Since RT 4.4 (as shipped by Debian 10/buster), I am getting bounces when a blocked user writes to RT.
In previous versions, we would “block” spammy users directly from the web interface, by unchecking the
Let this user access RT box in the user Edit form. This was nice: RT admins could block the user from creating tickets without having to go on the commandline or config management to add a block rule in the MTA. The user would get a bounce, and we’d stop getting their junk.
But since 4.4., that behavior has changed, in this commit:
And indeed, this replicates the
_NoAuthorizedUserFound functionality which was ripped out in that commit, which, as I understand it, was optional:
But now that behavior is enforced, and there’s no way to disable it. I think that’s a problem: we’re getting tens of bounces like this every night now.
So I would propose we revert that change, and have done so in this PR:
I would be fine with moving this into an (optional) plugin, but as an enforced mechanism, it seems really counter-productive…
Let me know if that should be reported to email@example.com instead!
I filed this as a bug in Debian, in bug #951272.