RT 4.4 too noisy with denied users

Since RT 4.4 (as shipped by Debian 10/buster), I am getting bounces when a blocked user writes to RT.

In previous versions, we would “block” spammy users directly from the web interface, by unchecking the Let this user access RT box in the user Edit form. This was nice: RT admins could block the user from creating tickets without having to go on the commandline or config management to add a block rule in the MTA. The user would get a bounce, and we’d stop getting their junk.

But since 4.4., that behavior has changed, in this commit:

And indeed, this replicates the _NoAuthorizedUserFound functionality which was ripped out in that commit, which, as I understand it, was optional:

But now that behavior is enforced, and there’s no way to disable it. I think that’s a problem: we’re getting tens of bounces like this every night now.

So I would propose we revert that change, and have done so in this PR:

I would be fine with moving this into an (optional) plugin, but as an enforced mechanism, it seems really counter-productive…

Let me know if that should be reported to rt-bugs@bp.com instead! :slight_smile:

I filed this as a bug in Debian, in bug #951272.


It sounds like making which types of notifications should be sent to the OwnerEmail address a config variable would be one solution as well

sure, but that’s a much bigger piece of work than just reverting that patch or moving it to a plugin…