[rt-users] Adding cc:'s and to:'s from subsequent emails.
Kevin Falcone
falcone at bestpractical.com
Tue Nov 6 14:07:27 EST 2012
On Tue, Nov 06, 2012 at 12:00:19PM -0700, Jason Marshall wrote:
> Hi all, sorry for the repeat, just wondering if this even made it
> out to the list a week ago, as I never got any replies at all, which
> is strange for this very helpful list :)
Actually, Jason Smith replied to both you and the mailing list last
week.
http://www.gossamer-threads.com/lists/rt/users/112853?search_string=subsequent%20emails;#112853
I'm not sure if the scrip he recommends addresses any of the security
concerns around allowing random people to CC themselves onto the
ticket. Don't forget you can always fake From: and use that to add
yourself to a ticket.
-kevin
>
> Hi all, I guess I should start by asking if this is a good idea AT
> ALL. I believe I want to get the people cc:ed or added to the to:
> line in email responses added to the ticket as Ccs. Not sure I've
> phrased that in a way that parses well; if not, let me know and I'll
> rephrase.
>
> When I open a NEW ticket and cc: some people, they get added as
> cc:'s no problem, so I know the basic functionality is there. What
> I'm asking about is after the ticket is open, someone else is
> brought into the conversation as a cc, so he gets a copy of THIS
> email, but that new cc: doesn't see any other replies unless people
> reply to emails with him as a "real" cc:. I'd like the cc: to be
> added to the ticket so he sees all future correspondence whether
> he's specifically cc:ed or not.
>
> Is this a stupid idea? Is that why the ParseNewMessageForTicketCcs
> flag only does this for New tickets? Is there a similar flag for
> parsing all messages? I googled ParseMessageForTicketCcs (no "New")
> and got a few old warnings, but nothing concrete.
>
> One warning was that anyone could cc: themselves on all your tickets
> just by spamming you, but I'm not clear on how that would work, and
> it could easily be avoided by only adding the cc:'s when parsing a
> message from someone who's already a cc:, watcher, or originator...
>
> Anyway, i'm starting to ramble here. Does anyone do this now? has
> anyone done it and wished they hadn't?? Note that this RT3 system
> is used primarily internally and by trusted clients. In theory it's
> not going to get spammed or beat on by "outsiders".
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 235 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20121106/ab7bd5f4/attachment.sig>
More information about the rt-users
mailing list