoo.com.ar 
charlyc...@yahoo.com.ar wrote:

 Hi,

 I've been running rt-mailgate to download my emails and today I started
 getting this error message on the fetchmail log.

 RT server error.

 The RT server which handled your email did not behave as expected. It
 said:

 Unknown encoding 'charset=utf-8' at /data/rt4/sbin/../lib/RT/I18N.pm
 line 542.

 Stack:
   [/usr/local/share/perl5/Carp.pm:100]
   [/usr/local/lib64/perl5/Encode.pm:188]
   [/data/rt4/sbin/../lib/RT/I18N.pm:542]
   [/data/rt4/sbin/../lib/RT/I18N.pm:214]
   [/data/rt4/sbin/../lib/RT/I18N.pm:210]
   [/data/rt4/sbin/../lib/RT/EmailParser.pm:282]
   [/data/rt4/sbin/../lib/RT/Interface/Email.pm:1433]
   [/data/rt4/share/html/REST/1.0/NoAuth/mail-gateway:61]



 This is my configuration on the RT_Config.pm:

 Set(@EmailInputEncodings, qw(utf-8 iso-8859-1 us-ascii));


 There is no configuration for this parameter on the RT_SiteConfig.pm.

 RT Version: 4.0.8


 Do you know why this might happen?

 Thank you, Charly




-- 
Best regards, Ruslan.

Re: [rt-users] rt-mailgate Unknown encoding 'charset=utf-8'

2013-04-05 Thread charlyc...@yahoo.com.ar 
Thank you for your answer.

1. Do you know if the tickets are still created? I wanted to validate it but we 
receive hundreds of emails per hour and it's difficult for me to do follow up.

2. If I update to 4.0.10 this will be solved?

Thank you for your help.





 De: Ruslan Zakirov r...@bestpractical.com
Para: charlyc...@yahoo.com.ar charlyc...@yahoo.com.ar 
CC: rt-users@lists.bestpractical.com rt-users@lists.bestpractical.com 
Enviado: viernes, 5 de abril de 2013 5:04
Asunto: Re: [rt-users] rt-mailgate Unknown encoding 'charset=utf-8'
 

This happens when email has encoding defined, but it's not correct value. Newer 
versions convert such cases to application/octet-stream. Change is in 
4.0.9rc1.



On Fri, Apr 5, 2013 at 6:00 AM, charlyc...@yahoo.com.ar 
charlyc...@yahoo.com.ar wrote:

Hi,

I've been running rt-mailgate to download my emails and today I started 
getting this error message on the fetchmail log.

RT server error.

The RT server which handled your email did not behave as expected. It
said:

Unknown encoding 'charset=utf-8' at /data/rt4/sbin/../lib/RT/I18N.pm line 
542.

Stack:
  [/usr/local/share/perl5/Carp.pm:100]
  [/usr/local/lib64/perl5/Encode.pm:188]
  [/data/rt4/sbin/../lib/RT/I18N.pm:542]
  [/data/rt4/sbin/../lib/RT/I18N.pm:214]
  [/data/rt4/sbin/../lib/RT/I18N.pm:210]
  [/data/rt4/sbin/../lib/RT/EmailParser.pm:282]
  [/data/rt4/sbin/../lib/RT/Interface/Email.pm:1433]
  [/data/rt4/share/html/REST/1.0/NoAuth/mail-gateway:61]



This is my configuration on the RT_Config.pm:

    Set(@EmailInputEncodings, qw(utf-8 iso-8859-1 us-ascii));


There is no configuration for this parameter on the RT_SiteConfig.pm.

RT Version: 4.0.8


Do you know why this might happen?

Thank you, Charly




-- 
Best regards, Ruslan.

Re: [rt-users] rt-mailgate Unknown encoding 'charset=utf-8'

2013-04-05 Thread Ruslan Zakirov 
On Fri, Apr 5, 2013 at 4:25 PM, charlyc...@yahoo.com.ar 
charlyc...@yahoo.com.ar wrote:

 Thank you for your answer.

 1. Do you know if the tickets are still created? I wanted to validate it
 but we receive hundreds of emails per hour and it's difficult for me to do
 follow up.

 no, tickets are not created


 2. If I update to 4.0.10 this will be solved?


yes.



 Thank you for your help.


   --
 *De:* Ruslan Zakirov r...@bestpractical.com
 *Para:* charlyc...@yahoo.com.ar charlyc...@yahoo.com.ar
 *CC:* rt-users@lists.bestpractical.com rt-users@lists.bestpractical.com

 *Enviado:* viernes, 5 de abril de 2013 5:04
 *Asunto:* Re: [rt-users] rt-mailgate Unknown encoding 'charset=utf-8'

 This happens when email has encoding defined, but it's not correct value.
 Newer versions convert such cases to application/octet-stream. Change is
 in 4.0.9rc1.


 On Fri, Apr 5, 2013 at 6:00 AM, charlyc...@yahoo.com.ar 
 charlyc...@yahoo.com.ar wrote:

 Hi,

 I've been running rt-mailgate to download my emails and today I started
 getting this error message on the fetchmail log.

 RT server error.

 The RT server which handled your email did not behave as expected. It
 said:

 Unknown encoding 'charset=utf-8' at /data/rt4/sbin/../lib/RT/I18N.pm
 line 542.

 Stack:
   [/usr/local/share/perl5/Carp.pm:100]
   [/usr/local/lib64/perl5/Encode.pm:188]
   [/data/rt4/sbin/../lib/RT/I18N.pm:542]
   [/data/rt4/sbin/../lib/RT/I18N.pm:214]
   [/data/rt4/sbin/../lib/RT/I18N.pm:210]
   [/data/rt4/sbin/../lib/RT/EmailParser.pm:282]
   [/data/rt4/sbin/../lib/RT/Interface/Email.pm:1433]
   [/data/rt4/share/html/REST/1.0/NoAuth/mail-gateway:61]



 This is my configuration on the RT_Config.pm:

 Set(@EmailInputEncodings, qw(utf-8 iso-8859-1 us-ascii));


 There is no configuration for this parameter on the RT_SiteConfig.pm.

 RT Version: 4.0.8


 Do you know why this might happen?

 Thank you, Charly




 --
 Best regards, Ruslan.





-- 
Best regards, Ruslan.

[rt-users] rt-mailgate Unknown encoding 'charset=utf-8'

2013-04-04 Thread charlyc...@yahoo.com.ar 
Hi,

I've been running rt-mailgate to download my emails and today I started getting 
this error message on the fetchmail log.

RT server error.

The RT server which handled your email did not behave as expected. It
said:

Unknown encoding 'charset=utf-8' at /data/rt4/sbin/../lib/RT/I18N.pm line 542.

Stack:
  [/usr/local/share/perl5/Carp.pm:100]
  [/usr/local/lib64/perl5/Encode.pm:188]
  [/data/rt4/sbin/../lib/RT/I18N.pm:542]
  [/data/rt4/sbin/../lib/RT/I18N.pm:214]
  [/data/rt4/sbin/../lib/RT/I18N.pm:210]
  [/data/rt4/sbin/../lib/RT/EmailParser.pm:282]
  [/data/rt4/sbin/../lib/RT/Interface/Email.pm:1433]
  [/data/rt4/share/html/REST/1.0/NoAuth/mail-gateway:61]



This is my configuration on the RT_Config.pm:

    Set(@EmailInputEncodings, qw(utf-8 iso-8859-1 us-ascii));


There is no configuration for this parameter on the RT_SiteConfig.pm.

RT Version: 4.0.8


Do you know why this might happen?

Thank you, Charly

Re: [rt-users] rt-mailgate error 302 with WebExternalAuth and Apache OpenID module

2013-02-13 Thread Tim Wiley 

On 02/12/2013 08:00 PM, Thomas Klump wrote:

I’m working on implementing RT with OpenID. I started with a basic
installation of RT and I created some test tickets from within the webui
and via email. Everything worked great. I then started to implement
OpenID for authentication. I tried using the RT OpenID plugin but I was
never able to get that to work and there was very little documentation
out there about it. I then decided to install WebExternalAuth use the
Apache OpenID module for authentication. I was able to get this to work
and now the web interface works great. Unfortunately, now the
rt-mailgate is no longer working. When I email the queue the following
error is logged in the maillog:

Feb 13 03:17:03 sendmail[20134]: r1D3Gsht020130:
to=|/usr/local/rt/bin/rt-mailgate --queue 'Customer Service' --action
correspond --url http://rt.example.com/;,
ctladdr=customerserv...@rt.example.com
mailto:customerserv...@rt.example.com (8/0), delay=00:00:08,
xdelay=00:00:01, mailer=prog, pri=123857, dsn=4.0.0, stat=Deferred: prog
mailer (/usr/sbin/smrsh) exited with EX_TEMPFAIL

I then tried testing it from command line with the following results:

# (echo Subject: test; echo; echo test) |/usr/local/rt/bin/rt-mailgate
--queue 'Customer Service' --action correspond --url
http://rt.example.com --debug

/usr/local/rt/bin/rt-mailgate: temp file is '/tmp/b4OHJlWSwH/Kgebhr0hI2'

/usr/local/rt/bin/rt-mailgate: connecting to
http://rt.example.com/REST/1.0/NoAuth/mail-gateway

An Error Occurred

=

302 Found

/usr/local/rt/bin/rt-mailgate: undefined server error

I then switched back to normal authentication methods in my apache
virtualhost config and then rt-mailgate would process emails
successfully. Here is my apache vituralhost configuration that seems to
be the problem:

VirtualHost *:80

 # Optional apache logs for RT

 # ErrorLog /usr/local/rt/var/log/apache2.error

 # TransferLog /usr/local/rt/var/log/apache2.access

 # LogLevel debug

 AddDefaultCharset UTF-8

 DocumentRoot /usr/local/rt/share/html

 Location /

# If I comment out the section below and uncomment the two lines below
that everything works

 AuthType OpenID

 require valid-user

 AuthOpenIDTrusted ^http://www.example.com/$

 AuthOpenIDUseCookie On

 AuthOpenIDSingleIdP http://www.example.com

 AuthOpenIDTrustRoot http://rt.example.com

 AuthOpenIDCookieName rt_auth_cookie

 AuthOpenIDSecureCookie Off

#   Order allow,deny

#   Allow from all

 SetHandler modperl

 PerlResponseHandler Plack::Handler::Apache2

 PerlSetVar psgi_app /usr/local/rt/sbin/rt-server

 /Location

 Perl

 use Plack::Handler::Apache2;


Plack::Handler::Apache2-preload(/usr/local/rt/sbin/rt-server);

 /Perl

/VirtualHost

Thanks for any help on this issue.

