Q: mailloops w/ rt-2.0.13

hello,

we have a problem with mailloops and rt-2.0.13.
we get a mail loops when some spam-idiots send mail of the form

where bla@sil.at is a forward to the tracker into the queue ``bla’'.
we need to have autoreply enabled on our queues and use the bla-comment
feature to have the ability of attachments and send a cc-mail to the owner
of a ticket when the user replyed again.

is there a simple way to check within the tracker if requestor and
queue-address are the same to prevent this kind of mail-loops?

thanks,
cjm silver:server
SILVER SERVER \\\\\\\\\\\\\\\\\\\\\\\ \\\ \
cjm@sil.at, cjm@enemy.org, neo@bsdger.org www.sil.at | www.enemy.org
** PGP-Key-ID: 0xA941452D | “Why are we hiding from the police, dad?” -
--------------------------| “Because we use vi, son. They use Emacs”.

Chris J. Mutter wrote:

we get a mail loops when some spam-idiots send mail of the form

From: bla@sil.at
To: bla@sil.at

where bla@sil.at is a forward to the tracker into the queue ``bla’'.

The bounce-detection should take care of this. Can you ensure
that the X-RT-Loop-Prevention header is present and correct in
the messages that are feeding back into RT? If it is, you’ve
found a bug; if not, something might be eating it along the way.

IsRTAddress() in config.pm may also be of some help.
Phil Homewood, Systems Janitor, www.snapgear.com
pdh@snapgear.com Ph: +61 7 3435 2810 Fx: +61 7 3891 3630
SnapGear - Custom Embedded Solutions and Security Appliances

Chris J. Mutter wrote:

we get a mail loops when some spam-idiots send mail of the form

From: bla@sil.at
To: bla@sil.at

where bla@sil.at is a forward to the tracker into the queue ``bla’'.

The bounce-detection should take care of this. Can you ensure
that the X-RT-Loop-Prevention header is present and correct in

Preservation of loop detection headers cannot always be counted upon,
although it makes loop detection much easier.

                         Bruce Campbell                            RIPE
               Systems/Network Engineer                             NCC
             www.ripe.net - PGP562C8B1B             Operations/Security

hi bruce, others,

we get a mail loops when some spam-idiots send mail of the form

From: bla@sil.at
To: bla@sil.at

where bla@sil.at is a forward to the tracker into the queue ``bla’'.

The bounce-detection should take care of this. Can you ensure
that the X-RT-Loop-Prevention header is present and correct in

jup. the header is present and correct.

Preservation of loop detection headers cannot always be counted upon,
although it makes loop detection much easier.

seems so. so how cold i fix this problem? we get almost once a day spam
with forged headers and its not so easy to restrict it via SMTP cause
some users of rt also send themselves mails out with a role-acount’s
email address. we investigated the problem and found that the mail loop
stops when we take out the requestor'' as watcher’’ on those tickets…
but it takes some while to find out what is the corrupt ticket.

i think the problem is somewhere with the ``notify_all_watchers’’ function
of rt2 … (as far as i know a requestor is also a watcher - but there
should be a check within rt2 to prevent a loop here, or?)

later,
cjm
SILVER SERVER \\\\\\\\\\\\\\\\\\\\\\\ \\\ \
cjm@sil.at, cjm@enemy.org, neo@bsdger.org www.sil.at | www.enemy.org
** PGP-Key-ID: 0xA941452D | “Why are we hiding from the police, dad?” -
--------------------------| “Because we use vi, son. They use Emacs”.

Chris J. Mutter wrote:

The bounce-detection should take care of this. Can you ensure
that the X-RT-Loop-Prevention header is present and correct in

jup. the header is present and correct.

OK. You have a bug. (I assume you checked the email as received
by RT, not as sent?)

i think the problem is somewhere with the ``notify_all_watchers’’ function
of rt2 … (as far as i know a requestor is also a watcher - but there
should be a check within rt2 to prevent a loop here, or?)

Well, as a kind of workaround, you could grab Bruce’s AutoReplySquelch
ScripAction from the contrib area and use it in place of Autoreply;
but that’s just hiding the bug. We really need to know why RT is
sending out email in response to an email containing a correct
X-RT-Loop-Prevention header.

Can you grab the full headers from the message as seen by RT, and
run them through “cat -e”? (Someone recently reported extraneous
spaces at the end of header fields; this could cause your problem.
See http://lists.fsck.com/pipermail/rt-devel/2002-July/002482.html
for a patch, but once again, this is a kluge, we really should work
out what’s putting spaces there – if this /is/ your problem.

Jesse: Is it worth adding Gavin’s one line patch (URL above) to
the core as a kind of “safety net” while this issue is causing
problems?
Phil Homewood, Systems Janitor, www.snapgear.com
pdh@snapgear.com Ph: +61 7 3435 2810 Fx: +61 7 3891 3630
SnapGear - Custom Embedded Solutions and Security Appliances