[rt-users] Again: RT using reply-to field to authenticate sender email

Lars Reimann l.reimann at metaways.de
Fri Nov 11 11:32:26 EST 2011


Hi all,

sorry for sending it again, but so far our issue has not been discussed:


on 29.03.2011:

when sending an email to RT 3.8.8 we have the following problem:

Situation:

Queue address: service-abc at example.org
Sender address: sender at example.com (known to RT, privileged, can create 
tickets, etc)
Third party address: recipient at example.net

Sending an email with Cc to Queue address and have Reply-to Header set

To: recipient at example.net
Cc: service-abc at example.org
Reply-to: recipient at example.net

yields "Could not load a valid user" for recipient at example.net

I think this may be a bug, because the original sender address is not 
used to auth against RT.
I don't know how reply addresses are normally handled via RT, but 
auth'ing a user via the Reply-to header field is wrong because it is 
almost every time different from the "From" field and to Reply-to 
address may have no rights in RT in most cases.

Imagine the following workflow:
recipient at example.net is a list, I want to inform it of something while 
creating a ticket using the Cc field.
In this case I am the requestor, emails should go to me and the Reply-to 
address could be set as CC or whatever.
Giving the Reply-to address access to RT is impractical because it is a 
list address only.

Can anybody confirm or has a solution to this? Maybe there is a quick 
code-fix ;)

greetings,
l.r.



More information about the rt-users mailing list