Thomas Klump







I don't use RT in this way, but it sounds like you need to open up an 
area of RT for no authentication.  Take a look at the page below.  Note 
that it says it's out of date, so I may be way off here, but check out 
the part where it opens up /NoAuth.  You may have to play around with 
the location, as it looks like you're going through the REST API.



--
RT training in Amsterdam, March 20-21: 
http://bestpractical.com/services/training.html

Help improve RT by taking our user survey: 
https://www.surveymonkey.com/s/N23JW9T

Re: [rt-users] rt-mailgate error 302 with WebExternalAuth and Apache OpenID module

2013-02-13 Thread Tim Wiley 

On 02/13/2013 10:10 AM, Thomas Klump wrote:

Tim,

Thanks, adding a section to the virtualhost configuration for NoAuth having no 
authentication worked like a charm. The webpage I found the solution on is:

http://requesttracker.wikia.com/wiki/WebExternalAuth

Thanks,

Thomas


It's usually a good idea to also reply to the list so others know the 
eventual resolution.


Also...so much for responding to e-mail before coffee.  I absolutely 
intended on adding that link to my e-mail  didn't.  My apologies.  I'm 
glad you eventually found it  figure it out.



--
RT training in Amsterdam, March 20-21: 
http://bestpractical.com/services/training.html

Help improve RT by taking our user survey: 
https://www.surveymonkey.com/s/N23JW9T

Re: [rt-users] rt-mailgate error 302 with WebExternalAuth and Apache OpenID module

2013-02-13 Thread Thomas Klump 
Tim,

Thanks, adding a section to the virtualhost configuration for NoAuth having no 
authentication worked like a charm. The webpage I found the solution on is:

http://requesttracker.wikia.com/wiki/WebExternalAuth

and the snippet I added to my rc.conf was:

LocationMatch /NoAuth
Satisfy Any
Allow from all
/LocationMatch

Thanks,

Thomas

-Original Message-
From: rt-users-boun...@lists.bestpractical.com 
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Tim Wiley
Sent: Wednesday, February 13, 2013 7:28 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] rt-mailgate error 302 with WebExternalAuth and Apache 
OpenID module

On 02/12/2013 08:00 PM, Thomas Klump wrote:
 I'm working on implementing RT with OpenID. I started with a basic 
 installation of RT and I created some test tickets from within the 
 webui and via email. Everything worked great. I then started to 
 implement OpenID for authentication. I tried using the RT OpenID 
 plugin but I was never able to get that to work and there was very 
 little documentation out there about it. I then decided to install 
 WebExternalAuth use the Apache OpenID module for authentication. I was 
 able to get this to work and now the web interface works great.
 Unfortunately, now the rt-mailgate is no longer working. When I email 
 the queue the following error is logged in the maillog:

 Feb 13 03:17:03 sendmail[20134]: r1D3Gsht020130:
 to=|/usr/local/rt/bin/rt-mailgate --queue 'Customer Service' --action 
 correspond --url http://rt.example.com/;, 
 ctladdr=customerserv...@rt.example.com
 mailto:customerserv...@rt.example.com (8/0), delay=00:00:08, 
 xdelay=00:00:01, mailer=prog, pri=123857, dsn=4.0.0, stat=Deferred:
 prog mailer (/usr/sbin/smrsh) exited with EX_TEMPFAIL

 I then tried testing it from command line with the following results:

 # (echo Subject: test; echo; echo test) |/usr/local/rt/bin/rt-mailgate 
 --queue 'Customer Service' --action correspond --url 
 http://rt.example.com --debug

 /usr/local/rt/bin/rt-mailgate: temp file is '/tmp/b4OHJlWSwH/Kgebhr0hI2'

 /usr/local/rt/bin/rt-mailgate: connecting to 
 http://rt.example.com/REST/1.0/NoAuth/mail-gateway

 An Error Occurred

 =

 302 Found

 /usr/local/rt/bin/rt-mailgate: undefined server error

 I then switched back to normal authentication methods in my apache 
 virtualhost config and then rt-mailgate would process emails 
 successfully. Here is my apache vituralhost configuration that seems 
 to be the problem:

 VirtualHost *:80

  # Optional apache logs for RT

  # ErrorLog /usr/local/rt/var/log/apache2.error

  # TransferLog /usr/local/rt/var/log/apache2.access

  # LogLevel debug

  AddDefaultCharset UTF-8

  DocumentRoot /usr/local/rt/share/html

  Location /

 # If I comment out the section below and uncomment the two lines below 
 that everything works

  AuthType OpenID

  require valid-user

  AuthOpenIDTrusted ^http://www.example.com/$

  AuthOpenIDUseCookie On

  AuthOpenIDSingleIdP http://www.example.com

  AuthOpenIDTrustRoot http://rt.example.com

  AuthOpenIDCookieName rt_auth_cookie

  AuthOpenIDSecureCookie Off

 #   Order allow,deny

 #   Allow from all

  SetHandler modperl

  PerlResponseHandler Plack::Handler::Apache2

  PerlSetVar psgi_app /usr/local/rt/sbin/rt-server

  /Location

  Perl

  use Plack::Handler::Apache2;


 Plack::Handler::Apache2-preload(/usr/local/rt/sbin/rt-server);

  /Perl

 /VirtualHost

 Thanks for any help on this issue.

 Thomas Klump






I don't use RT in this way, but it sounds like you need to open up an area of 
RT for no authentication.  Take a look at the page below.  Note that it says 
it's out of date, so I may be way off here, but check out the part where it 
opens up /NoAuth.  You may have to play around with the location, as it looks 
like you're going through the REST API.


--
RT training in Amsterdam, March 20-21: 
http://bestpractical.com/services/training.html

Help improve RT by taking our user survey: 
https://www.surveymonkey.com/s/N23JW9T




-- 
RT training in Amsterdam, March 20-21: 
http://bestpractical.com/services/training.html

Help improve RT by taking our user survey: 
https://www.surveymonkey.com/s/N23JW9T

[rt-users] rt-mailgate error 302 with WebExternalAuth and Apache OpenID module

2013-02-12 Thread Thomas Klump 
I'm working on implementing RT with OpenID. I started with a basic installation 
of RT and I created some test tickets from within the webui and via email. 
Everything worked great. I then started to implement OpenID for authentication. 
I tried using the RT OpenID plugin but I was never able to get that to work and 
there was very little documentation out there about it. I then decided to 
install WebExternalAuth use the Apache OpenID module for authentication. I was 
able to get this to work and now the web interface works great. Unfortunately, 
now the rt-mailgate is no longer working. When I email the queue the following 
error is logged in the maillog:

Feb 13 03:17:03 sendmail[20134]: r1D3Gsht020130: 
to=|/usr/local/rt/bin/rt-mailgate --queue 'Customer Service' --action 
correspond --url http://rt.example.com/;, 
ctladdr=customerserv...@rt.example.commailto:customerserv...@rt.example.com 
(8/0), delay=00:00:08, xdelay=00:00:01, mailer=prog, pri=123857, dsn=4.0.0, 
stat=Deferred: prog mailer (/usr/sbin/smrsh) exited with EX_TEMPFAIL

I then tried testing it from command line with the following results:

# (echo Subject: test; echo; echo test) |/usr/local/rt/bin/rt-mailgate --queue 
'Customer Service' --action correspond --url http://rt.example.com --debug
/usr/local/rt/bin/rt-mailgate: temp file is '/tmp/b4OHJlWSwH/Kgebhr0hI2'
/usr/local/rt/bin/rt-mailgate: connecting to 
http://rt.example.com/REST/1.0/NoAuth/mail-gateway
An Error Occurred
=

302 Found

/usr/local/rt/bin/rt-mailgate: undefined server error

I then switched back to normal authentication methods in my apache virtualhost 
config and then rt-mailgate would process emails successfully. Here is my 
apache vituralhost configuration that seems to be the problem:

VirtualHost *:80
# Optional apache logs for RT
# ErrorLog /usr/local/rt/var/log/apache2.error
# TransferLog /usr/local/rt/var/log/apache2.access
# LogLevel debug

AddDefaultCharset UTF-8
DocumentRoot /usr/local/rt/share/html

Location /
# If I comment out the section below and uncomment the two lines below that 
everything works
AuthType OpenID
require valid-user
AuthOpenIDTrusted ^http://www.example.com/$
AuthOpenIDUseCookie On
AuthOpenIDSingleIdP http://www.example.com
AuthOpenIDTrustRoot http://rt.example.com
AuthOpenIDCookieName rt_auth_cookie
AuthOpenIDSecureCookie Off

#   Order allow,deny
#   Allow from all

SetHandler modperl
PerlResponseHandler Plack::Handler::Apache2
PerlSetVar psgi_app /usr/local/rt/sbin/rt-server
/Location
Perl
use Plack::Handler::Apache2;

Plack::Handler::Apache2-preload(/usr/local/rt/sbin/rt-server);
/Perl
/VirtualHost


Thanks for any help on this issue.

Thomas Klump


-- 
RT training in Amsterdam, March 20-21: 
http://bestpractical.com/services/training.html

Help improve RT by taking our user survey: 
https://www.surveymonkey.com/s/N23JW9T

[rt-users] rt-mailgate error 302 with WebExternalAuth and Apache OpenID module

2013-02-12 Thread Thomas Klump 
I'm working on implementing RT with OpenID. I started with a basic installation 
of RT and I created some test tickets from within the webui and via email. 
After everything was working I started to implement OpenID for authentication. 
I tried using the RT OpenID plugin but I was never able to get that to work and 
there was next to no documentation out there about it. I then decided to 
install WebExternalAuth use the Apache OpenID module for authentication. I was 
able to get this to work and now the web interface works great. Unfortunately, 
now the rt-mailgate is no longer working. When I email the queue the following 
error is logged in the maillog:

Feb 13 03:17:03 sendmail[20134]: r1D3Gsht020130: 
to=|/usr/local/rt/bin/rt-mailgate --queue 'Customer Service' --action 
correspond --url http://rt.example.com/;, 
ctladdr=customerserv...@rt.example.com (8/0), delay=00:00:08, 
xdelay=00:00:01, mailer=prog, pri=123857, dsn=4.0.0, stat=Deferred: prog mailer 
(/usr/sbin/smrsh) exited with EX_TEMPFAIL

I then tried testing it from command line with the following results:

# (echo Subject: test; echo; echo test) |/usr/local/rt/bin/rt-mailgate --queue 
'Customer Service' --action correspond --url http://rt.example.com --debug
/usr/local/rt/bin/rt-mailgate: temp file is '/tmp/b4OHJlWSwH/Kgebhr0hI2'
/usr/local/rt/bin/rt-mailgate: connecting to 
http://rt.example.com/REST/1.0/NoAuth/mail-gateway
An Error Occurred
=

