Emails from no-reply redmine's address hell cycle
I wish to share with u the bug i've found.
Please correct me if I wrong, but it seems since unknown_user feature was added, there are possible troubles with spam email letters may occur.
Desire such installation:
We have system-wide email for responding "email@example.com";
We have several projects, "A", "B", and "C";
With our redmine we parsing different email addresses for adding issues to projects with uncnown_user=create and specific project= options enabled, including redmine email address, for example, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org;
Once upon a day, we receive a spam letter where the sender equals recipient and unfortunately equals one of our emails..
For example, letter from email@example.com to firstname.lastname@example.org .
Then, application does the following:
creating issue 2 (with projectc's credentials) in project C;
sending letter 3++ (about issue 2 created) from email@example.com to firstname.lastname@example.org;
which in cycle becomes new followups of issue 2;
creating issue 3 (with myredmine's credentials) in project A;
sending letter 5++ (about issue 3 created) from email@example.com to firstname.lastname@example.org;
which in cycle becomes new followups of issue 3...
Maybe this sequence is wrong, but algorythm is clear and from one hell letter (or because of lack of brains) we have 3 infinitely growing issues, which wasting rails time and eating disk space.
Only one solution I've found quickly - to add users with system and projects emails and uncheck all notification options for them.
Maybe the community offers another solution to prevent such email cycling.
#1 Updated by Jean-Philippe Lang about 8 years ago
- Status changed from New to Resolved
- Target version set to 0.8.7
- Resolution set to Fixed
Emails received from the application emission address are now ignored (r3022).
In your example, it will stop after creating issue 1.
Maybe we could also ignore emails where 'From' and 'To' addresses are the same. It would prevent the issue 1 to be created.
#3 Updated by Eric Davis about 8 years ago
- Status changed from Resolved to Closed
- Target version changed from 0.8.7 to 0.9.0
I think this should be pushed to 0.9. From what it looks like the 0.8 branch doesn't have the unknown users option in it's mailhandler (from r2789). If I'm wrong, feel free to reset this back to 0.8.7.