Task #1910
closedneed auto-reply text for bugzilla-daemon@bugs.documentfoundation.org
100%
Description
Since we made this a valid email, we see people trying to comment via email (and they will now think it came through)
we should have an auto-responder telling people to visit bugzilla and properly filing a comment instead.
scope of this ticket is to draft a corresponding text.
Updated by Beluga Beluga almost 8 years ago
Hello,
you have replied to a Bugzilla notification email. Your reply will not appear in the bug report comments. To add a comment to the report, click on the "bug number" link in the notification email, log in to Bugzilla if needed, write in the comment field and click "Save Changes".
Updated by Cor Nouws almost 8 years ago
Beluga Beluga wrote:
you have replied to a Bugzilla notification email. Your reply will not appear in the bug report comments. To add a comment to the report, click on the "bug number" link in the notification email, log in to Bugzilla if needed, write in the comment field and click "Save Changes".
Thanks! I've added a few small suggestions.
"
You have replied to a Bugzilla notification email. However, your reply will not be added to the bug report and not been seen by anyone.
But of course a comment with additional information is more then welcome!
To add a comment to the report, click on the link with bug number, on top of the notification email, log in to Bugzilla if needed, write in the comment field and click "Save Changes".
"
Updated by Florian Effenberger almost 8 years ago
I'd be very cautious with auto replies to avoid backscattering
Either set them up using Sieve filters, so only one notification per
day/week gets sent out, or use the Postfix REJECT mechanism where this
is handled on the SMTP session level
Updated by Christian Lohmaier almost 8 years ago
- Status changed from New to In Progress
- Assignee set to Christian Lohmaier
- % Done changed from 0 to 70
created necessary autoresponder entries in postfix and wrote a script that assembles a response.
Right now it is still in debug mode, so no mail is actually sent out to the original poster (but to me with hostmaster in bcc) – it only will send mail to the user when reply-to header matches a bugzilla generated message-ID, so should be a reasonable choice against backscatter, but if that's too loose, additional limits can be imposed (like checking if the email address used is registered in bugzilla, although that might miss cases where people receive bugzilla mail with a different account they send it with)
Updated by Florian Effenberger almost 8 years ago
Just some quick info:
We should add similar headers to the list, like
Erorrs-To, Abuse-To (or somesuch), Precedence: Bulk and ... there was
one more which I don't recall. If possible, also use an empty
envelope-from, and prefix the subject with "Auto:". This usually
triggers anti-autoreply mechanisms.
Alternatively, we could use Sieve (which probably isn't installed on the
box yet, part of Dovecot):
require ["vacation"]; #Put this at the end of the file, after all other filters including stop directives have been dealt with vacation #Define the sender :from "Bugzilla <www-data@bugs.documentfoundation.org>" #Only send one vacation reply per day and sender :days 1 #Only send vacation autoreply if one of these addresses is in To or Cc :addresses ["www-data@bugs.documentfoundation.org"] #Define a subject for the autoreply, otherwise the original subject prefixed by Auto: will be used #:subject "Subject" #The text of the vacation autoreply "Line 1 Line 2 Line 3";
Updated by Christian Lohmaier almost 8 years ago
added Errors-To (although discouraged) and Precedence headers, not changing subject, as that will break threading for gmail users, voiding the purpose
And vacation notification is not really appropriate, as the goal is to make sure every bogus mail the users sends gets a appropriate response, also voiding the purpose...
Updated by Florian Effenberger almost 8 years ago
And how do we avoid becoming a backscatter host, risking our IP netblock
being blacklisted?
The Document Foundation Redmine wrote on 2016-05-30 at 14:38:
And vacation notification is not really appropriate, as the goal is to
make sure every bogus mail the users sends gets a appropriate
response, also voiding the purpose...
Updated by Florian Effenberger over 7 years ago
Any update on that? There seem to be loads of mails coming in - how about we create a nice script with filtering to the trash, and a Sieve-powered vacation autoreply (sent out only once a week or so) with information on how to contact a human being? That would also prevent cluttering the internal admin list...
Updated by Florian Effenberger over 7 years ago
- Subject changed from need auto-reply text for bugzilla-daemon@documentfoundation.org to need auto-reply text for bugzilla-daemon@bugs.documentfoundation.org
- Assignee changed from Christian Lohmaier to Guilhem Moulin
I'm not happy with the state of play. The address is in existance for a couple of months now, and we get tons of e-mails.