302 Found

/usr/local/rt/bin/rt-mailgate: undefined server error

I then switched back to normal authentication methods in my apache virtualhost 
config and then rt-mailgate would process emails successfully. Here is my 
apache vituralhost configuration that is causing the errors:

VirtualHost *:80
# Optional apache logs for RT
# ErrorLog /usr/local/rt/var/log/apache2.error
# TransferLog /usr/local/rt/var/log/apache2.access
# LogLevel debug

AddDefaultCharset UTF-8
DocumentRoot /usr/local/rt/share/html

Location /
# If I comment out the section below and uncomment the two lines below that 
everything works
AuthType OpenID
require valid-user
AuthOpenIDTrusted ^http://www.example.com/$
AuthOpenIDUseCookie On
AuthOpenIDSingleIdP http://www.example.com
AuthOpenIDTrustRoot http://rt.example.com
AuthOpenIDCookieName rt_auth_cookie
AuthOpenIDSecureCookie Off

#   Order allow,deny
#   Allow from all

SetHandler modperl
PerlResponseHandler Plack::Handler::Apache2
PerlSetVar psgi_app /usr/local/rt/sbin/rt-server
/Location
Perl
use Plack::Handler::Apache2;

Plack::Handler::Apache2-preload(/usr/local/rt/sbin/rt-server);
/Perl
/VirtualHost


Thanks for any help on this issue.
Thomas Klump


-- 
RT training in Amsterdam, March 20-21: 
http://bestpractical.com/services/training.html

Help improve RT by taking our user survey: 
https://www.surveymonkey.com/s/N23JW9T

[rt-users] rt-mailgate and web based authentication

2013-01-16 Thread Thomas Misilo 
Hi,

I am switched from using LDAP to CAS for authentication, and now because it 
redirects to the login screen, mailgate isn't working. I was wondering if 
anyone had a workaround or solution to this?

Thanks,

Tom

Re: [rt-users] rt-mailgate and web based authentication

2013-01-16 Thread Martin Wheldon 

Hi Tom,

Sounds like you may missing a Location section from your apache config. 
Something like...


Location /REST/1.0/NoAuth
   Order Allow,Deny
   Allow from 127.0.0.1
/Location

Best Regards

Martin Wheldon

On 2013-01-16 16:38, Thomas  Misilo wrote:

Hi,

I am switched from using LDAP to CAS for authentication, and now
because it redirects to the login screen, mailgate isn't working. I
was wondering if anyone had a workaround or solution to this?

Thanks,

Tom

 !DSPAM:9,50f6cf2333231759512251!

[rt-users] rt-mailgate fallback

2012-12-04 Thread Albert Shih 
Hi,

I would like to known if they are any solution to have a fallback solution
about rt-mailgate with procmail.

Actually I've something like in the .procmailrc 

#
# Spam
#
:0: # spam
* ^X-Spam-Status: YES*
! humain.address

:0:
|/usr/bin/rt-mailgate --queue Support --action correspond --url 
https://ULR_OF_RT


the problem is sometime the RT website is down (power failure) and in that
case the mail is lost. 

How can I tell rt-mailgate (or procmail) to send the mail to humain.address 
only if the rt-mailgate failed

Regards.

JAS



-- 
Albert SHIH
DIO bâtiment 15
Observatoire de Paris
5 Place Jules Janssen
92195 Meudon Cedex
Téléphone : 01 45 07 76 26/06 86 69 95 71
xmpp: j...@obspm.fr
Heure local/Local time:
mar 4 déc 2012 10:08:17 CET

We're hiring! http://bestpractical.com/jobs

Re: [rt-users] rt-mailgate fallback

2012-12-04 Thread Jason A. Smith 
I think what you want to do is add a rule like this right below your 
pipe to rt-mailgate rule. This tells procmail to trap the error from the 
failed rt-mailgate delivery and retry later:


# If RT delivery failed, return it to the mail queue, the MTA
# will retry delivery later (75 is the value for EX_TEMPFAIL
# in /usr/include/sysexits.h):
:0 e
{ EXITCODE=75 HOST }



On 12/04/2012 04:12 AM, Albert Shih wrote:

Hi,

I would like to known if they are any solution to have a fallback solution
about rt-mailgate with procmail.

Actually I've something like in the .procmailrc

#
# Spam
#
:0: # spam
* ^X-Spam-Status: YES*
! humain.address

:0:
|/usr/bin/rt-mailgate --queue Support --action correspond --url 
https://ULR_OF_RT


the problem is sometime the RT website is down (power failure) and in that
case the mail is lost.

How can I tell rt-mailgate (or procmail) to send the mail to humain.address 
only if the rt-mailgate failed

Regards.

JAS






We're hiring! http://bestpractical.com/jobs

Re: [rt-users] rt-mailgate fallback

2012-12-04 Thread Thomas Sibley 
On 12/04/2012 01:12 AM, Albert Shih wrote:
   :0:
   |/usr/bin/rt-mailgate --queue Support --action correspond --url 
 https://ULR_OF_RT
 
 
 the problem is sometime the RT website is down (power failure) and in that
 case the mail is lost. 
 
 How can I tell rt-mailgate (or procmail) to send the mail to humain.address 
 only if the rt-mailgate failed

Your rt-mailgate procmail recipe should start with :0w not :0:  The w
indicates procmail should wait for rt-mailgate to return and use its
exit code.

We're hiring! http://bestpractical.com/jobs

[rt-users] rt-mailgate: undefined server error

2012-12-03 Thread Carlos Fuentes Bermejo 
Hiya folks,

Since a few days ago I'm having the following error:

rt-mailgate: connecting to http://xxx.xxx.xxx.xxx//REST/1.0/NoAuth/mail-gateway 
An Error Occurred =  500 read timeout  
/path/to/my/rt/bin/rt-mailgate: undefined server error

This is happening since I did migrate to RT 4.0.8, and not with all the 
incoming mail, just with mails which have attachments.

Any ideas??? I forgot something to configure???

Cheers,
Carlos
--
Carlos Fuentes Bermejo carlos.fuen...@rediris.es
Security Specialist - IRIS-CERT 
RedIRIS/Red.es
Tel: 91 212 76 20/25 Ext: 5583
www.rediris.es - http://www.rediris.es/cert
PGP key: http://www.rediris.es/keyserver






signature.asc
Description: Message signed with OpenPGP using GPGMail

We're hiring! http://bestpractical.com/jobs

Re: [rt-users] rt-mailgate: undefined server error

2012-12-03 Thread Thomas Sibley 
On 12/03/2012 01:27 AM, Carlos Fuentes Bermejo wrote:
 Hiya folks,
 
 Since a few days ago I'm having the following error:
 
 rt-mailgate: connecting to
 http://xxx.xxx.xxx.xxx//REST/1.0/NoAuth/mail-gateway An Error
 Occurred =  500 read timeout
 /path/to/my/rt/bin/rt-mailgate: undefined server error
 
 This is happening since I did migrate to RT 4.0.8, and not with all
 the incoming mail, just with mails which have attachments.
 
 Any ideas??? I forgot something to configure???

The error implies that rt-mailgate times out while waiting for a
response from the RT server.  Is there anything in your web server logs?

We're hiring! http://bestpractical.com/jobs

Re: [rt-users] rt-mailgate: undefined server error

2012-12-03 Thread Carlos Fuentes Bermejo 
Hi Thomas,

Nothing on the web server logs.

Cheers,
Carlos

El 03/12/2012, a las 19:53, Thomas Sibley escribió:

 On 12/03/2012 01:27 AM, Carlos Fuentes Bermejo wrote:
 Hiya folks,
 
 Since a few days ago I'm having the following error:
 
 rt-mailgate: connecting to
 http://xxx.xxx.xxx.xxx//REST/1.0/NoAuth/mail-gateway An Error
 Occurred =  500 read timeout
 /path/to/my/rt/bin/rt-mailgate: undefined server error
 
 This is happening since I did migrate to RT 4.0.8, and not with all
 the incoming mail, just with mails which have attachments.
 
 Any ideas??? I forgot something to configure???
 
 The error implies that rt-mailgate times out while waiting for a
 response from the RT server.  Is there anything in your web server logs?
 
 We're hiring! http://bestpractical.com/jobs

--
Carlos Fuentes Bermejo carlos.fuen...@rediris.es
Security Specialist - IRIS-CERT 
RedIRIS/Red.es
Tel: 91 212 76 20/25 Ext: 5583
www.rediris.es - http://www.rediris.es/cert
PGP key: http://www.rediris.es/keyserver





We're hiring! http://bestpractical.com/jobs

[rt-users] rt-mailgate problem - certificate verify failure ?

2012-08-21 Thread Ethier, Michael 
Hello,

The rt-mailgate program acts differently between v 3.8.8 and v 4.0.6. The v 
3.8.8 version works
fine using https, and even when I have v 4.0.6 running with the /etc/aliases 
point to the v 3.8.8 version of rtmailgate, email
get sent to the queue. But the v 4.0.6 version fails with certificate verify 
failed, output from mailq:

(temporary failure. Command output: An Error Occurred =  500 
Can't connect to testrt.rc.fas.harvard.edu:443 (certificate verify failed))
 r...@testrt.rc.fas.harvard.edu

Any ideas as to the verification of my RT/ssl setup,  on how to fix this ? 
Apparently the RT 4.0.6 is less forgiving about the ssl setup and config.
I ran RT configure with the --enable-ssl-mailgate option and installed all perl 
modules required with make fixdeps in RT 4.0.6.

Thanks,
Mike

This is in /etc/aliases:
# rt3
rt: |/opt/rt-3.8.8/bin/rt-mailgate --queue 'General' --action correspond --url 
https://testrt.rc.fas.harvard.edu/;
rt-comment: |/opt/rt-3.8.8/bin/rt-mailgate --queue 'General' --action comment 
--url https://testrt.rc.fas.harvard.edu/;

# rt4
#rt: |/opt/rt4/bin/rt-mailgate --queue 'General' --ca-file 
/etc/pki/tls/certs/ca-bundle.crt --action correspond --url 
https://testrt.rc.fas.harvard.edu/;
#rt-comment: |/opt/rt4/bin/rt-mailgate --queue 'General' --ca-file 
/etc/pki/tls/certs/ca-bundle.crt --action comment --url 
https://testrt.rc.fas.harvard.edu/;

Re: [rt-users] rt-mailgate problem - certificate verify failure ?

