[rt-users] Strategies for coping with spam

[Tony Aiuto]

Does anyone have any thoughts to share about coping with spam in the
context of a customer support?   We chose not to use a filter like
spamassassin on our support email because we don't want to risk ignoring
customer mail.  What we end up seeing is at least 5 or 10 spams a day
which create tickets.

Right now we hand kill the junk ticket.   I made a shortcut to help
with that.  In WebRt/html/Ticket/Elements/Tabs:

      if ($Ticket->Status ne 'open') {
          $actions->{'Open'} =
            {
             path => "Ticket/Display.html?Status=open&id=". $id,
             title => 'Open'
            };
      }
+     if ($Ticket->CurrentUserHasRight('OwnTicket')) {
+      $actions->{'SPAM'} = {
+      path  => "Ticket/Display.html?Status=dead&KeywordSelectMagic7&KeywordSelect7=67&id=".$id,
+      title => 'SPAM'
+      };
+     }
  }

  if (defined $session{'tickets'}) {
      my $items = $session{'tickets'}->ItemsArrayRef();
      my @indexs = grep(($items->[$_]->id == $Ticket->Id), 0 .. $#{$items});

And in WebRT/html/Ticket/Display.html

*** 142,149 ****
--- 147,156 ----
        }
  #Process status updates
  my @BasicActions = ProcessTicketBasics(ARGSRef => \%ARGS, TicketObj=>$Ticket);
+ my @keywordActions = ProcessTicketObjectKeywords(TicketObj => $Ticket, ARGSRef => \%ARGS);
  
  push (@Actions, @BasicActions);
+ push (@Actions, @keywordActions);
  }
  </%INIT>
  

Together, this adds a [SPAM] link which marks the ticket dead and sets a
'reason for closure' keyword to 'SPAM'.   The magic #'s 7 and 67 are,
of course, site specific.

But that only eases some of the pain.

Most of these emails have invalid sender addresses.  RT generates
the autoresponse, and it bounces.   One thing for certain, you should
never make the outgoing mail envelope address be a live queue address!
That will give you an evil loop.   What I do for that is change the
sendmail args to spoof the sender, like so (config.pm)

	$SendmailArguments="-oi -t -fsupport-admin";

and then I also have to allow the user which runs the web server and
mailer processes be trusted by sendmail.  On my installation, apache
runs as httpd, and incoming mail becomes mailnull, so you have to add

	Thttpd mailnull

to sendmail.cf (and also submit.cf - for newer versions of
sendmail).


So now, support-admin (me) gets a bunch of mails like this every day.

	From MAILER-DAEMON at ics.com  Fri Nov 22 08:17:17 2002
	Date: Fri, 22 Nov 2002 10:16:59 -0300 (GMT)
	From: Mail Delivery Subsystem <MAILER-DAEMON at sirsield.sinectis.com.ar>
	To: <support-admin at ics.com>
	Subject: Returned mail: see transcript for details
	Auto-Submitted: auto-generated (failure)

	This is a MIME-encapsulated message
	--gAMDGxRT003562.1037971019/sirsield.sinectis.com.ar
	The original message was received at Fri, 22 Nov 2002 10:15:56 -0300 (GMT)
	from ics.com [216.112.183.3]
	   ----- The following addresses had permanent fatal errors -----
	<debra5427 at uole.com>
	    (reason: User unknown)

	   ----- Transcript of session follows -----

	.... snip snip snip ....

	Subject: [ICS #291] Support case acknowledged: Lender's Network Mortgage
	From: "keys" <keys at ics.com>
	Reply-To: keys at ics.com
	To: debra5427 at uole.com

These have to be hand checked and deleted.  Does anyone else have a
similar problem?   Have they whacked rt-mailgate to look for bounces
like this and kill the corresponding ticket?  I think the The criteria
would be

	Mail is from MAILER-DAEMON
	Body contains
	   ----- The following addresses had permanent fatal errors -----
	Body contains
	   Subject: [<valid RT ticket ident>] Support case acknowledged: ......


Again, does anyone have interesting spam mitigation hacks to share?

-tony