What is required is to either get the auto-reply done (please use Sieve to avoid spamming people or creating mail loops) or have some Postfix rule with REJECT message. IIRC the alias was only set up for sender address verification purposes, so the latter might do already, like bugzilla-daemon@bugs.tdf REJECT This address is not monitored. Please write hostmaster@documentfoundation.org to reach our sysadmins
Adding to Guilhem's pile, we can discuss during the call.
Updated by Guilhem Moulin over 7 years ago
I agree that rejecting the recipient during the SMTP session is the way to go. The Sieve vacation extension [RFC 5230] vacation script, while limiting the backscatter source, is too hacky and a waste of resources IMHO.
I added a auto-reject alias to show what I (and I think Florian too) have in mind:
~$ nc -C bugs.documentfoundation.org 25
S: 220 vm150.documentfoundation.org ESMTP Postfix
C: EHLO x.y
S: 250-vm150.documentfoundation.org
S: 250-PIPELINING
S: 250-SIZE 41943040
S: 250-ETRN
S: 250-STARTTLS
S: 250-ENHANCEDSTATUSCODES
S: 250 8BITMIME
C: MAIL FROM:<>
S: 250 2.1.0 Ok
C: RCPT TO:<bugzilla-daemon2@bugs.documentfoundation.org>
S: 554 5.7.1 <bugzilla-daemon2@bugs.documentfoundation.org>: You replied to a Bugzilla notification email. However email replies are not added to bug reports. Please visit https://bugs.documentfoundation.org/ instead to add a follow-up.
C: QUIT
S: 221 2.0.0 ByeThat's it. The server won't even let the client enter the RFC 822 message data (it replies to the "DATA" command with a 554 error) because the SMTP session doesn't have a valid envelope recipient address.
Please try to send an email to <bugzilla-daemon2@bugs.documentfoundation.org> using your favorite client and let me know if I can close this issue by doing the same for bugzilla-daemon@ (and removing bugzilla-daemon2@).
Updated by Florian Effenberger over 7 years ago
Please try to send an email to
<bugzilla-daemon2@bugs.documentfoundation.org
<mailto:bugzilla-daemon2@bugs.documentfoundation.org>> using your
favorite client and let me know if I can close this issue by doing the
same for bugzilla-daemon@ (and removing bugzilla-daemon2@).
That's exactly what I had in mind - thanks a lot! :-)
If there are no objections by Cloph until Friday, let's make it so!
Updated by Guilhem Moulin over 7 years ago
- Status changed from In Progress to Closed
- % Done changed from 70 to 100
Alright, the REJECT is now live for bugzilla-daemon@.
Updated by Florian Effenberger almost 7 years ago
Not sure if a real autoreply was agreed to in the end. If so, it doesn't work though ;-)
<bugzilla-daemon@bugs.documentfoundation.org>: host
bugs.documentfoundation.org[2a00:1828:a012:150::1] said: 550 5.1.1
<bugzilla-daemon@bugs.documentfoundation.org>: Recipient address rejected:
User unknown (in reply to RCPT TO command)
Updated by Guilhem Moulin almost 7 years ago
Oops apologies, I think the change was overwritten when applying a salt state. I just reactivated the REJECT rule.
Updated by Florian Effenberger almost 7 years ago
Oops apologies, I think the change was overwritten when applying a salt
state. I just reactivated the REJECT rule.
Looks good, thanks a lot!
Updated by Guilhem Moulin over 6 years ago
In retrospect it was a bad idea to REJECT the RCPT TO, because some SMTPd use address verification probes (not followed by DATA but by QUIT) and bounce the message when RCPT TO fails. Cf. <f7c9f2d4-dca6-085b-8c32-51d80ee817b3@…> sent to hostmaster today.
I just delayed the rejection to the DATA command instead. Address verification probes are now successful, but mails to <bugzilla-daemon@bugs.documentfoundation.org> are still REJECTed during the SMTP session:
$ nc -Cq0 bugs.documentfoundation.org 25 S: 220 vm150.documentfoundation.org ESMTP Postfix C: EHLO example.net S: 250-vm150.documentfoundation.org S: 250-PIPELINING S: 250-SIZE 41943040 S: 250-ETRN S: 250-STARTTLS S: 250-ENHANCEDSTATUSCODES S: 250 8BITMIME C: MAIL FROM:<> S: 250 2.1.0 Ok C: RCPT TO:<bugzilla-daemon@bugs.documentfoundation.org> S: 250 2.1.5 Ok C: DATA S: 554 5.7.1 <bugzilla-daemon@bugs.documentfoundation.org>: Recipient address rejected: You replied to a Bugzilla notification email. However email replies are not added to bug reports. Please visit https://bugs.documentfoundation.org/ instead to add a follow-up.