2012-08-21 Thread Martin Drasar 
On 21.8.2012 15:59, Ethier, Michael wrote:
 Hello,
 
  
 
 The rt-mailgate program acts differently between v 3.8.8 and v 4.0.6.
 The v 3.8.8 version works
 
 fine using https, and even when I have v 4.0.6 running with the
 /etc/aliases point to the v 3.8.8 version of rtmailgate, email
 
 get sent to the queue. But the v 4.0.6 version fails with certificate
 verify failed, output from mailq:
 
  
 
 (temporary failure. Command output: An Error Occurred = 
 500 Can't connect to testrt.rc.fas.harvard.edu:443 (certificate verify
 failed))
 
  r...@testrt.rc.fas.harvard.edu
 
  
 
 Any ideas as to the verification of my RT/ssl setup,  on how to fix this
 ? Apparently the RT 4.0.6 is less forgiving about the ssl setup and config.
 
 I ran RT configure with the --enable-ssl-mailgate option and installed
 all perl modules required with “make fixdeps” in RT 4.0.6.
 
  
 
 Thanks,
 
 Mike
 
  
 
 This is in /etc/aliases:
 
 # rt3
 
 rt: |/opt/rt-3.8.8/bin/rt-mailgate --queue 'General' --action
 correspond --url https://testrt.rc.fas.harvard.edu/;
 
 rt-comment: |/opt/rt-3.8.8/bin/rt-mailgate --queue 'General' --action
 comment --url https://testrt.rc.fas.harvard.edu/;
 
  
 
 # rt4
 
 #rt: |/opt/rt4/bin/rt-mailgate --queue 'General' --ca-file
 /etc/pki/tls/certs/ca-bundle.crt --action correspond --url
 https://testrt.rc.fas.harvard.edu/;
 
 #rt-comment: |/opt/rt4/bin/rt-mailgate --queue 'General' --ca-file
 /etc/pki/tls/certs/ca-bundle.crt --action comment --url
 https://testrt.rc.fas.harvard.edu/;
 

Hi Mike,

add this option to your aliases if you want to bypass certificate
validation: --no-verify-ssl

So your rt entry in /etc/aliases would look like this:

#rt: |/opt/rt4/bin/rt-mailgate --queue 'General' --ca-file
/etc/pki/tls/certs/ca-bundle.crt --action correspond --url
https://testrt.rc.fas.harvard.edu/ --no-verify-ssl

Martin

Re: [rt-users] rt-mailgate problem - certificate verify failure ?

2012-08-21 Thread Ethier, Michael 
Hi Martin,

Thanks for the suggestion but if I enable --no-ssl I will be creating a security
vulnerability no ?

Thanks,
Mike

-Original Message-
From: rt-users-boun...@lists.bestpractical.com 
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Martin Drasar
Sent: Tuesday, August 21, 2012 10:11 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] rt-mailgate problem - certificate verify failure ?

On 21.8.2012 15:59, Ethier, Michael wrote:
 Hello,
 
  
 
 The rt-mailgate program acts differently between v 3.8.8 and v 4.0.6.
 The v 3.8.8 version works
 
 fine using https, and even when I have v 4.0.6 running with the 
 /etc/aliases point to the v 3.8.8 version of rtmailgate, email
 
 get sent to the queue. But the v 4.0.6 version fails with certificate 
 verify failed, output from mailq:
 
  
 
 (temporary failure. Command output: An Error Occurred 
 =
 500 Can't connect to testrt.rc.fas.harvard.edu:443 (certificate verify
 failed))
 
  r...@testrt.rc.fas.harvard.edu
 
  
 
 Any ideas as to the verification of my RT/ssl setup,  on how to fix 
 this ? Apparently the RT 4.0.6 is less forgiving about the ssl setup and 
 config.
 
 I ran RT configure with the --enable-ssl-mailgate option and installed 
 all perl modules required with make fixdeps in RT 4.0.6.
 
  
 
 Thanks,
 
 Mike
 
  
 
 This is in /etc/aliases:
 
 # rt3
 
 rt: |/opt/rt-3.8.8/bin/rt-mailgate --queue 'General' --action 
 correspond --url https://testrt.rc.fas.harvard.edu/;
 
 rt-comment: |/opt/rt-3.8.8/bin/rt-mailgate --queue 'General' --action 
 comment --url https://testrt.rc.fas.harvard.edu/;
 
  
 
 # rt4
 
 #rt: |/opt/rt4/bin/rt-mailgate --queue 'General' --ca-file 
 /etc/pki/tls/certs/ca-bundle.crt --action correspond --url 
 https://testrt.rc.fas.harvard.edu/;
 
 #rt-comment: |/opt/rt4/bin/rt-mailgate --queue 'General' --ca-file 
 /etc/pki/tls/certs/ca-bundle.crt --action comment --url 
 https://testrt.rc.fas.harvard.edu/;
 

Hi Mike,

add this option to your aliases if you want to bypass certificate
validation: --no-verify-ssl

So your rt entry in /etc/aliases would look like this:

#rt: |/opt/rt4/bin/rt-mailgate --queue 'General' --ca-file 
/etc/pki/tls/certs/ca-bundle.crt --action correspond --url 
https://testrt.rc.fas.harvard.edu/ --no-verify-ssl

Martin

Re: [rt-users] rt-mailgate problem - certificate verify failure ?

2012-08-21 Thread Martin Drasar 
On 21.8.2012 16:16, Ethier, Michael wrote:
 Hi Martin,
 
 Thanks for the suggestion but if I enable --no-ssl I will be creating a 
 security
 vulnerability no ?
 
 Thanks,
 Mike

Hi,

that's for sure. This was a suggestion for a development machine (the
name testrt.rc.fas.harvard.edu suggest that it is).

If you want to avoid this step then you have to have a valid certificate
for testrt.rc.fas.harvard.edu signed by a certificate authority that is
in the ca bundle you are passing to rt-mailgate.

Martin

Re: [rt-users] rt-mailgate problem - certificate verify failure ?

2012-08-21 Thread Thomas Sibley 
On 08/21/2012 08:03 AM, Martin Drasar wrote:
 If you want to avoid this step then you have to have a valid certificate
 for testrt.rc.fas.harvard.edu signed by a certificate authority that is
 in the ca bundle you are passing to rt-mailgate.

Martin's referring to the --ca-file argument you can pass.

You can also simply make sure to put your CA root cert used for signing
into /etc/ssl/certs/ or your system's equivalent.

See `perldoc bin/rt-mailgate` for more info.

Re: [rt-users] rt-mailgate 302 Error. No, not Plack.

2012-03-15 Thread Jourdan Perla 
Using 3.8 since there are no RT4 packages for Ubuntu 10.4 LTS. Attempts to 
manually install RT4 on Lucid would result in a whole 'nother ticket. Plan was 
to run 3.8 for now, then migrate to 4 on 12 this winter once things had settled 
down here.

No https redirects going on. I am using CAS Authentication (via mod_auth_cas) 
for the main site.


Apache httpd.conf
LoadFile /usr/lib/libcurl.so
LoadModule auth_cas_module /usr/lib/apache2/modules/mod_auth_cas.so
IfModule mod_auth_cas.c
CASLoginURL https://cas.myserver.com/cas/login
CASValidateURL https://cas.myserver.com/cas/serviceValidate
CASCertificatePath /etc/ssl/certs/my_cas_bundle.pem
CASCookiePath /var/cache/apache2/mod_auth_cas/
CASSSOEnabled On
CASValidateServer On
CASDebug Off
/IfModule

Directory /usr/share/request-tracker3.8/html/
 IfModule mod_auth_cas.c
   AuthType CAS
   AuthName  CAS
 /IfModule
   Require valid-user
/Directory
Directory /usr/share/request-tracker3.8/html/NoAuth/*
   AllowOverRide None
   Satisfy Any
/Directory
Directory /usr/share/request-tracker3.8/html/REST/1.0/NoAuth/*
   AllowOverRide None
   Allow from all
   Satisfy Any
/Directory
Location /NoAuth/*
   Order allow,deny
   Allow from all
   Satisfy Any
/Location
Location /REST/1.0/NoAuth/*
   Order allow,deny
   Allow from all
   Satisfy Any
/Location
LocationMatch /NoAuth
Satisfy Any
Allow from all
/LocationMatch

-Original Message-
From: rt-users-boun...@lists.bestpractical.com 
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Kevin Falcone
Sent: Wednesday, March 14, 2012 4:49 PM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] rt-mailgate 302 Error. No, not Plack.

On Wed, Mar 14, 2012 at 09:43:47PM +, Jourdan Perla wrote:
 
 An Error Occurred
 =
 
 302 Found
 
 /usr/bin/rt-mailgate: undefined server error

This is Apache issuing a 302 before it gets to RT

 Grep all my logs for what happens at the same time and
 apache2/access.log:
 rt.myserver.com - - [14/Mar/2012:14:05:33 -0700] POST 
 /rt/REST/1.0/NoAuth/mail-gateway HTTP/1.1 302 715 - libwww-perl/6.04
 
 I've got the following in my httpd.conf
 
 Directory /usr/share/request-tracker3.8/html/NoAuth/*
AllowOverRide None
Satisfy Any
 /Directory
 Directory /usr/share/request-tracker3.8/html/REST/1.0/NoAuth/*
AllowOverRide None
Allow from all
Satisfy Any
 /Directory
 Location /rt/NoAuth/
Order allow,deny
Allow from all
Satisfy Any
 /Location
 Location /rt/REST/1.0/NoAuth/
Order allow,deny
Allow from all
Satisfy Any
 /Location

What else do you have in apache.  Are you redirecting from http to https?  
Since you're using the debian packages, what else is going on there.  Also, 
this is where I feel compelled to ask why you're using
3.8 rather than 4.0 for a new install.

-kevin

Re: [rt-users] rt-mailgate 302 Error. No, not Plack.

2012-03-15 Thread Tim Cutts 

On 15 Mar 2012, at 17:44, Jourdan Perla wrote:

 Using 3.8 since there are no RT4 packages for Ubuntu 10.4 LTS. Attempts to 
 manually install RT4 on Lucid would result in a whole 'nother ticket.

I'm running 4.0.5 on Lucid.  Wasn't really a problem; I just don't use the 
packaged version and let 'make fixdeps' do its thing.  As you say though, 
waiting for 12.04 to come out is probably sensible, since Dominic *has* 
packaged rt4 more recently.

At one point I went to the effort of using dh-make-perl to update perl module 
packages to versions that RT needed, but for my 4.0.5 deployment I just thought 
sod it and took the fixdeps route.

The really hard bit actually was getting SphinxSE to work with the 
lucid-supplied MySQL server. *that* was painful, and I think if I were doing it 
again, I wouldn't use the packaged MySQL server either.  Actually, if I were 
really starting again I wouldn't use MySQL at all.

