[rt-users] Protecting RT

Phil Homewood pdh at bestpractical.com
Sun Apr 13 19:28:42 EDT 2003


ODHIAMBO Washington wrote:
> One moron sent an e-mail from postmaster at domain.name. This postmaster
> account/alias is not defined on their server. RT got the e-mail and
> promptly used the AutoReply feature in the relevant queue. The message
> hit the original submiter's server and the server responded with a
> "Mail Delivery Failure" to RT, which created a second ticket and so on..
> and so forth. This was NOT a mail loop, AFAIK.

Yes, this happens when the remote system:

* does not honour "Precedence: bulk" headers
* does not generate "Precedence: bulk" headers
* does not preserve the subject header
* does not preserve any other headers that RT adds in the reply

which makes it programatically impossible to determine that the
message received is in reply to something we sent.

Bruce Campbell wrote an excellent pair of scrips, UpdateSquelch
and AutoReplySquelch, that you can find in the contrib area.
They do a damn good job of limiting the damage that such broken
systems can cause, by keeping count of the number of messages
received from an address and disabling the autoreply when a
configurable threshhold is reached.
-- 
»|« http://www.bestpractical.com/rt  -- Trouble Ticketing. Free.



More information about the rt-users mailing list