Right,
A user just e-mailed me directly on an existing ticket, copying in
support@ (which is RT 3.8)
Original message;From: Some User some.user@domain.com
To: support@lonap.net
Cc: rob@lonap.net
Subject: [TICKET #1234] Test
So… My reply, I set the "Reply-To: " header to be support@lonap.net
to encourage replies to go back to the ticketer.
Reply headers (from my mail client):
Date: Thu, 23 Aug 2012 13:31:47 +0100
From: Rob Lister rob@lonap.net
Reply-To: support@lonap.net
To: some.user@domain.com
Cc: LONAP Tickets - Rob via RT support@lonap.net
Subject: Re: [LONAP #1234] Test
Foo
RT’s output (slightly anonymized)
Subject: Re: [TICKET #1234] Test
From: Doctor Helga via RT support@lonap.net
------^^^^^^^^^^^^
Reply-To: support@lonap.net
Message-ID: rt-3.8.8-19325-1345725109-973.2411-5-0@lonap.net
Precedence: bulk
X-RT-Loop-Prevention: LONAP
RT-Ticket: TICKET #1234
Managed-by: RT 3.8.8 (Request Tracker — Best Practical Solutions)
RT-Originator: support@lonap.net
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=“utf-8”
X-RT-Original-Encoding: utf-8
Date: Thu, 23 Aug 2012 13:31:49 +0100
Foo
Where the Helga is it getting that from???
R.
RT’s output (slightly anonymized)
Subject: Re: [TICKET #1234] Test
From: Doctor Helga via RT support@lonap.net
------^^^^^^^^^^^^
Is that what RT shows in the outgoing email or what the mail client
sees?
If the former, search for the User which Doctor Helga as a real name.
If the latter, some mail clients cache the first “SoandSo via RT” that
they see affiliated with support@, and don’t render what we send.
-kevin
RT’s output (slightly anonymized)
Subject: Re: [TICKET #1234] Test
From: Doctor Helga via RT support@lonap.net
------^^^^^^^^^^^^
Is that what RT shows in the outgoing email or what the mail client
sees?
It’s what RT puts in there. And you’re right, it’s getting it
from the “user” name.
My guess is that somebody spammed us with a “From:” header of:
And it auto-created that user.
We’ve never spotted it before because we never set
“Reply-To: support@…”
Pfft.
Rob Lister
rob@lonap.net
RT’s output (slightly anonymized)
Subject: Re: [TICKET #1234] Test
From: Doctor Helga via RT support@lonap.net
------^^^^^^^^^^^^
Is that what RT shows in the outgoing email or what the mail client
sees?
It’s what RT puts in there. And you’re right, it’s getting it
from the “user” name.
My guess is that somebody spammed us with a “From:” header of:
From: Doctor Helga support@lonap.net
To: support@lonap.net
And it auto-created that user.
You can look in the database or use the Perl API to see deleted tickets
created by that user and verify this. You can also see who the user was
created by in the database (RT_System vs. someone else).
I’d argue that there are two bugs here:
-
That users can get created with an email address (or updated to an
email address) for which RT::EmailParser->IsRTAddress returns true.
-
That addresses for which IsRTAddress returns true are not filtered
out at the time the sender/creator is determined.
Thomas Hi
When a tickets is raised by email if the user doesn’t exist it is created, these are tagged as being auto generated its not a bug. If you have a problem with tickets being created by spam and I am sure most of us have at some time since starting with RT you should put some sort of filter in place. Perhaps BP could put in a config item which says to only open tickets from registered users, maybe there is a function in 4.0.6 not usre haven’t got to that yet.
Regards Simon-----Original Message-----
From: Thomas Sibley [mailto:trs@bestpractical.com]
Sent: 23 August 2012 18:39
To: rt-users@lists.bestpractical.com
Cc: rt-bugs@bestpractical.com
Subject: Re: [rt-users] Who is “Doctor Helga” ?
On 08/23/2012 08:57 AM, Rob Lister wrote:
On Thu, Aug 23, 2012 at 10:43:27AM -0400, Kevin Falcone wrote:
On Thu, Aug 23, 2012 at 03:03:11PM +0100, Rob Lister wrote:
RT’s output (slightly anonymized)
Subject: Re: [TICKET #1234] Test
From: Doctor Helga via RT support@lonap.net ------^^^^^^^^^^^^
Is that what RT shows in the outgoing email or what the mail client
sees?
It’s what RT puts in there. And you’re right, it’s getting it from the
“user” name.
My guess is that somebody spammed us with a “From:” header of:
From: Doctor Helga support@lonap.net
To: support@lonap.net
And it auto-created that user.
You can look in the database or use the Perl API to see deleted tickets created by that user and verify this. You can also see who the user was created by in the database (RT_System vs. someone else).
I’d argue that there are two bugs here:
-
That users can get created with an email address (or updated to an email address) for which RT::EmailParser->IsRTAddress returns true.
-
That addresses for which IsRTAddress returns true are not filtered out at the time the sender/creator is determined.
Thomas Hi
When a tickets is raised by email if the user doesn’t exist it is
created, these are tagged as being auto generated its not a bug. If
you have a problem with tickets being created by spam and I am sure
most of us have at some time since starting with RT you should put
some sort of filter in place. Perhaps BP could put in a config item
which says to only open tickets from registered users, maybe there is
a function in 4.0.6 not usre haven’t got to that yet.
Yep, I know that auto-creating users isn’t a bug. You may note I work
for Best Practical. 
The bugs I was pointing out are that users shouldn’t be allowed to be
created with (crucially) email addresses that point back into RT itself.
Thomas