It's the Siren of databases, seducing you in with its lovely songs and apparent 
ease of use, and then smashing you to pieces on the rocks. :-/

Tim

--
 The Wellcome Trust Sanger Institute is operated by Genome Research
 Limited, a charity registered in England with number 1021457 and a
 company registered in England with number 2742969, whose registered
 office is 215 Euston Road, London, NW1 2BE.

Re: [rt-users] rt-mailgate 302 Error. No, not Plack.

2012-03-14 Thread Jourdan Perla 

 Please - keep list replies on the list.

Sorry, will do.

Thought I had this licked, but now as I build a *clean* production image, I'm 
running into the same error again..

$ cat mbox | /usr/bin/rt-mailgate --queue general --action correspond --url 
http://rt.myserver.com /rt -debug
/usr/bin/rt-mailgate: temp file is '/tmp/Dm_pceG62x'
/usr/bin/rt-mailgate: connecting to 
http://rt.myserver.com/rt/REST/1.0/NoAuth/mail-gateway
An Error Occurred
=

302 Found

/usr/bin/rt-mailgate: undefined server error

Grep all my logs for what happens at the same time and
apache2/access.log:
rt.myserver.com - - [14/Mar/2012:14:05:33 -0700] POST 
/rt/REST/1.0/NoAuth/mail-gateway HTTP/1.1 302 715 - libwww-perl/6.04
mail.info:
Mar 14 14:05:33 RT-PROD-SVR postfix/qmgr[4393]: 17286120B94: 
from=mym...@mycompany.com, size=7604, nrcpt=1 (queue active)
mail.info:
Mar 14 14:05:33 RT-PROD-SVR postfix/local[29538]: 88DCB1207CF: 
to=qu...@rt.myserver.com, relay=local, delay=81689, delays=81689/0.01/0/0.31, 
dsn=4.3.0, status=deferred (temporary failure. Command output: 
/usr/bin/rt-mailgate: temp file is '/tmp/3JQL31W2oY' /usr/bin/rt-mailgate: 
connecting to http://rt.myserver.com/REST/1.0/NoAuth/mail-gateway An Error 
Occurred =  302 Found  /usr/bin/rt-mailgate: undefined server 
error )

rt3.log shows nothing but:
[Wed Mar 14 15:56:08 2012] [error]: gpg: error reading key: secret key not 
available (/usr/share/request-tracker3.8/lib/RT/Crypt/GnuPG.pm:2078)
Which is from earlier.

/etc/aliases:
# See man 5 aliases for format
postmaster:myroot
help:  |/usr/bin/rt-mailgate --queue general --action correspond --url 
http://rt.myserver.com/rt -debug
comment: |/usr/bin/rt-mailgate --queue general --action comment --url 
http://rt.myserver.com/rt -debug


I've got the following in my httpd.conf

Directory /usr/share/request-tracker3.8/html/NoAuth/*
   AllowOverRide None
   Satisfy Any
/Directory
Directory /usr/share/request-tracker3.8/html/REST/1.0/NoAuth/*
   AllowOverRide None
   Allow from all
   Satisfy Any
/Directory
Location /rt/NoAuth/
   Order allow,deny
   Allow from all
   Satisfy Any
/Location
Location /rt/REST/1.0/NoAuth/
   Order allow,deny
   Allow from all
   Satisfy Any
/Location

Logging options in RT_SiteConfig.d
## Logging Options
# From lowest to highest priority, the levels are:
#  debug info notice warning error critical alert emergency
Set($LogToSyslog, 'info');
Set($LogToScreen, 'warning');
# log to /var/log/rt3.log
Set($LogToFile, 'debug');
Set($LogDir, '/var/log');
Set($LogToFileNamed , rt3.log);


On Fri, Feb 24, 2012 at 10:24:52PM +, Jourdan Perla wrote:
 Fixed it. I was missing an Auth exclusion for the /REST/1.0/NoAuth 
 directory
 
 As for the RT logs, can't find them. And can't find out where they're 
 configured.

Search in RT_Config.pm for the various Log config options and check their 
documentation.  Then see what you have in your RT_SiteConfig.pm

-kevin

 
 On 2/24/12 2:15 PM, Kevin Falcone falc...@bestpractical.com wrote:
 
 On Fri, Feb 24, 2012 at 08:54:00PM +, Jourdan Perla wrote:
 Install of RT3.8 on Ubuntu 10.4 LTS.
 I'm getting that pesky 302 Found error as I'm trying to push 
 mail into my queues using
 rt-mailqueue.
 I've done the usual Googling and wiki hunts, and I've run out of 
 options.
 - Aliases are working fine, it's a rt-mailgate error.
 - Plack is up to date (0.9985).
 - There's no extra '/'. It's finding rt-mailgate fine.
 - Not configured for SSL. That's on my to-do list, and if I need 
 to bump that up, I will.
 Command : /usr/bin/rt-mailgate --queue myqueue --action 
 correspond --url
 http://myserver.com/rt -debug  test.msg
 Output:
 /usr/bin/rt-mailgate: temp file is '/tmp/TykSIIvN17'
 /usr/bin/rt-mailgate: connecting to 
 http://myserver.com/rt/REST/1.0/NoAuth/mail-gateway
 An Error Occurred
 =
 302 Found
 /usr/bin/rt-mailgate: undefined server error
 Thoughts?
 
 What's in the RT logs.
 
 What's your test.msg.
 
 Also, Plack is only used in RT4
 
 -kevin
 
 RT Training Sessions 
 (http://bestpractical.com/services/training.html)
 * Boston — March 5  6, 2012

Re: [rt-users] rt-mailgate 302 Error. No, not Plack.

2012-03-14 Thread Kevin Falcone 
On Wed, Mar 14, 2012 at 09:43:47PM +, Jourdan Perla wrote:
 
 An Error Occurred
 =
 
 302 Found
 
 /usr/bin/rt-mailgate: undefined server error

This is Apache issuing a 302 before it gets to RT

 Grep all my logs for what happens at the same time and
 apache2/access.log:
 rt.myserver.com - - [14/Mar/2012:14:05:33 -0700] POST 
 /rt/REST/1.0/NoAuth/mail-gateway HTTP/1.1 302 715 - libwww-perl/6.04
 
 I've got the following in my httpd.conf
 
 Directory /usr/share/request-tracker3.8/html/NoAuth/*
AllowOverRide None
Satisfy Any
 /Directory
 Directory /usr/share/request-tracker3.8/html/REST/1.0/NoAuth/*
AllowOverRide None
Allow from all
Satisfy Any
 /Directory
 Location /rt/NoAuth/
Order allow,deny
Allow from all
Satisfy Any
 /Location
 Location /rt/REST/1.0/NoAuth/
Order allow,deny
Allow from all
Satisfy Any
 /Location

What else do you have in apache.  Are you redirecting from http to
https?  Since you're using the debian packages, what else is going on
there.  Also, this is where I feel compelled to ask why you're using
3.8 rather than 4.0 for a new install.

-kevin


pgp3svR3MHFCf.pgp
Description: PGP signature

Re: [rt-users] rt-mailgate 302 Error. No, not Plack.

2012-03-02 Thread Kevin Falcone 
Please - keep list replies on the list.

On Fri, Feb 24, 2012 at 10:24:52PM +, Jourdan Perla wrote:
 Fixed it. I was missing an Auth exclusion for the /REST/1.0/NoAuth
 directory 
 
 As for the RT logs, can't find them. And can't find out where they're
 configured.

Search in RT_Config.pm for the various Log config options and check
their documentation.  Then see what you have in your RT_SiteConfig.pm

-kevin

 
 On 2/24/12 2:15 PM, Kevin Falcone falc...@bestpractical.com wrote:
 
 On Fri, Feb 24, 2012 at 08:54:00PM +, Jourdan Perla wrote:
 Install of RT3.8 on Ubuntu 10.4 LTS.
 I'm getting that pesky 302 Found error as I'm trying to push mail
 into my queues using
 rt-mailqueue.
 I've done the usual Googling and wiki hunts, and I've run out of
 options.
 - Aliases are working fine, it's a rt-mailgate error.
 - Plack is up to date (0.9985).
 - There's no extra '/'. It's finding rt-mailgate fine.
 - Not configured for SSL. That's on my to-do list, and if I need to
 bump that up, I will.
 Command : /usr/bin/rt-mailgate --queue myqueue --action correspond
 --url
 http://myserver.com/rt -debug  test.msg
 Output:
 /usr/bin/rt-mailgate: temp file is '/tmp/TykSIIvN17'
 /usr/bin/rt-mailgate: connecting to
 http://myserver.com/rt/REST/1.0/NoAuth/mail-gateway
 An Error Occurred
 =
 302 Found
 /usr/bin/rt-mailgate: undefined server error
 Thoughts?
 
 What's in the RT logs.
 
 What's your test.msg.
 
 Also, Plack is only used in RT4
 
 -kevin
 
 RT Training Sessions (http://bestpractical.com/services/training.html)
 * Boston — March 5  6, 2012
 


pgp6lmZa2VEc3.pgp
Description: PGP signature

RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston — March 5  6, 2012

[rt-users] rt-mailgate 302 Error. No, not Plack.

2012-02-24 Thread Jourdan Perla 
Install of RT3.8 on Ubuntu 10.4 LTS.

I'm getting that pesky 302 Found error as I'm trying to push mail into my 
queues using rt-mailqueue.

I've done the usual Googling and wiki hunts, and I've run out of options.
- Aliases are working fine, it's a rt-mailgate error.
- Plack is up to date (0.9985).
- There's no extra '/'. It's finding rt-mailgate fine.
- Not configured for SSL. That's on my to-do list, and if I need to bump that 
up, I will.

Command : /usr/bin/rt-mailgate --queue myqueue --action correspond --url 
http://myserver.com/rt -debug  test.msg
Output:
/usr/bin/rt-mailgate: temp file is '/tmp/TykSIIvN17'
/usr/bin/rt-mailgate: connecting to 
http://myserver.com/rt/REST/1.0/NoAuth/mail-gateway
An Error Occurred
=

302 Found

/usr/bin/rt-mailgate: undefined server error

Thoughts?

RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston — March 5  6, 2012

Re: [rt-users] rt-mailgate 302 Error. No, not Plack.

2012-02-24 Thread Kevin Falcone 
On Fri, Feb 24, 2012 at 08:54:00PM +, Jourdan Perla wrote:
Install of RT3.8 on Ubuntu 10.4 LTS.
I'm getting that pesky 302 Found error as I'm trying to push mail into 
 my queues using
rt-mailqueue.
I've done the usual Googling and wiki hunts, and I've run out of options.
- Aliases are working fine, it's a rt-mailgate error.
- Plack is up to date (0.9985).
- There's no extra '/'. It's finding rt-mailgate fine.
- Not configured for SSL. That's on my to-do list, and if I need to bump 
 that up, I will.
Command : /usr/bin/rt-mailgate --queue myqueue --action correspond --url
http://myserver.com/rt -debug  test.msg
Output:
/usr/bin/rt-mailgate: temp file is '/tmp/TykSIIvN17'
/usr/bin/rt-mailgate: connecting to 
 http://myserver.com/rt/REST/1.0/NoAuth/mail-gateway
An Error Occurred
=
302 Found
/usr/bin/rt-mailgate: undefined server error
Thoughts?

