[Rtir] Odd Blocks reports

Tony Arnold tony.arnold at manchester.ac.uk
Sat Nov 23 06:52:09 EST 2013


I've been through the same thing. I originally had our network team 
configured as admincc watchers on the blocks queue. This made sending 
block requests very easy as we didn't have to put anything in the 
correspondents field when creating the block.

However, the status of tickets in the blocks queue can be automatically 
updated by correspondence. So I create a block in 'Activation pending' 
state. Message goes off to network team who then reply. This changes the 
state to 'Activated'. Similar thing happens on removal.

This does not work when the network team is configured as watchers 
rather than specified as correspondents. This is because the state 
change only gets done if the incoming e-mail is from one of the 
requesters of the ticket.

So we took off the watchers and we now specify the network team 
explicitly every time we create a block. We have to specify the members 
of the team explicitly, we cannot even use their group mailing list address.

All a bit of a pain really.


On 22/11/13 15:19, Peter Bates wrote:
> Hash: SHA1
> Hello all
> As part of the RTIR installation, I followed from the README:
> Using RT's configuration interface, add the email address
>     of the Network Operations Team (the people who will handle
>     activating and removing Blocks) as AdminCC on the Blocks queue.
>     RT -> Queues -> Blocks -> Watchers
> The emails it generates lack a 'To:' field (I can see this is because
> the message is a BCC) which is leading to confusion in our Networking team.
> The email also contains at the top:
> Fri Nov 22 14:37:20 2013: Request 6758 was acted upon.
>   Transaction: Ticket created by xxx
>         Queue: Blocks
>       Subject: Brute force block for 6 hosts
>         Owner: xxx
>    Requestors:
>        Status: pending activation
>   Ticket <URL: https://rt.cert.ucl.ac.uk/Ticket/Display.html?id=6758 >
> As they can't access the RTIR interface this is also causing confusion.
> Is this generated from a template, or where do I go to change this
> - - and can I set up the Blocks queue to just have the Network team
> as a standard To: / correspondent and not BCC or CC?
> Thanks.
> - --
> Peter Bates
> Senior Information Security Officer   Phone: +44(0)2076792049
> Information Services Division	      Internal Ext: 32049
> University College London
> London WC1E 6BT
> Version: GnuPG v1.4.13 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> pnLLmsjgV8PD7Lq38SgJbtGmpWDQ5cJOVCt5wRvJGrEW4fC+QgJFz2P6M2gY/IMh
> 840c6AIzRXNcwJQbG/WzmFiQvbaXjIzoZ7V1AJxvmZA99vWXtBqzmmchvESk5kQH
> 45RfjNnlUZBqh8aT8ytd7EMW6+ZfP2epCQG7OKX1dEs221zYw/Y7Aij2NBYg1cl2
> KsfeOXxhCgoCrw9PZ2ynG//PTLxkV7XzmmJPKz/hD8gGTINOXwx0OSZxzEh8a7NV
> FN76VUevFAhmrY4i9dCWF8Z13WGPh13aHx3VSQ3ipgdn6ExyGR9L9QpS5yjcHpY=
> =bHi0

Tony Arnold,                        Tel: +44 (0) 161 275 6093
Head of IT Security,                Fax: +44 (0) 705 344 3082
University of Manchester,           Mob: +44 (0) 773 330 0039
Manchester M13 9PL.                 Email: tony.arnold at manchester.ac.uk

More information about the rtir mailing list