[rt-users] Limiting SPAM into rt2 system.

Bruce Campbell bruce_campbell at ripe.net
Mon Dec 3 17:36:39 EST 2001 

On Mon, 3 Dec 2001, Peter Losher wrote:

> One question I do have, one requirement that we do have is that we accept
> bug reports via email.  While this makes it easier (we think), it opens us
> up to spam... large amounts of spam... REALLY large amounts of spam on a
> daily basis (as these bugs aliases are very well known in the Internet
> community, we are on every known spammers list).  We even have the
> occasional mail-loop to provide fun for one and all.

I'll raise you one.  We get people whinging about spam mail that they've
received, in addition to receiving the sodding crap.  And they're not very
polite about it either.

> Are there ways in the mail gateway abilities in RT2 to prevent this?
> Something like a cookie-based system, where you have to confirm your bug
> submission before it gets entered into the db?  Or are their other ways
> other RT admins have dealt with this issue?

On a slightly serious note, maybe a 'white' listing approach would work,
similar to the spamcop once-off of:

	Your address is not recognised.  Please confirm it by replying to
	this message, then we'll process your mail/bug report.

Elsethread, someone mentioned procmail.. looking at the procmailex man
page, this seems trivial to implement..  Actually, I've spent 10 minutes
or so and the below is the (untested) result - if it doesn't make sense,
read the procmail man pages before asking ;)

Have fun.

-- Main rt procmail protection
	:0 :sender.chk
	* !^FROM_MAILER
	* !^X-Loop:.*RT
	* ^TO_rt_address
	{
	  :0 Whc: sender.chk
	  | formail -rD 81920 sender.cache

	  # If the address wasn't in the cache.
	  :0 e
	  {
		# Get a random identifier.  1 line
		THISID="`perl -e '$frflag=0;while(<>)next
if($frflag>0);next
unless(m/^From\s(\S+)\s\s\S+/);$add=$1;$frflag=1;$crstr=rand(8192) . $add
. rand(16234);$lprt=crypt( $add, "rt");print \"$lprt\n\";}'`"

		# Send back the identifier.
		:0 hc
		| (formail -r -I"Precedence: junk"\
			-A"X-Loop: RT-auth-loop" \
			-I"From: rt-auth at your-domain" \
			; \
			cat std_auth_self_template | \
			sed -e "s/IDENTIFIER/$THISID/g" ) | \
			$SENDMAIL -t

		# Save the message in a spot indicated by the identifier.
		# perl 'crypt' function should be pathname safe.
		:0
		maildir/$THISID
	  }

	  # Address was in the cache - Send it on to RT.
	  :0Whc: fastloop.chk
	  | formail -rD 128 fastloop.cache

	  # Address wasn't in the small fast-loop cache
	  :0e
	  | rt-mailgate

	  # Address was in the fast loop cache.  Don't send an auto-ack
	  # in case this is a fast loop.  Downside is that if this is a
	  # slow ticket queue, multiple issues from one person will not be
	  # acked until someone else emails the ticketing system.  You
	  # could put a crontab to delete the fastloop.cache file every
	  # 30 minutes I guess.
	  :0
	  | rt-mailgate -no-auto-ack-whats-the-flag-for-this?
	}

	# Deal with mails from mailer daemons and possible loops
	:0
	* ^TO_rt
	| rt-mailgate -no-auto-ack-whats-the-flag-for-this?

	# Mails not to RT, but received
	:0
	! human_person

--- std_auth_self_template

	Hi there,

	Thankyou for emailing Example.Com, the organisation proudly used
	for examples the world over.  Our Marketing people insist that we
	plug our website, at http://www.example.com/ .

	So that we can serve *you* better, (and so we're not wasting our
	time by dealing with spam mail), we'd like to ask you to do
	something special for us.  We have put your original message to
	one side, where it will be kept nice and secure until we've got
	this trifling administrative detail out of the way, or a week
	passes.

	Please verify that you are a human, and not some annoying spam
	mail, by replying to this message, making sure that you include
	the line below.

		Random-Auth-ID: IDENTIFIER

	Please send your reply to 'rt-auth at example.com'.  Once we receive
	this, we will send your original message onwards to our shiney
	tracking system, where we'll keep your original date and time of
	sending.

	If you need to interact with us (and we hope you do) beyond the
	items outlined in your message, we will recognise your address the
	next time, and not ask you to prove your existence again.

	Yours in hopeful existence-certainty:

		Example.Com
		Proud Makers of Example Texts Everywhere.

---RT-auth procmail snippet

	# Find the identifier in the mail - 13 chars is what crypt
	# returns?  Note we don't bind to the start of the line, as
	# too many people misunderstand forward (^), reply (^>\s+) or
	# other requests.  As long as its in the body, as-is, its fine.

	FOUNDID="`perl -e '$found=0;while(<>){next if( $found >
0);next unless(m/Random-Auth-ID:\s*(\S{13,13})\s*/i;$lprt=$1;if(
$lprt =~ /^[A-Za-z0-9]+$/){$found=1;print \"$lprt\n";}}'"

	# See if its there.
	:0
	* ? test -f mail/$FOUNDID
	{
	  # The file exists.  Send this file on.
	  :0
	  * ? cat mail/$FOUNDID | formail -s $SENDMAIL -t
	  * ? rm mail/$FOUNDID
	  | ( formail -r -I"Precedence: junk" \
		-I"X-Loop: RT-auth at your.domain" \
		; \
		cat std_auth_ack ) | $SENDMAIL -t

	  # Some error occured.  Bounce to a person.
	  :0
  	  ! human_person
	}

	# They had no identifier there.
	:0 Whc
	| ( formail -r -I"Precedence: junk" \
		-I"X-Loop: RT-auth at your.domain" \
		; \
		cat std_no_auth_found ) | $SENDMAIL -t

	# Bounce it to a human just in case.
	:0
	! human_person

--- Cronscript to clean up old auth files - your xargs may not support
    this flag.

# Find files older than 7 days.
5 */8 * * * find mail -mtime +7 -print | xargs --no-run-if-empty rm

--- Are you still reading this far?


-- 
                             Bruce Campbell                            RIPE
                                                                        NCC
                                                                 Operations

More information about the rt-users mailing list