What's in the RT logs.

What's your test.msg.

Also, Plack is only used in RT4

-kevin


pgpSqpmOCG7a2.pgp
Description: PGP signature

RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston — March 5  6, 2012

Re: [rt-users] rt-mailgate

2012-01-26 Thread jim . h . berry 
Hi

We let Apache authenticate under SSL but had problems with rt-mailgate. 
Our work around was to configure httpd.conf as below so that rt-mailgate 
could operate under port 80. No doubt there are better ways, but this is 
working for us.

### Force SSL for RT except the NoAuth and REST directories

Location /rt4/NoAuth/
   Order allow,deny
   Allow from all
   Satisfy Any
 /Location
 Location /rt4/REST/1.0/NoAuth/
   Order allow,deny
   Allow from all
   Satisfy Any
 /Location

LocationMatch ^/rt4/($|[^NR])
  SSLRequireSSL
  AuthType [...]
   Require valid-user
/LocationMatch

-- 
Jim Berry
RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston — March 5  6, 2012

Re: [rt-users] rt-mailgate

2012-01-24 Thread Robert Nesius 
On Mon, Jan 23, 2012 at 2:38 PM, Allen allen+rtl...@crystalfontz.comwrote:

 Landon wrote:

 We simply use mod_rewrite to redirect everyone *except* the server itself
 to https.  This way when rt-mailgate calls http://rt.ourdomain/com it is
 not forced to use https while everyone else is.


Landon - thank you for sharing those config lines.  I had debated exactly
that approach but had not dug into the mod-rewrite docs far enough to get
that line on my own.  Though - as I look at it - pretty simple regular
expression. :)   Thanks again!

Thanks. That is an easy, maintainable solution until the next version of
 rt-mailgate that will let us specify the cert path, or until OpenSSL 1.x
 gets it's act together with LWP.


 But doesn't work for me. I solved some kind of mod-perl/apache
 redeclaration or some such problem (either spamming the logs or making
 apache not start -- cant remember which) that I solved by removing all RT
 apache configuration under regular http and just having the redirect to
 SSL. The SSL virtualhost container has the RT configs in it.


One other thought crossed my mind reading your earlier comments about
getting the environment variable into LWP::UserAgent via fetchmail configs.
 I think export VAR=VALUE is bash-specific syntax.  If the fetchmailrc
file is being read by /bin/sh, or bash running in /bin/sh compatibility
mode, that syntax could cause a problem.You might try this:  VAR=VALUE
/opt/rt4/bin/rt-mailgate ... .   That syntax works for me via my aliases
file and is what I use in crontabs too.  I did see you use that syntax with
the env command - I've never tried that before myself but I've never needed
it either.

-Rob

RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston — March 5  6, 2012

Re: [rt-users] rt-mailgate

2012-01-23 Thread Thomas Sibley 
On 01/20/2012 02:38 PM, Robert Nesius wrote:
 I figured out a work around for this issue.  I was suspicious that
 LWP::UserAgent could not reach the cert for the CA that signed the cert
 being presented by the web server.  I learned there are some environment
 variables that I can leverage to influence where LWP::UserAgent looks
 even though it's being invoked down inside a program I don't want to
 touch.   Adding my /etc/ssl/certs directory to the list of directories
 examined for certs solved the problem.  

For what it's worth, the next release of RT will include a --ca-file
option you can use to specify the specific cert.  It's equivalent to
setting PERL_LWP_SSL_CA_FILE.

 *root@linux:/opt/rt4/bin# *export PERL_LWP_SSL_CA_PATH=/etc/ssl/certs

If you'd like to submit a simple patch to rt-mailgate that also adds
support for --ca-path, I'm sure we'd apply it.

I do wonder why the OpenSSL library underlying the Perl library isn't
finding your cert in /etc/ssl/certs like I'd expect it to.

Thomas

RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston  March 5  6, 2012

Re: [rt-users] rt-mailgate

2012-01-23 Thread Allen 
I tried several things to get the cert path into the environment for LWP,
none worked:

1. Adding this to /etc/fetchmailrc

   mda env PERL_LWP_SSL_CA_PATH=/etc/ssl/certs /usr/bin/rt-mailgate-4 ...

does NOT work to get the right cert to LWP through the environment:

root@web0:/etc# service fetchmail start
* Starting mail retriever agent:
  fetchmail:
starting fetchmail 6.3.19 daemon

  [ OK ]
root@web0:/etc# fetchmail: 1 message for [email address] at
[imapmailserver] (folder Support).
An Error Occurred
=

500 Can't connect to [RT webserver]:443
(certificate verify failed)


2. Adding this to fetchmailrc does not work either:

mda export PERL_LWP_SSL_CA_PATH=/etc/ssl/certs; /usr/bin/rt-mailgate-4
...


3. Adding this to /etc/default/fetchmail on Ubuntu where fetchmail runs
from an init script as a daemin does not work either:

export PERL_LWP_SSL_CA_PATH=/etc/ssl/certs


I am stuck with having to edit the rt-mailgate-4 on line 151 file like this:

#my $ua   = LWP::UserAgent-new();
my $ua   = LWP::UserAgent-new(ssl_opts = {SSL_ca_file =
'/etc/ssl/certs/7d3cd826.0'});

which I dont like because I will forget about it during upgrade.

A



On Mon, Jan 23, 2012 at 11:06 AM, Thomas Sibley t...@bestpractical.com
wrote:
 On 01/20/2012 02:38 PM, Robert Nesius wrote:
 I figured out a work around for this issue.  I was suspicious that
 LWP::UserAgent could not reach the cert for the CA that signed the cert
 being presented by the web server.  I learned there are some environment
 variables that I can leverage to influence where LWP::UserAgent looks
 even though it's being invoked down inside a program I don't want to
 touch.   Adding my /etc/ssl/certs directory to the list of directories
 examined for certs solved the problem.

 For what it's worth, the next release of RT will include a --ca-file
 option you can use to specify the specific cert.  It's equivalent to
 setting PERL_LWP_SSL_CA_FILE.

 *root@linux:/opt/rt4/bin# *export PERL_LWP_SSL_CA_PATH=/etc/ssl/certs

 If you'd like to submit a simple patch to rt-mailgate that also adds
 support for --ca-path, I'm sure we'd apply it.

 I do wonder why the OpenSSL library underlying the Perl library isn't
 finding your cert in /etc/ssl/certs like I'd expect it to.

 Thomas
 
 RT Training Sessions (http://bestpractical.com/services/training.html)
 * Boston  March 5  6, 2012

RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston — March 5  6, 2012

Re: [rt-users] rt-mailgate

2012-01-23 Thread Landon Stewart 
On 9 January 2012 10:34, Robert Nesius nes...@gmail.com wrote:

 I made a recently change to how my apache2 server was configured to
 redirect all requests through https.  Now emails are not flowing through to
 RT - I tracked the issue down to rt-mailgate complaining about not being
 able to verify the certificate.  I'm a little perplexed on how to proceed
 or how to verify what certs/CAs rt-mailgate is using, or if there is an
 issue with the Crypt::SSLeay module (which I had to force install due to a
 failing test).   I only have one openssl install on the system, and I
 thought Crypt::SSLeay would reach through to those configs for things like
 CA certs, etc...

 Perhaps an easy workaround, since the mail server and apache2 server are
 on the same machine, would be to configure a localhost:80 virtual host
 within apache2 and bypass SSL when accessing RT via that url.

 Any helpful hints/suggestions would be greatly appreciated.   I've been
 google-ing away but haven't had any luck yet.


We simply use mod_rewrite to redirect everyone *except* the server itself
to https.  This way when rt-mailgate calls http://rt.ourdomain/com it is
not forced to use https while everyone else is.

# Redirect everyone except the rt-mailgate and RT utilities to https
   RewriteEngine On
   RewriteCond %{REMOTE_ADDR} !^10\.10\.227\.209$
   RewriteRule ^/(.*)$ https://rt.ourdomain.com/$1 [R=301,L]

The 10.10.227.209 is the IP address of the server according to ifconfig
eth0 in this case.

-- 
Landon Stewart lstew...@superb.net
Manager of Systems and Engineering
Superb Internet Corp - 888-354-6128 x 4199
Web hosting and more Ahead of the Rest: http://www.superbhosting.net

RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston — March 5  6, 2012

Re: [rt-users] rt-mailgate

2012-01-23 Thread Allen 
 We simply use mod_rewrite to redirect everyone *except* the server itself
 to https.  This way when rt-mailgate calls http://rt.ourdomain/com it is
 not forced to use https while everyone else is.


Thanks. That is an easy, maintainable solution until the next version of
rt-mailgate that will let us specify the cert path, or until OpenSSL 1.x
gets it's act together with LWP.

But doesn't work for me. I solved some kind of mod-perl/apache
redeclaration or some such problem (either spamming the logs or making
apache not start -- cant remember which) that I solved by removing all RT
apache configuration under regular http and just having the redirect to
SSL. The SSL virtualhost container has the RT configs in it.

A

RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston — March 5  6, 2012

Re: [rt-users] rt-mailgate

2012-01-20 Thread Robert Nesius 
I figured out a work around for this issue.  I was suspicious that
LWP::UserAgent could not reach the cert for the CA that signed the cert
being presented by the web server.  I learned there are some environment
variables that I can leverage to influence where LWP::UserAgent looks even
though it's being invoked down inside a program I don't want to touch.
Adding my /etc/ssl/certs directory to the list of directories examined for
certs solved the problem.

