[rt-users] Strategies for coping with spam
Tony Aiuto
tony at ics.com
Fri Nov 22 10:07:58 EST 2002
Does anyone have any thoughts to share about coping with spam in the
context of a customer support? We chose not to use a filter like
spamassassin on our support email because we don't want to risk ignoring
customer mail. What we end up seeing is at least 5 or 10 spams a day
which create tickets.
Right now we hand kill the junk ticket. I made a shortcut to help
with that. In WebRt/html/Ticket/Elements/Tabs:
if ($Ticket->Status ne 'open') {
$actions->{'Open'} =
{
path => "Ticket/Display.html?Status=open&id=". $id,
title => 'Open'
};
}
+ if ($Ticket->CurrentUserHasRight('OwnTicket')) {
+ $actions->{'SPAM'} = {
+ path => "Ticket/Display.html?Status=dead&KeywordSelectMagic7&KeywordSelect7=67&id=".$id,
+ title => 'SPAM'
+ };
+ }
}
if (defined $session{'tickets'}) {
my $items = $session{'tickets'}->ItemsArrayRef();
my @indexs = grep(($items->[$_]->id == $Ticket->Id), 0 .. $#{$items});
And in WebRT/html/Ticket/Display.html
*** 142,149 ****
--- 147,156 ----
}
#Process status updates
my @BasicActions = ProcessTicketBasics(ARGSRef => \%ARGS, TicketObj=>$Ticket);
+ my @keywordActions = ProcessTicketObjectKeywords(TicketObj => $Ticket, ARGSRef => \%ARGS);
push (@Actions, @BasicActions);
+ push (@Actions, @keywordActions);
}
</%INIT>
Together, this adds a [SPAM] link which marks the ticket dead and sets a
'reason for closure' keyword to 'SPAM'. The magic #'s 7 and 67 are,
of course, site specific.
But that only eases some of the pain.
Most of these emails have invalid sender addresses. RT generates
the autoresponse, and it bounces. One thing for certain, you should
never make the outgoing mail envelope address be a live queue address!
That will give you an evil loop. What I do for that is change the
sendmail args to spoof the sender, like so (config.pm)
$SendmailArguments="-oi -t -fsupport-admin";
and then I also have to allow the user which runs the web server and
mailer processes be trusted by sendmail. On my installation, apache
runs as httpd, and incoming mail becomes mailnull, so you have to add
Thttpd mailnull
to sendmail.cf (and also submit.cf - for newer versions of
sendmail).
So now, support-admin (me) gets a bunch of mails like this every day.
From MAILER-DAEMON at ics.com Fri Nov 22 08:17:17 2002
Date: Fri, 22 Nov 2002 10:16:59 -0300 (GMT)
From: Mail Delivery Subsystem <MAILER-DAEMON at sirsield.sinectis.com.ar>
To: <support-admin at ics.com>
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)
This is a MIME-encapsulated message
--gAMDGxRT003562.1037971019/sirsield.sinectis.com.ar
The original message was received at Fri, 22 Nov 2002 10:15:56 -0300 (GMT)
from ics.com [216.112.183.3]
----- The following addresses had permanent fatal errors -----
<debra5427 at uole.com>
(reason: User unknown)
----- Transcript of session follows -----
.... snip snip snip ....
Subject: [ICS #291] Support case acknowledged: Lender's Network Mortgage
From: "keys" <keys at ics.com>
Reply-To: keys at ics.com
To: debra5427 at uole.com
These have to be hand checked and deleted. Does anyone else have a
similar problem? Have they whacked rt-mailgate to look for bounces
like this and kill the corresponding ticket? I think the The criteria
would be
Mail is from MAILER-DAEMON
Body contains
----- The following addresses had permanent fatal errors -----
Body contains
Subject: [<valid RT ticket ident>] Support case acknowledged: ......
Again, does anyone have interesting spam mitigation hacks to share?
-tony
More information about the rt-users
mailing list