[rt-users] mailgate and EX_TEMPFAIL

Christian Gilmore cag at us.ibm.com
Fri May 9 10:37:51 EDT 2003


On the second suggestion, allowing the gateway to pass unauthenticated, 
how does that fit with the documentation in the rt-mailgate POD? I am 
confused where/why/how the mailgate should authenticate to the web 
interface? It is a new concept for RT3, and I'm just not quite getting it 
yet.

On the first suggestion, I'm going to need to do some kind of sleight of 
hand. I don't control the external LDAP to which I authenticate RT users, 
so I can't add a system account for rt-mailgate. My current thought is 
that, if I go this path, I would need to chain in an additional Auth 
handler that did file-based authentication against a file that just had 
the mailgate's credentials. My concern on this course, though, is that the 
aliases file is world-readable (to only the handful of people who have 
login accounts on the RT host). I'm not super comfortable putting the 
credentials directly into the URL within the alias entries...

Thanks again for helping me out!

Thanks,
Christian

----------------------
Christian Gilmore
Technology Leader
GeT Support Application Development
IBM Software Group





Jesse Vincent <jesse at bestpractical.com>
Sent by: rt-users-admin at lists.fsck.com
05/09/03 05:33 AM

 
        To:     Christian Gilmore/Austin/IBM at IBMUS
        cc:     rt-users at lists.fsck.com, Harald Wagener <hwagener at hamburg.fcb.com>
        Subject:        Re: [rt-users] mailgate and EX_TEMPFAIL



So. you appear to be using some form of external authentication to force
all users to authenticate before talking to your apache. apache isn't
letting the mail gateway talk to the web server. You can (I believe)
encode credentials in the url the mail gateway is trying to visit as
http://user:pass@host/....  OR you can tell apache to let the mail
gateway through.


On Thu, May 08, 2003 at 03:22:52PM -0500, Christian Gilmore wrote:
> Harald Wagener wrote:
> > What happens if You do
> > '/opt/rt3/bin/rt-mailgate < bla.txt', where bla.txt is a genuine 
> > message ?
> 
> Here is what happened.
> 
>         norad1% /opt/rt3/bin/rt-mailgate < ~/foo 
>         /opt/rt3/bin/rt-mailgate invoked improperly
> 
>         No url provided to mail gateway!
> 
> 
>         norad1% /opt/rt3/bin/rt-mailgate --url http://norad1.tivoli.com/rt 
> < ~/foo
>         An Error Occurred
>         =================
> 
>         401 Authorization Required
> 
> Looks like this may be the problem. I read in the rt-mailgate POD about 
> needing an RT user for gateway, but I've not seen any documentation that 

> tells me how to tell the mailgate which user/password to use. I 
carefully 
> read the RT3 PDF sections that would pertain to mail and saw no mention 
of 
> needing this user.
> 
> Also, I see that the setgid bit is set in RT2 but not in RT3. I'm 
assuming 
> that, since it is attempting to talk to the database via the web 
service, 
> mailgate no longer needs the setgid bit.
> 
> 
> Jesse Vincent wrote:
> > the mail gateway has a --debug flag. It might be helpful to hand-pipe 
a
> > message to it with that flag enabled to see what the server says...
> 
> I have that flag set. Not a bit of logging is done, though. Here's what 
I 
> have set:
> 
>         webreq: "|/opt/rt3/bin/rt-mailgate --debug --queue webreq 
--action 
> correspond 
>         --url http://norad1.tivoli.com/rt"
> 
>         Set($LogToSyslog    , 'debug');
>         Set($LogToScreen    , undef);
>         Set($LogToFile      , 'debug');
>         Set($LogToFileNamed , "$LogDir/rt.log.$$");    #log to 
> rt.log.<pid>.<user>
> 
> Thank you both for responding!
> 
> Thanks,
> Christian
> 
> ----------------------
> Christian Gilmore
> Technology Leader
> GeT Support Application Development
> IBM Software Group
-- 
http://www.bestpractical.com/rt  -- Trouble Ticketing. Free.
_______________________________________________
rt-users mailing list
rt-users at lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users

Have you read the FAQ? The RT FAQ Manager lives at http://fsck.com/rtfm


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20030509/f0485fd8/attachment.htm>


More information about the rt-users mailing list