Project

General

Profile

Task #1910

need auto-reply text for bugzilla-daemon@bugs.documentfoundation.org

Added by Christian Lohmaier over 1 year ago. Updated 20 days ago.

Status:
Closed
Priority:
Normal
Category:
-
Target version:
Team - Pool
Start date:
Due date:
% Done:

100%

Estimated time:
(Total: 0:00 h)
Tags:
URL:

Description

Since we made this a valid email, we see people trying to comment via email (and they will now think it came through)

we should have an auto-responder telling people to visit bugzilla and properly filing a comment instead.

scope of this ticket is to draft a corresponding text.


Subtasks

Task #2120: Issue with Bugzilla autoresponse mailClosedGuilhem Moulin

History

#1 Updated by Beluga Beluga over 1 year ago

Hello,

you have replied to a Bugzilla notification email. Your reply will not appear in the bug report comments. To add a comment to the report, click on the "bug number" link in the notification email, log in to Bugzilla if needed, write in the comment field and click "Save Changes".

#2 Updated by Cor Nouws over 1 year ago

Beluga Beluga wrote:

you have replied to a Bugzilla notification email. Your reply will not appear in the bug report comments. To add a comment to the report, click on the "bug number" link in the notification email, log in to Bugzilla if needed, write in the comment field and click "Save Changes".

Thanks! I've added a few small suggestions.

"
You have replied to a Bugzilla notification email. However, your reply will not be added to the bug report and not been seen by anyone.

But of course a comment with additional information is more then welcome!
To add a comment to the report, click on the link with bug number, on top of the notification email, log in to Bugzilla if needed, write in the comment field and click "Save Changes".
"

#3 Updated by Florian Effenberger over 1 year ago

I'd be very cautious with auto replies to avoid backscattering
Either set them up using Sieve filters, so only one notification per
day/week gets sent out, or use the Postfix REJECT mechanism where this
is handled on the SMTP session level

#4 Updated by Christian Lohmaier over 1 year ago

  • Status changed from New to In Progress
  • Assignee set to Christian Lohmaier
  • % Done changed from 0 to 70

created necessary autoresponder entries in postfix and wrote a script that assembles a response.

Right now it is still in debug mode, so no mail is actually sent out to the original poster (but to me with hostmaster in bcc) – it only will send mail to the user when reply-to header matches a bugzilla generated message-ID, so should be a reasonable choice against backscatter, but if that's too loose, additional limits can be imposed (like checking if the email address used is registered in bugzilla, although that might miss cases where people receive bugzilla mail with a different account they send it with)

#5 Updated by Florian Effenberger over 1 year ago

Just some quick info:
We should add similar headers to the list, like
Erorrs-To, Abuse-To (or somesuch), Precedence: Bulk and ... there was
one more which I don't recall. If possible, also use an empty
envelope-from, and prefix the subject with "Auto:". This usually
triggers anti-autoreply mechanisms.

Alternatively, we could use Sieve (which probably isn't installed on the
box yet, part of Dovecot):

require ["vacation"];
#Put this at the end of the file, after all other filters including stop 
directives have been dealt with
vacation
#Define the sender
:from "Bugzilla <www-data@bugs.documentfoundation.org>" 
#Only send one vacation reply per day and sender
:days 1
#Only send vacation autoreply if one of these addresses is in To or Cc
:addresses ["www-data@bugs.documentfoundation.org"]
#Define a subject for the autoreply, otherwise the original subject 
prefixed by Auto: will be used
#:subject "Subject" 
#The text of the vacation autoreply
"Line 1
Line 2
Line 3";

#6 Updated by Christian Lohmaier over 1 year ago

added Errors-To (although discouraged) and Precedence headers, not changing subject, as that will break threading for gmail users, voiding the purpose
And vacation notification is not really appropriate, as the goal is to make sure every bogus mail the users sends gets a appropriate response, also voiding the purpose...

#7 Updated by Florian Effenberger over 1 year ago

And how do we avoid becoming a backscatter host, risking our IP netblock
being blacklisted?

The Document Foundation Redmine wrote on 2016-05-30 at 14:38:

And vacation notification is not really appropriate, as the goal is to
make sure every bogus mail the users sends gets a appropriate
response, also voiding the purpose...

#8 Updated by Florian Effenberger over 1 year ago

  • Target version set to Pool

#9 Updated by Florian Effenberger over 1 year ago

Ping?

#10 Updated by Florian Effenberger about 1 year ago

Any update on that? There seem to be loads of mails coming in - how about we create a nice script with filtering to the trash, and a Sieve-powered vacation autoreply (sent out only once a week or so) with information on how to contact a human being? That would also prevent cluttering the internal admin list...

