We had a similar issue. However, since rt-mailgate and Apache run on the same host, and since no non-admin users have logins on the host, our solution was to edit Apache's config to bypass authentication for requests coming from localhost.