[rt-users] Spam filtering in RT
Bill Cole
rtusers-20090205 at billmail.scconsult.com
Mon Jul 6 13:10:58 EDT 2009
Venkateswaran, Subbaraman wrote, On 7/6/09 10:05 AM:
>
>
> Hello everyone,
>
> Would like to understand what's the best strategy to stop spam emails
> creating tickets in RT ? Thanks for your time.
That's a bit like asking "what's the best vehicle?" without mentioning what
sort of transportation you need.
RT gets used in so many different types of environments that a perfect
anti-spam solution for one site may be completely useless elsewhere. I've
worked with RT in three very different places, and spam control in each has
been very different. Some generally useful principles:
1. Do as much of your spam stopping as you can in the MTA layer, not in the
mail gateway delivery agent or RT itself.
2. Segregate your RT mail from all other mail. Ideally, the domain part of
the addresses that deliver into RT will only be used for RT mail, so you can
have spam control for it that is not compromised by the needs of other
recipients in the domain. When that is not possible (e.g. public role
accounts like abuse-reporting addresses) you will still benefit from having
some mechanism that treats RT's mail differently before it gets handed off
for delivery into RT.
3. If you don't need to accept requests from random strangers, don't
configure RT to autocreate users when receiving email from random strangers.
This alone (sometimes in conjunction with something like
RT::Authen::ExternalAuth that can autocreate RT users based on an external
user database) is adequate for many circumstances.
4. Use the per-queue address mechanism (built into 3.8, previously in the
BrandedQueues extension) so that you can segregate correspondence on
existing tickets from new-request mail, and filter the two streams
accordingly (e.g. require mail to a queue-specific address to have the right
RT Subject tag) using whatever tools your MTA has or can hook into.
5. Think carefully about how RT's legitimate incoming mail in your
environment differs from a generic mail stream aimed at a large set of
people, and use that (see #1) to tune its filtering. Spam control is done
best when it is customized for a specific well-understood mail stream rather
than generically. A mail stream into RT is very unlikely to look like a mail
stream into a bunch of corporate users' mailboxes or into a consumer ISP's
users' mailboxes or into a sysadmin's mailbox. Tactics that would do
violence to personal mail might be harmless and effective for RT's incoming
mail, and vice versa.
6. Be prepared to adjust your filtering of RT's mail in response to spam
coming in.
More information about the rt-users
mailing list