#11 Updated by Florian Effenberger about 1 year ago

  • Subject changed from need auto-reply text for bugzilla-daemon@documentfoundation.org to need auto-reply text for bugzilla-daemon@bugs.documentfoundation.org
  • Assignee changed from Christian Lohmaier to Guilhem Moulin

I'm not happy with the state of play. The address is in existance for a couple of months now, and we get tons of e-mails.

What is required is to either get the auto-reply done (please use Sieve to avoid spamming people or creating mail loops) or have some Postfix rule with REJECT message. IIRC the alias was only set up for sender address verification purposes, so the latter might do already, like REJECT This address is not monitored. Please write to reach our sysadmins

Adding to Guilhem's pile, we can discuss during the call.

#12 Updated by Guilhem Moulin about 1 year ago

I agree that rejecting the recipient during the SMTP session is the way to go. The Sieve vacation extension [RFC 5230] vacation script, while limiting the backscatter source, is too hacky and a waste of resources IMHO.

I added a auto-reject alias to show what I (and I think Florian too) have in mind:

~$ nc -C bugs.documentfoundation.org 25
S: 220 vm150.documentfoundation.org ESMTP Postfix
C: EHLO x.y
S: 250-vm150.documentfoundation.org
S: 250-PIPELINING
S: 250-SIZE 41943040
S: 250-ETRN
S: 250-STARTTLS
S: 250-ENHANCEDSTATUSCODES
S: 250 8BITMIME
C: MAIL FROM:<>
S: 250 2.1.0 Ok
C: RCPT TO:&lt;&gt;
S: 554 5.7.1 &lt;&gt;: You replied to a Bugzilla notification email. However email replies are not added to bug reports. Please visit https://bugs.documentfoundation.org/ instead to add a follow-up.
C: QUIT
S: 221 2.0.0 Bye

That's it. The server won't even let the client enter the RFC 822 message data (it replies to the "DATA" command with a 554 error) because the SMTP session doesn't have a valid envelope recipient address.

Please try to send an email to <> using your favorite client and let me know if I can close this issue by doing the same for bugzilla-daemon@ (and removing bugzilla-daemon2@).

#13 Updated by Florian Effenberger about 1 year ago

Please try to send an email to
<
<mailto:>> using your
favorite client and let me know if I can close this issue by doing the
same for bugzilla-daemon@ (and removing bugzilla-daemon2@).

That's exactly what I had in mind - thanks a lot! :-)
If there are no objections by Cloph until Friday, let's make it so!

#14 Updated by Guilhem Moulin about 1 year ago

  • Status changed from In Progress to Closed
  • % Done changed from 70 to 100

Alright, the REJECT is now live for bugzilla-daemon@.

#15 Updated by Florian Effenberger 7 months ago

Not sure if a real autoreply was agreed to in the end. If so, it doesn't work though ;-)

<bugzilla-daemon@bugs.documentfoundation.org>: host
    bugs.documentfoundation.org[2a00:1828:a012:150::1] said: 550 5.1.1
    <bugzilla-daemon@bugs.documentfoundation.org>: Recipient address rejected:
    User unknown (in reply to RCPT TO command)

#16 Updated by Guilhem Moulin 7 months ago

Oops apologies, I think the change was overwritten when applying a salt state. I just reactivated the REJECT rule.

#17 Updated by Florian Effenberger 7 months ago

Oops apologies, I think the change was overwritten when applying a salt
state. I just reactivated the REJECT rule.

Looks good, thanks a lot!

#18 Updated by Guilhem Moulin 20 days ago

In retrospect it was a bad idea to REJECT the RCPT TO, because some SMTPd use address verification probes (not followed by DATA but by QUIT) and bounce the message when RCPT TO fails. Cf. <f7c9f2d4-dca6-085b-8c32-51d80ee817b3@…> sent to hostmaster today.

I just delayed the rejection to the DATA command instead. Address verification probes are now successful, but mails to <> are still REJECTed during the SMTP session:

$ nc -Cq0 bugs.documentfoundation.org 25
S: 220 vm150.documentfoundation.org ESMTP Postfix
C: EHLO example.net
S: 250-vm150.documentfoundation.org
S: 250-PIPELINING
S: 250-SIZE 41943040
S: 250-ETRN
S: 250-STARTTLS
S: 250-ENHANCEDSTATUSCODES
S: 250 8BITMIME
C: MAIL FROM:<>
S: 250 2.1.0 Ok
C: RCPT TO:<bugzilla-daemon@bugs.documentfoundation.org>
S: 250 2.1.5 Ok
C: DATA
S: 554 5.7.1 <bugzilla-daemon@bugs.documentfoundation.org>: Recipient address rejected: You replied to a Bugzilla notification email. However email replies are not added to bug reports. Please visit https://bugs.documentfoundation.org/ instead to add a follow-up.

Also available in: Atom PDF