[rt-users] Again: RT using reply-to field to authenticate sender email
Lars Reimann
l.reimann at metaways.de
Fri Nov 11 11:32:26 EST 2011
Hi all,
sorry for sending it again, but so far our issue has not been discussed:
on 29.03.2011:
when sending an email to RT 3.8.8 we have the following problem:
Situation:
Queue address: service-abc at example.org
Sender address: sender at example.com (known to RT, privileged, can create
tickets, etc)
Third party address: recipient at example.net
Sending an email with Cc to Queue address and have Reply-to Header set
To: recipient at example.net
Cc: service-abc at example.org
Reply-to: recipient at example.net
yields "Could not load a valid user" for recipient at example.net
I think this may be a bug, because the original sender address is not
used to auth against RT.
I don't know how reply addresses are normally handled via RT, but
auth'ing a user via the Reply-to header field is wrong because it is
almost every time different from the "From" field and to Reply-to
address may have no rights in RT in most cases.
Imagine the following workflow:
recipient at example.net is a list, I want to inform it of something while
creating a ticket using the Cc field.
In this case I am the requestor, emails should go to me and the Reply-to
address could be set as CC or whatever.
Giving the Reply-to address access to RT is impractical because it is a
list address only.
Can anybody confirm or has a solution to this? Maybe there is a quick
code-fix ;)
greetings,
l.r.
More information about the rt-users
mailing list