[rt-users] Rt4 MailgateInstallation: Stubborn 403 Forbidden Error

Patrick G. Stoesser lists at pgs-info.de
Thu Jan 31 21:28:26 EST 2013 

Hello,

I'm also running RT4 ob Debian Squueze, indeed with Exim4.
Just a few thoughts after reading your post:

# 1 ##########
 > My /etc/aliases configuration looks like this:
 >
 > ---
 > test: "|/usr/bin/rt-mailgate --queue test --action correspond --url
 > http://centcomm.engeneon.net/rt"
 > test-comment: "|/usr/bin/rt-mailgate --queue testt --action comment
 > --url http://centcomm.engeneon.net/rt

There seems to be a mistake in line 3: Isn't your queue called "test" 
and not "testt"?

# 2 ##########
 > A manual test of the rt-mailgate script produces the following:
 >
 > ---
 > root at centcomm:~# cat testfile.txt |/usr/bin/rt-mailgate --queue
 > support --action correspond --url http://centcomm.engeneon.net/rt
 > An Error Occurred
 > =================

The queue "support" you're trying to mail to is not defined in the 
/etc/aliases you've posted here.

# 3 ##########
 > My 000-default apache configuration file  looks like this:
 >
 > <VirtualHost *:80>
 >          ServerAdmin webmaster at localhost
 >
 >          DocumentRoot /var/www
 >          <Directory />
 >                  Options FollowSymLinks
 >                  AllowOverride None
 >          </Directory>

As long as you don't serve any content in / (you currently serve the 
dafult "It works"-Page, you should turn off this directory. This has 
nothing to do with RT itself, but it's something I noticed. See also 
<http://httpd.apache.org/docs/2.2/misc/security_tips.html>

 >          <Directory /var/www/>
 >                  Options Indexes FollowSymLinks MultiViews
 >                  AllowOverride None
 >                  Order allow,deny
 >                  allow from all
 >          </Directory>

Same here.

 >
 >          ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
 >          <Directory "/usr/lib/cgi-bin">
 >                  AllowOverride None
 >                  Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
 >                  Order allow,deny
 >                  Allow from all
 >          </Directory>
 >
 >          ErrorLog ${APACHE_LOG_DIR}/error.log
 >
 >          # Possible values include: debug, info, notice, warn, error, 
crit,
 >          # alert, emerg.
 >          LogLevel debug
 >
 >          CustomLog ${APACHE_LOG_DIR}/access.log combined
 > <Directory "/usr/share/request-tracker3.6/html/">

You're runnig RT4, so this directory does not exist. Your directory is 
/usr/share/request-tracker4.

 >      Order allow,deny
 >      Allow from all
 > </Directory>
 >   Include /etc/request-tracker4/apache2-modperl2.conf
 >   RedirectMatch ^/$ /rt
 >
 > </VirtualHost>
 > -----

hth + regards, pgs




Am 28.01.2013 16:47, schrieb Traiano Welcome:
> Hi List
>
> I've installed RT4 via the Debian package management system using the
> following Wikia guide:
> http://requesttracker.wikia.com/wiki/PostfixConfig ,  and operations
> via the web interface seem  to be working fine. I am using
> "apache2-modperl2.conf".
>
> However, I am having an issue trying to get MailGate to work so that I
> can log tickets via email. Most notably, my attempts to log tickets
> via email fail with the following errors:
>
>  From the Postfix logs:
>
> ----
> Jan 28 15:27:22 centcomm postfix/local[5921]: A864E9AA9:
> to=<test at engeneon.net>, relay=local, delay=8903,
> delays=8903/0.06/0/0.21, dsn=4.3.0, status=deferred (temporary
> failure. Command output: An Error Occurred =================  403
> Forbidden )
> ----
>
>  From the Apache logs:
>
> ----
> [Mon Jan 28 01:47:22 2013] [error] [client xxx.yyy.zzz.www] client
> denied by server configuration:
> /usr/share/request-tracker4/html/REST/1.0/NoAuth/mail-gateway
> ----
>
> I have reviewed and tested the solution on these 2 threads, without success:
>
> 1. http://lists.bestpractical.com/pipermail/rt-users/2009-April/058768.html
> 2. http://www.mentby.com/Group/rt-users/maillog-403-forbidden.html
>
> Other than this I cannot find any other solutions on the internet
> based on similar experiences from other users of RT4.
>
> My questions are:
>
> a) Is this a known issue with a known fix? If so, I'd appreciate a
> pointer to it?
> b) If not, is there some approach I could use to debugging this in
> more detail so that I can pinpoint exactly what should be changed to
> allow rt-mailgate to post messages to the REST API for Rt4 ?
>
> Below are elements of my configuration for RT, mail and Apache:
>
> I am using the following Apache configuration:
>
> My /etc/aliases configuration looks like this:
>
> ---
> test: "|/usr/bin/rt-mailgate --queue test --action correspond --url
> http://centcomm.engeneon.net/rt"
> test-comment: "|/usr/bin/rt-mailgate --queue testt --action comment
> --url http://centcomm.engeneon.net/rt
> ---
>
> A manual test of the rt-mailgate script produces the following:
>
> ---
> root at centcomm:~# cat testfile.txt |/usr/bin/rt-mailgate --queue
> support --action correspond --url http://centcomm.engeneon.net/rt
> An Error Occurred
> =================
>
> 403 Forbidden
> ----
>
> My apache2-modperl2.conf looks like this:
>
> ---
> PerlSetEnv RT_SITE_CONFIG /etc/request-tracker4/RT_SiteConfig.pm
> Alias /rt /usr/share/request-tracker4/html
> <Location /rt>
>    SetHandler modperl
>    PerlResponseHandler Plack::Handler::Apache2
>    PerlSetVar psgi_app /usr/share/request-tracker4/libexec/rt-server
> </Location>
>      <Location /rt/NoAuth>
>      Order allow,deny
>      Allow from all
>      Satisfy any
>      </Location>
> <Location /rt/REST/1.0/NoAuth>
>      Order Allow,Deny
>      Allow from all
> </Location>
> <Directory /usr/share/request-tracker4>
>      Options Indexes MultiViews
>      AllowOverride AuthConfig
>      Order allow,deny
>      Allow from all
> </Directory>
> <Perl>
>    use Plack::Handler::Apache2;
>    Plack::Handler::Apache2->preload("/usr/share/request-tracker4/libexec/rt-server");
> </Perl>
> ---
>
> My 000-default apache configuration file  looks like this:
>
> <VirtualHost *:80>
>          ServerAdmin webmaster at localhost
>
>          DocumentRoot /var/www
>          <Directory />
>                  Options FollowSymLinks
>                  AllowOverride None
>          </Directory>
>          <Directory /var/www/>
>                  Options Indexes FollowSymLinks MultiViews
>                  AllowOverride None
>                  Order allow,deny
>                  allow from all
>          </Directory>
>
>          ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
>          <Directory "/usr/lib/cgi-bin">
>                  AllowOverride None
>                  Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
>                  Order allow,deny
>                  Allow from all
>          </Directory>
>
>          ErrorLog ${APACHE_LOG_DIR}/error.log
>
>          # Possible values include: debug, info, notice, warn, error, crit,
>          # alert, emerg.
>          LogLevel debug
>
>          CustomLog ${APACHE_LOG_DIR}/access.log combined
> <Directory "/usr/share/request-tracker3.6/html/">
>      Order allow,deny
>      Allow from all
> </Directory>
>   Include /etc/request-tracker4/apache2-modperl2.conf
>   RedirectMatch ^/$ /rt
>
> </VirtualHost>
> -----

More information about the rt-users mailing list