RT AutoCreated Watcher From: header causing bounces

RT Users
1

Currently on RT 4.4.3. This might have been answered somewhere, but my searching hasn’t come up with anything.

When RT receives an email from an unknown email address, it auto creates a user with that email address.

This user is set up as follows:

User: fred.bloggs@example.com
Email: fred.bloggs@example.com
Real Name:

The real name is blank.

All fine so far. Until there are many watchers/cc/requestors on the ticket from the domain example.com.

So you have a ticket the looks like:

Requestors: fred.bloggs@example.com, fred.smith@example.com, joe.turner@example.com

When one of the requestors, say, fred.smith@example.com replies to the email, it hits RT.

RT then updates the ticket and sends an email update with the From header like this:

Date: Thu, 01 Dec 2022 09:52:31 +0000
From: "fred.smith@example.com via RT" <support@ourdomain.net>
Subject: [TICKET #22222]  Some support request
To: fred.bloggs@example.com, joe.turner@example.com

Now, example.com uses a mail service such as Mimecast, which rejects messages where the sender’s email address appears anywhere in the From: header. (Even though RT correctly sets the From: address to us support@ourdomain.net, the name/text part of the From: header contains the email address of the sender.)

RT receives a bounce as follows every time one of the watchers replies on the ticket (creating a new ticket in RT)

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  fred.bloggs@example.com
    host eu-smtp-inbound-1.mimecast.com [91.220.42.201]
    SMTP error from remote mail server after end of data:
    550 Rejected by header based Anti-Spoofing policy:
    fred.bloggs@example.com - https://community.mimecast.com/docs/DOC-1369#550 [oskDIRwDPeqgmYE5t6k7Xg.uk265]
  joe.turner@example.com
    host eu-smtp-inbound-1.mimecast.com [91.220.42.201]
    SMTP error from remote mail server after end of data:
    550 Rejected by header based Anti-Spoofing policy:
    joe.turner@example.com - https://community.mimecast.com/docs/DOC-1369#550 [oskDIRwDPeqgmYE5t6k7Xg.uk265]

This “fix” for this is to edit fred.smith@example.com’s profile in RT, and fill in the “Real Name” field, e.g. “Fred Smith” and then RT will send the header:

From: "Fred Smith" via RT <support@ourdomain.net>

But it’s quite annoying to have to keep fixing up user profiles. Even though the Full Name is present in the From: header of the incoming message, RT doesn’t populate the Real Name field when auto-creating new users.

Is there a way to get RT to put the right thing in the Real Name field, or if there is no name in the incoming message From: header, perhaps just use the local-part of the email address (before the @) sign so it doesn’t trip up the anti-spoofing policy of certain email providers?

Thanks.

2

#

There are some configs to set the from header which might also work

3

Thanks. I considered changing that, but

$UseFriendlyFromLine

By default, RT sets the outgoing mail’s “From:” header to “SenderName via RT”. Setting $UseFriendlyFromLine to 0 disables it.

The problem is that whatever is supposed to populate Real Name on auto-created users, does not.

Then, some other code, on seeing that Real Name is blank, decides to use the email address in “SenderName”. So it might be an email address. And if Real Name is blank, it uses the email address.

I still want the name of the user to appear (Otherwise, it becomes hard to tell who is replying to what, if everything comes from the same email address.)

If I set FriendlyFromLineFormat, then what do I set this to?

I don’t think printf is powerful enough to extract everything before the “@”: "fred.smith@example.com" -> "fred.smith"

4

Looking at the code to see if I can find out what causes this. I think what is happening:

  • On the first reply to a (non-email created) ticket, watchers created from replies to tickets (i.e. where we send an outbound ticket, and a reply comes in from a previously unknown email address), are apparently created by RT::Interface::Email::Auth::MailFrom, and have the comment Autocreated on ticket submission added to the user profile. The Real Name field in this case is correctly populated by LoadOrCreateByEmail:
    my $user = RT::User->new( RT->SystemUser );
    $user->LoadOrCreateByEmail(
        RealName     => $Name,
        EmailAddress => $Address,
        Comments     => 'Autocreated on ticket submission',
    );

    $CurrentUser = RT::CurrentUser->new;
    $CurrentUser->Load( $user->id );

    return $CurrentUser;
  • Other auto-created users have this comment: Autocreated when added as a watcher. This seems to be what happens when LoadOrCreateByEmail is called only with email address.
sub LoadOrCreateByEmail {
    my $self = shift;

    my %create;
    if (@_ > 1) {
        %create = (@_);
    } elsif ( UNIVERSAL::isa( $_[0] => 'Email::Address' ) ) {
        @create{'EmailAddress','RealName'} = ($_[0]->address, $_[0]->phrase);
    } else {
        my ($addr) = RT::EmailParser->ParseEmailAddress( $_[0] );
        @create{'EmailAddress','RealName'} = $addr ? ($addr->address, $addr->phrase) : (undef, undef);
    }

Looks like if it doesn’t get a RealName, it sets RealName to $addr. This is probably not a safe thing to do these days given the anti-spoofing policies of many mail providers, who want to prevent phishing attempts with headers that look like:

From: "The Boss - boss@yourcompany.com" <evil@scumbag.scammer.com>

Many email clients by default only display the name part and hide the actual From: address, so you end up with:

From: The Boss - boss@yourcompany.com

(Although it may display a warning that this is from an external sender, I guess users just get blind to this warning after a while.)

  • We use a modified version of this scrip: AddWatchersOnCorrespond - Request Tracker Wiki. Because internal users like to follow-up using email, we need to ensure that if the customer adds a Cc: or To:, they are automatically added as a Requestor to the ticket. (The person corresponding via email will not realise that their replies are not going to the people added in Cc: by the customer.)

  • AddWatchersOnCorrespond was calling LoadOrCreateByEmai() only with the email address, not attempting to populate RealName. I have updated AddWatchersOnCorrespond so it now always populates the RealName field for users it autocreates. (If there is no phrase to be found in the header, it makes something up based on the local-part of the email address, e.g. “fred.bloggs@example.com” will become "Fred Bloggs".

  • (After this executes, We also use RT-Extension-NonWatcherRecipients to add a warning into the Admins email notification of any recipients on the email that are not on the ticket. (Our version of AddWatchersOnCorrespond checks if the proposed cc/to to be added is from a domain of a watcher already on the ticket and if not, does not add them.))