[afnog] connecting requet tracker to a mail server

Phil Regnauld regnauld at nsrc.org
Fri Jan 1 12:14:46 UTC 2010


Randy Bush (randy) writes:
> > i installed request tracker 3.6 on my debian machine to be used for reporting purpose.
> > but, i want users to request and even reply to requests using thier mail account. we have  a postfix mail server. so, can any body help how to connect the RT system to the mail server.
> 
> i am not sure, but 3.8 seems to have more email cruft than 3.6.  watch
> out for the upgrade, it's painful, as all rt upgrades seem to be.

	3.6 and 3.8 is the same with regards to email integration.

	Here are some notes I put together for the Network Management
	Workshop Hervey Allen and myself put together.  Ignore the
	package installation parts, they are Debian/Ubuntu specific.

	Steps 4 and afterwards are specific to the mailgate configuration
	in a postfix environment.  Queue configuration and rights management
	needs to be tuned to work properly.


INSTALLATION (RT3.6 -- RT3.8 is similar, and RT3.8 looks much nicer GUI wise)

1. Install packages

apt-get install rt3.6-db-mysql      # Config for RT3 for mysql
apt-get install rt3.6-apache2       # apache2 support

apt-get install mysql-server-5.0

[follow instructions] - leave password unchanged

apt-get install request-tracker3.6  # RT itself (minus the mailgate)
apt-get install rt3.6-clients       # rt mailgate

Name for this RT instance: rt.ubuntu.localdomain

apt-get install libapache2-mod-perl2
a2enmod rewrite

apt-get install postfix
apt-get install mutt        if needed

2. Configuration of vhost

Add to end of default vhost:

Include /etc/request-tracker3.6/apache2-modperl2.conf

Restart apache

3. RT Config (defaults should be ok)

Check SiteConfig.pm in /etc/request-tracker3.6 that everything is OK wrt.
to domain, site, etc...

4. Queue Configuration

Log in to RT as root:password

Go to Configuration -> Queues -> General

Set Reply Address to "helpdesk at ubuntu.localdomain"
Set Comment Address to "helpdesk-comment at ubuntu.localdomain"

5. Mailgate configuration

Add these aliases to /etc/aliases:

helpdesk: "|/usr/bin/rt-mailgate-3.6 --queue general --action correspond --url http://localhost/rt"
helpdesk-comment: "|/usr/bin/rt-mailgate-3.6 --queue general --action comment --url http://localhost/rt"

Now, send a mail using mutt to "helpdesk at ubuntu.localdomain"

You should get an error mail back that no valid user could be loaded.

This is normal, we need to give privileges to RT.

Two error mails are sent back:

- one to you (the requestor)
- one to the administrator

The one to the administrator will say:

    You might need to grant 'Everyone' the right 'CreateTicket' for the 
    queue general.

6. Groups, rights, and basic setup

RT has support for Groups and Users, including some default (system)
groups. This is pretty straightforward. Groups of groups are supported.

Ideally we only use groups and give rights to them, NOT to users (to
avoid messy ACLs).

RT also has support for Roles -- for example, if hervey at nsrc.org is
set to be AdminCC on the "General" queue, meaning he'll get a copy of
all mails on that queue, then Hervey has the AdminCC "Role".  That Role
can also be used when allocating Rights in RT, so that it is not necessary
to create, say, a "Staff" group, place Hervey in it, and then give rights
to it.  It would be enough to grant the AdminCC group the rights, and by
virtue of Hervey having that role assigned to him, he will inherit the
rights.

So let's do this.

To start with, we only need "Everyone" to be allowed to create a ticket,
so we do:

>From the RT gui, Configuration -> Queues -> General

Then click on Group Rights

Select "Create Ticket" in the "New rights" list box next to Everyone group.

Then click on "Modify Group Rights" in lower right.

Now try sending a mail again

After a few seconds, the main page (Home) of RT should show
one ticket under the New section of the General Queue.

You (the requestor) should have received a mail -- normally something like:


    Greetings,

    This message has been automatically generated in response to the
    creation of a trouble ticket regarding:
            "test5", 
    a summary of which appears below.

    There is no need to reply to this message right now.  Your ticket has been
    assigned an ID of [rt.ubuntu.localdomain #1].

    Please include the string:

             [rt.ubuntu.localdomain #1]

    in the subject line of all future correspondence about this issue. To do so, 
    you may reply to this message.

                            Thank you,
                            helpdesk at ubuntu.localdomain



... this output is controlled by the Template associated to the default action
for a submission.  Everything is customizable, including what actions to
carry out, which templates to use.

For instance, it's possible to make RT automatically generate a random password
for the person requesting, and associate that to the email they are writing
from.

RT records all users (email addresses) into its database.

Now, the user "root at bunutu.localdomain" (NOT THE SAME as the "root" user in
RT -- note!) is now created in RT.  Let's give him a password.

Configuration -> Users -> Find people whose [User id] [contains]

    ... enter "root" + Press return (or click Go)

Two entries:

    root
    root at ubuntu.localdomain

... click on root at ubuntu.localdomain

Set the password (under Access Control) - at least 5 chars.

Now logout, and login as "root at ubuntu.localdomain" + the password.

Notice that you see... nothing.

Why ?  We didn't give non-privileged users the right to actually VIEW anything
in the queue!

7. More rights

So let's give them those rights, but not too much (for instance, they shouldn't
be allowed to view comments from admins/helpdesk staff):

Logout
Login as root / password

Configuration -> Queues -> General -> Group Rights

Notice that "CreateTicket" is now listed under the Current rights for
the "Everyone" group.

Let's add the right for users to view a ticket -- under
Everyone, "New Rights", select ShowTicket.  Select ReplyToTicket as well
(might come in handy :)

Click Modify Group Rights.

Logout, login as "root at ubuntu.localdomain" + the password you gave earlier.

Now, you can see the ticket(*) you submitted !

(*) If you had more than 1, you would see them all -- all tickets created
by your userid (your email) will be visible, including all correspondance,
but excluding comments from the staff that are not for you to see.

(enf of part 1)

Note: using root for the demo of mailing is confusing.  Use a "testuser"
or something.  Even better, make MX + DNS work and mail from outside or other
computer.



More information about the afnog mailing list