*root@linux:/opt/rt4/bin# *./rt-mailgate --debug --action=correspond
--queue=ToDo --url=https://request.domain.com  ~/test.msg
./rt-mailgate: temp file is '/tmp/MqO8Gyi3SW/ILtfyOuDPb'
./rt-mailgate: connecting to
https://request.domain.com/REST/1.0/NoAuth/mail-gateway
An Error Occurred
=

500 Can't connect to
request.domain.com:443 (certificate
verify failed)

./rt-mailgate: undefined server error

*root@linux:/opt/rt4/bin# *export PERL_LWP_SSL_CA_PATH=/etc/ssl/certs

*root@linux:/opt/rt4/bin#* ./rt-mailgate --debug --action=correspond
--queue=ToDo --url=https://request.domain.com  ~/test.msg
./rt-mailgate: temp file is '/tmp/rn88yVfFtr/IVe9YYO9IY'
./rt-mailgate: connecting to
https://request.domain.com/REST/1.0/NoAuth/mail-gateway
okTicket: 7698Queue: ToDoOwner: ran1Status: newSubject: testRequestor:
robert.nes...@domani.com

Inspiration for the fix:
http://colinnewell.wordpress.com/2011/03/11/ssl-host-checking-and-lwpuseragent/

Ultimately I suppose I can wrap rt-mailgate with a script that sets the
environment variable and exec's rt-mailgate, or I could perhaps embed
setting the environment variable along with the invocation of rt-mailgate
in the aliases file.  I'll figure something out.

-Rob

RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston — March 5  6, 2012

Re: [rt-users] rt-mailgate

2012-01-12 Thread Mark Story 
Hello,

I verified my certificates, openssl says they're OK.


--Mark

 Sorry, left out the -CApath flag, and this is just for illustration:
 
 root@xxx:/var/www/servers# openssl verify -CApath /etc/ssl/certs/ 
 /usr/share/ca-certificates/mozilla/DST_ACES_CA_X6.crt 
 /usr/share/ca-certificates/mozilla/DST_ACES_CA_X6.crt: OK

RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston  March 5  6, 2012

Re: [rt-users] rt-mailgate

2012-01-12 Thread Mark Story 

 Make sure you have Crypt::SSLeay, Net::SSL, LWP::UserAgent,
 LWP::Protocol::https, and Mozilla::CA installed.

We didn't have Mozilla::CA   Crypt::SSLeay installed, but still didn't
help:

rt ls -t 59
Query:Status!='resolved' and Status!='rejected'
rt: Server error: Can't connect to rt.myhost.com:443 (certificate verify
failed) (500)



--Mark



 
 Thomas
 
 RT Training Sessions (http://bestpractical.com/services/training.html)
 * Boston  March 5  6, 2012


RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston  March 5  6, 2012

Re: [rt-users] rt-mailgate

2012-01-12 Thread Mark Story 

I have rt4 installed manually in /opt/rt4 but when I ran dpkg I got:

www:/etc/ssl/certs# dpkg --list | grep reques
ii  libapache2-mod-apreq22.08-5+b1  generic
Apache request library - Apache modu
ii  libapache2-request-perl  2.08-5+b1  generic
Apache request library - Perl module
ii  libapreq22.08-5+b1  generic
Apache request library
pc  request-tracker3.6   3.6.7-5+lenny6
Extensible trouble-ticket tracking system
pc  rt3.6-db-postgresql  3.6.7-5+lenny6
PostgreSQL database backend for request-trac

Is that a potential issue?  I tried removing request-tracker3.6 
rt3.6-db-postgresql but it failed ...?
www:/etc/ssl/certs# apt-get  remove  rt3.6-db-postgresql
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package rt3.6-db-postgresql is not installed, so not removed
0 upgraded, 0 newly installed, 0 to remove and 48 not upgraded.

www:/etc/ssl/certs# apt-get  remove  request-tracker3.6
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package request-tracker3.6 is not installed, so not removed
0 upgraded, 0 newly installed, 0 to remove and 48 not upgraded.


--Mark

 This is on Ubuntu 11.10 Oneiric running reqest-tracker4 pinned with
 apt preferences to Precise packages for version 4.0.4-1:
 
 root@web0:/etc/logrotate.d# dpkg --list | grep reques
 ii  request-tracker44.0.4-1
 extensible trouble-ticket tracking system
 ii  rt4-apache2 4.0.4-1
 Apache 2 specific files for request-tracker4
 ii  rt4-clients 4.0.4-1
 mail gateway and command-line interface to request-tracker4
 ii  rt4-db-sqlite   4.0.4-1
 SQLite database backend for request-tracker4




RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston  March 5  6, 2012

Re: [rt-users] rt-mailgate

2012-01-12 Thread Allen 
pc  request-tracker3.6   3.6.7-5+lenny6 Extensible trouble-ticket
tracking system
pc  rt3.6-db-postgresql  3.6.7-5+lenny6 PostgreSQL database backend
for request-trac

p in first column means already marked for purging.
c in second column means configuration files from those are still present

try: dpkg --purge



 rt3.6-db-postgresql but it failed ...?
 www:/etc/ssl/certs# apt-get  remove  rt3.6-db-postgresql
 Reading package lists... Done
 Building dependency tree
 Reading state information... Done
 Package rt3.6-db-postgresql is not installed, so not removed
 0 upgraded, 0 newly installed, 0 to remove and 48 not upgraded.

 www:/etc/ssl/certs# apt-get  remove  request-tracker3.6
 Reading package lists... Done
 Building dependency tree
 Reading state information... Done
 Package request-tracker3.6 is not installed, so not removed
 0 upgraded, 0 newly installed, 0 to remove and 48 not upgraded.


 --Mark


RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston  March 5  6, 2012

Re: [rt-users] rt-mailgate

2012-01-11 Thread Mark Story 
Hello,

I've had the same issues and am only now getting around to figuring it
out.  Everything works fine in browser, but not thru rt-mailgate.
Every other service that uses the SSL keys are working; puzzled.

If I find something worthy of note, I'll post it.


--Mark

 Thanks for the suggestions guys.  
 
 I finally just turned off my re-write rule that was re-directing http to
 https and side-stepped the rt-mailgate ssl failure all together.  Not
 ideal, but in practice very few of my users log into RT directly so it's
 a configuration I can live with short term while I figure out the real
 issue.  
 
 I've configured postfix to hand messages to the aliases for my queues
 directly to rt-mailgate.  It is rt-mailgate that cannot verify the ssl
 certificate that my web server is presenting it.  None of my web
 browsers have trouble with it, so it feels like an rt-mailgate
 configuration issue.  I can repro the issue on the command line 
 

RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston  March 5  6, 2012

Re: [rt-users] rt-mailgate

2012-01-11 Thread Izz Abdullah 
Have you guys checked to ensure the linux box itself, I presume it is linux, 
acknowledges the validity of the certificate?  (usually something like:
# openssl verify /etc/ssl/certs/ certificate_to_verify

Just a quick openssl thought.

-Original Message-
From: rt-users-boun...@lists.bestpractical.com 
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Mark Story
Sent: Wednesday, January 11, 2012 1:04 PM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] rt-mailgate

Hello,

I've had the same issues and am only now getting around to figuring it out.  
Everything works fine in browser, but not thru rt-mailgate.
Every other service that uses the SSL keys are working; puzzled.

If I find something worthy of note, I'll post it.


--Mark

 Thanks for the suggestions guys.  
 
 I finally just turned off my re-write rule that was re-directing http 
 to https and side-stepped the rt-mailgate ssl failure all together.  
 Not ideal, but in practice very few of my users log into RT directly 
 so it's a configuration I can live with short term while I figure out 
 the real issue.
 
 I've configured postfix to hand messages to the aliases for my queues 
 directly to rt-mailgate.  It is rt-mailgate that cannot verify the ssl 
 certificate that my web server is presenting it.  None of my web 
 browsers have trouble with it, so it feels like an rt-mailgate 
 configuration issue.  I can repro the issue on the command line
 

RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston  March 5  6, 2012

RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston  March 5  6, 2012

Re: [rt-users] rt-mailgate

2012-01-11 Thread Izz Abdullah 
Sorry, left out the -CApath flag, and this is just for illustration:

root@xxx:/var/www/servers# openssl verify -CApath /etc/ssl/certs/ 
/usr/share/ca-certificates/mozilla/DST_ACES_CA_X6.crt 
/usr/share/ca-certificates/mozilla/DST_ACES_CA_X6.crt: OK

-Original Message-
From: rt-users-boun...@lists.bestpractical.com 
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Izz Abdullah
Sent: Wednesday, January 11, 2012 1:14 PM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] rt-mailgate

Have you guys checked to ensure the linux box itself, I presume it is linux, 
acknowledges the validity of the certificate?  (usually something like:
# openssl verify /etc/ssl/certs/ certificate_to_verify

Just a quick openssl thought.

-Original Message-
From: rt-users-boun...@lists.bestpractical.com 
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Mark Story
Sent: Wednesday, January 11, 2012 1:04 PM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] rt-mailgate

Hello,

I've had the same issues and am only now getting around to figuring it out.  
Everything works fine in browser, but not thru rt-mailgate.
Every other service that uses the SSL keys are working; puzzled.

If I find something worthy of note, I'll post it.


--Mark

 Thanks for the suggestions guys.  
 
 I finally just turned off my re-write rule that was re-directing http 
 to https and side-stepped the rt-mailgate ssl failure all together.
 Not ideal, but in practice very few of my users log into RT directly 
 so it's a configuration I can live with short term while I figure out 
 the real issue.
 
 I've configured postfix to hand messages to the aliases for my queues 
 directly to rt-mailgate.  It is rt-mailgate that cannot verify the ssl 
 certificate that my web server is presenting it.  None of my web 
 browsers have trouble with it, so it feels like an rt-mailgate 
 configuration issue.  I can repro the issue on the command line
 

RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston  March 5  6, 2012

RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston  March 5  6, 2012

RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston  March 5  6, 2012

Re: [rt-users] rt-mailgate

2012-01-11 Thread Thomas Sibley 
On 01/11/2012 02:04 PM, Mark Story wrote:
 I've had the same issues and am only now getting around to figuring it
 out.  Everything works fine in browser, but not thru rt-mailgate.
 Every other service that uses the SSL keys are working; puzzled.

We have a branch (not yet merged) that improves the doc for using
rt-mailgate with SSL:
https://github.com/bestpractical/rt/compare/4.0-trunk...4.0%2fmailgate-ssl-deps

Make sure you have Crypt::SSLeay, Net::SSL, LWP::UserAgent,
LWP::Protocol::https, and Mozilla::CA installed.

Thomas

RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston  March 5  6, 2012

Re: [rt-users] rt-mailgate

2012-01-11 Thread Allen 
On Tue, Jan 10, 2012 at 1:05 PM, Robert Nesius nes...@gmail.com wrote:
 500 Can't connect to
 request.domain.com:443 (certificate
 verify failed)

 /opt/rt4/bin/rt-mailgate: undefined server error

Yes, I got the same problem Monday after installing an Extended
Validation SSL certificate on the same Apache2 server as RT. RT is
accessible only over SSL using a wildcard cert, and some other
virtualhosts use the same wildcard cert. All the virtualhosts, RT
included, have the same IP address, which means the client needs to
understand TLS in order to get Apache to present to correct
certificate for the correct hostname.

