[rt-users] rt-mailgate

Robert Nesius nesius at gmail.com
Tue Jan 10 16:05:48 EST 2012 

Thanks for the suggestions guys.

I finally just turned off my re-write rule that was re-directing http to
https and side-stepped the rt-mailgate ssl failure all together.  Not
ideal, but in practice very few of my users log into RT directly so it's a
configuration I can live with short term while I figure out the real issue.


I've configured postfix to hand messages to the aliases for my queues
directly to rt-mailgate.  It is rt-mailgate that cannot verify the ssl
certificate that my web server is presenting it.  None of my web browsers
have trouble with it, so it feels like an rt-mailgate configuration issue.
I can repro the issue on the command line....

root at linux:~# /opt/rt4/bin/rt-mailgate --debug --queue 'general' --action
correspond --url https://request.domain.com/ < ~/test.msg
/opt/rt4/bin/rt-mailgate: temp file is '/tmp/XOCrOYAr8p/vkVDTmoszI'
/opt/rt4/bin/rt-mailgate: connecting to
https://request.domain.com//REST/1.0/NoAuth/mail-gateway
An Error Occurred
=================

500 Can't connect to
request.domain.com:443 (certificate
verify failed)

/opt/rt4/bin/rt-mailgate: undefined server error

-Rob


On Mon, Jan 9, 2012 at 4:08 PM, Izz Abdullah <Izz.Abdullah at hibbett.com>wrote:

> And if that doesn't work, since I have a certificate with a domain name
> (although signed by our internal CA which all of our PCs trust), I had to
> put in below where Mauricio put in https://localhost, I actually needed
> to use my dns name in which the certificate is assigned (e.g. https://MyRT
> )
>
> My $0.02 worth as well. :)
>
> -----Original Message-----
> From: rt-users-bounces at lists.bestpractical.com [mailto:
> rt-users-bounces at lists.bestpractical.com] On Behalf Of Mauricio Tavares
> Sent: Monday, January 09, 2012 4:02 PM
> To: rt-users at lists.bestpractical.com
> Subject: Re: [rt-users] rt-mailgate
>
> On Mon, Jan 9, 2012 at 1:34 PM, Robert Nesius <nesius at gmail.com> wrote:
> > I made a recently change to how my apache2 server was configured to
> > redirect all requests through https.  Now emails are not flowing
> > through to RT - I tracked the issue down to rt-mailgate complaining
> > about not being able to verify the certificate.  I'm a little
> > perplexed on how to proceed or how to verify what certs/CAs
> > rt-mailgate is using, or if there is an issue with the Crypt::SSLeay
> module (which I had to force install due to a failing test).
> > I only have one openssl install on the system, and I thought
> > Crypt::SSLeay would reach through to those configs for things like CA
> certs, etc...
> >
> > Perhaps an easy workaround, since the mail server and apache2 server
> > are on the same machine, would be to configure a "localhost:80"
> > virtual host within
> > apache2 and bypass SSL when accessing RT via that url.
> >
> > Any helpful hints/suggestions would be greatly appreciated.   I've
> > been google-ing away but haven't had any luck yet.
> >
>      AFAIK, rt-mailgate connects to RT using RT's web interface; it should
> use whatever cert you have defined in the virtual host entry for RT. Here
> is how my fetchmailrc calls rt-mailgate:
>
> mda "/usr/bin/perl /usr/bin/rt-mailgate --url https://localhost/rt \
> --queue support --action correspond"
>
> > -Rob
> >
> > --------
> > RT Training Sessions (http://bestpractical.com/services/training.html)
> > * Boston - March 5 & 6, 2012
> --------
> RT Training Sessions (http://bestpractical.com/services/training.html)
> * Boston  March 5 & 6, 2012
> --------
> RT Training Sessions (http://bestpractical.com/services/training.html)
> * Boston  March 5 & 6, 2012
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20120110/3ad3a1af/attachment.htm>

More information about the rt-users mailing list