When all the Virtualhosts used the same wildcard SSL cert, mailgate
worked fine. As soon as one of the Virtualhosts used a different cert,
mailgate fails with the above error to connect to RT to stuff the
message in.

This is on Ubuntu 11.10 Oneiric running reqest-tracker4 pinned with
apt preferences to Precise packages for version 4.0.4-1:

root@web0:/etc/logrotate.d# dpkg --list | grep reques
ii  request-tracker4                    4.0.4-1
        extensible trouble-ticket tracking system
ii  rt4-apache2                         4.0.4-1
        Apache 2 specific files for request-tracker4
ii  rt4-clients                         4.0.4-1
        mail gateway and command-line interface to request-tracker4
ii  rt4-db-sqlite                       4.0.4-1
        SQLite database backend for request-tracker4

I think something is wrong in the rt-mailgate-4 script that doesn't
understand TLS or when something happens and it gets a certificate
whose hostname does not match with the host that it is connecting to.

A

RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston  March 5  6, 2012

Re: [rt-users] rt-mailgate

2012-01-11 Thread Allen 
On Wed, Jan 11, 2012 at 11:22 AM, Izz Abdullah izz.abdul...@hibbett.com wrote:
 root@xxx:/var/www/servers# openssl verify -CApath /etc/ssl/certs/ 
 /usr/share/ca-certificates/mozilla/DST_ACES_CA_X6.crt
 /usr/share/ca-certificates/mozilla/DST_ACES_CA_X6.crt: OK


Yes, that is the same output I get when running the command.

The problem is that only rt-mailgate is having a problem figuring out
how to validate the SSL certificate that RT instance is using. All
browser clients validate it fine.

This thread from October 2011
http://www.gossamer-threads.com/lists/rt/users/106073 talks about
editting rt-mailgate to specifically name a root ca as an ssl_option
argument, but I really don't want to mess with the RT distribution and
feel I shouldn;t have to because it worked fine with the old wildcard
SSL cert, and browsers were able to figure out the new SSL cert
without trouble as well.

A

RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston  March 5  6, 2012

Re: [rt-users] rt-mailgate

2012-01-10 Thread Robert Nesius 
Thanks for the suggestions guys.

I finally just turned off my re-write rule that was re-directing http to
https and side-stepped the rt-mailgate ssl failure all together.  Not
ideal, but in practice very few of my users log into RT directly so it's a
configuration I can live with short term while I figure out the real issue.


I've configured postfix to hand messages to the aliases for my queues
directly to rt-mailgate.  It is rt-mailgate that cannot verify the ssl
certificate that my web server is presenting it.  None of my web browsers
have trouble with it, so it feels like an rt-mailgate configuration issue.
I can repro the issue on the command line

root@linux:~# /opt/rt4/bin/rt-mailgate --debug --queue 'general' --action
correspond --url https://request.domain.com/  ~/test.msg
/opt/rt4/bin/rt-mailgate: temp file is '/tmp/XOCrOYAr8p/vkVDTmoszI'
/opt/rt4/bin/rt-mailgate: connecting to
https://request.domain.com//REST/1.0/NoAuth/mail-gateway
An Error Occurred
=

500 Can't connect to
request.domain.com:443 (certificate
verify failed)

/opt/rt4/bin/rt-mailgate: undefined server error

-Rob


On Mon, Jan 9, 2012 at 4:08 PM, Izz Abdullah izz.abdul...@hibbett.comwrote:

 And if that doesn't work, since I have a certificate with a domain name
 (although signed by our internal CA which all of our PCs trust), I had to
 put in below where Mauricio put in https://localhost, I actually needed
 to use my dns name in which the certificate is assigned (e.g. https://MyRT
 )

 My $0.02 worth as well. :)

 -Original Message-
 From: rt-users-boun...@lists.bestpractical.com [mailto:
 rt-users-boun...@lists.bestpractical.com] On Behalf Of Mauricio Tavares
 Sent: Monday, January 09, 2012 4:02 PM
 To: rt-users@lists.bestpractical.com
 Subject: Re: [rt-users] rt-mailgate

 On Mon, Jan 9, 2012 at 1:34 PM, Robert Nesius nes...@gmail.com wrote:
  I made a recently change to how my apache2 server was configured to
  redirect all requests through https.  Now emails are not flowing
  through to RT - I tracked the issue down to rt-mailgate complaining
  about not being able to verify the certificate.  I'm a little
  perplexed on how to proceed or how to verify what certs/CAs
  rt-mailgate is using, or if there is an issue with the Crypt::SSLeay
 module (which I had to force install due to a failing test).
  I only have one openssl install on the system, and I thought
  Crypt::SSLeay would reach through to those configs for things like CA
 certs, etc...
 
  Perhaps an easy workaround, since the mail server and apache2 server
  are on the same machine, would be to configure a localhost:80
  virtual host within
  apache2 and bypass SSL when accessing RT via that url.
 
  Any helpful hints/suggestions would be greatly appreciated.   I've
  been google-ing away but haven't had any luck yet.
 
  AFAIK, rt-mailgate connects to RT using RT's web interface; it should
 use whatever cert you have defined in the virtual host entry for RT. Here
 is how my fetchmailrc calls rt-mailgate:

 mda /usr/bin/perl /usr/bin/rt-mailgate --url https://localhost/rt \
 --queue support --action correspond

  -Rob
 
  
  RT Training Sessions (http://bestpractical.com/services/training.html)
  * Boston - March 5  6, 2012
 
 RT Training Sessions (http://bestpractical.com/services/training.html)
 * Boston  March 5  6, 2012
 
 RT Training Sessions (http://bestpractical.com/services/training.html)
 * Boston  March 5  6, 2012


RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston — March 5  6, 2012

[rt-users] rt-mailgate

2012-01-09 Thread Robert Nesius 
I made a recently change to how my apache2 server was configured to
redirect all requests through https.  Now emails are not flowing through to
RT - I tracked the issue down to rt-mailgate complaining about not being
able to verify the certificate.  I'm a little perplexed on how to proceed
or how to verify what certs/CAs rt-mailgate is using, or if there is an
issue with the Crypt::SSLeay module (which I had to force install due to a
failing test).   I only have one openssl install on the system, and I
thought Crypt::SSLeay would reach through to those configs for things like
CA certs, etc...

Perhaps an easy workaround, since the mail server and apache2 server are on
the same machine, would be to configure a localhost:80 virtual host
within apache2 and bypass SSL when accessing RT via that url.

Any helpful hints/suggestions would be greatly appreciated.   I've been
google-ing away but haven't had any luck yet.

-Rob

RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston — March 5  6, 2012

Re: [rt-users] rt-mailgate

2012-01-09 Thread Izz Abdullah 
And if that doesn't work, since I have a certificate with a domain name 
(although signed by our internal CA which all of our PCs trust), I had to put 
in below where Mauricio put in https://localhost, I actually needed to use my 
dns name in which the certificate is assigned (e.g. https://MyRT)

My $0.02 worth as well. :)

-Original Message-
From: rt-users-boun...@lists.bestpractical.com 
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Mauricio Tavares
Sent: Monday, January 09, 2012 4:02 PM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] rt-mailgate

On Mon, Jan 9, 2012 at 1:34 PM, Robert Nesius nes...@gmail.com wrote:
 I made a recently change to how my apache2 server was configured to 
 redirect all requests through https.  Now emails are not flowing 
 through to RT - I tracked the issue down to rt-mailgate complaining 
 about not being able to verify the certificate.  I'm a little 
 perplexed on how to proceed or how to verify what certs/CAs 
 rt-mailgate is using, or if there is an issue with the Crypt::SSLeay module 
 (which I had to force install due to a failing test).
 I only have one openssl install on the system, and I thought 
 Crypt::SSLeay would reach through to those configs for things like CA certs, 
 etc...

 Perhaps an easy workaround, since the mail server and apache2 server 
 are on the same machine, would be to configure a localhost:80 
 virtual host within
 apache2 and bypass SSL when accessing RT via that url.

 Any helpful hints/suggestions would be greatly appreciated.   I've 
 been google-ing away but haven't had any luck yet.

  AFAIK, rt-mailgate connects to RT using RT's web interface; it should use 
whatever cert you have defined in the virtual host entry for RT. Here is how my 
fetchmailrc calls rt-mailgate:

mda /usr/bin/perl /usr/bin/rt-mailgate --url https://localhost/rt \ --queue 
support --action correspond

 -Rob

 
 RT Training Sessions (http://bestpractical.com/services/training.html)
 * Boston - March 5  6, 2012

RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston  March 5  6, 2012

RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston  March 5  6, 2012

[rt-users] rt-mailgate error wht ExternalAuth On User Creation by Email

2011-10-31 Thread Luciano Ernesto da Silva 
Hello,

 

 

Some users send an email to email address of the queue to open tickets,
but we are getting this error on user creation, since we are using
ExternalAuth (RT4.0.2 + ExternalAuth 0.09):

 

 

Sat Oct 29 12:37:42 2011] [crit]: User creation failed in mailgateway:
Name in use (/opt/rt4/sbin/../lib/RT/Interface/Email.pm:244)

Trace begun at /opt/rt4/sbin/../lib/RT.pm line 249

Log::Dispatch::log('Log::Dispatch=HASH(0x7f4acf1969b0)', 'level',
'crit', 'message', 'User creation failed in mailgateway: Name in use')
called at /opt/rt4/sbin/../lib/RT/Inter

face/Email.pm line 244

RT::Interface::Email::MailError('To', 'john...@mydomain.com', 'Subject',
'User could not be created', 'Explanation', 'User creation failed in
mailgateway: Name in use', 'MIMEObj',
'MIME::Entity=HASH(0x7f4aced00a98)', 'LogLevel', 'crit') called at
/opt/rt4/sbin/../lib/RT/Interface/Email.pm line 999

 

 

I had set RT_SiteConfig.pm with 

Set($AutoCreateNonExternalUsers, 1);

Set($AutoCreate, {Privileged = 1});

 

On interface is granted rights to Everyone:

Comment on tickets

Create tickets 

Reply to tickets

 

 

My attributes on LDAP are these:

 

 

'attr_match_list'   = ['Name', 'EmailAddress'],

'attr_map'  = {'Name' = 'uid', 'EmailAddress' =
'mail', 'RealName' = 'cn', 'ExternalAuthId' = 'uid'}

 

 

Actually I checked the list of users, I don't have any user with same
name of the requestor.

 

 

Should I use Set($AutoCreate, {UnPrivileged = 1}); or something like
that?

 

Tks

 

 

Luciano Silva


RT Training Sessions (http://bestpractical.com/services/training.html)
*  Barcelona, Spain — November 28  29, 2011

  1   2   3   >