How do you handle spam?


#1

Hi,

what is the best way to handle spam?

Is it possible to block users/email addresses and to delete the spam tickets?

Thanks,
Christian.


#2

Hi,

I handle Spam filtering on the E-Mail-Server side. My server filters those E-Mails and puts E-Mails it thinks it’s Spam into a own mailbox “maybejunk”.

Zammad fetches the normal mailboxes plus maybejunk - I have a SPAM-Queue that doesn’t send any notifications (to reduce noise). If I have a false positive I put it into the right group - if it is Spam I have a macro I can use that marks the ticket as closed and puts it into a “invisible” group “deleted spam”

This group gets checked by a scheduler job I created twice a week (if group = deleted spam and state = closed => delete)

I think zammad cannot block E-Mails on it’s own, but I may be wrong here as I do not use zammad to receive and send E-Mail directly.


#3

Hi,

thank you for all the information. The ‘scheduler job’ was exactly what I was searching for. The ‘Close and mark as spam’ is allready included in Zammad, but I had no idea how to get rid of this tickets.

Now I have only one problem left: how do I get rid of the spam users? I can only deactivate this accounts, but it would be cool if I also could delete them. I searched in the ‘scheduler jobs’ but I found no way to delete user accounts.

Thanks,
Christian.


#4

I don’t think that this is possible - maybe @thorsteneckel can get that clearer if he got some time.

I agree to @cjs1976 that it shouldn’t be a problem if the rest to the user (tickets) is gone.


#5

Yes, maybe a solution like:

DELETE action in the user management.

  • If there are tickets assigned to the user, the system brings a warning, telling it is not possible, but the option to assign the tickets to an other user, and than delete the user.

  • If there are no tickets assigned to the user, the user can be deleted.


#6

Zammad needs the users it creates for history reasons!
As soon as a user has a communication / interaction on a ticket (no matter if assigned or not), the user cannot be deleted! (and should not)

If there’s a user that has no interactions (because the spam ticket has been removed) then it could be possibile to cleanup the stuff (proberbly).


#7

Yes @MrGeneration is right (once again :nerd_face:) that Spam handling should be done by a dedicated anti-spam software. However, everybody knows that these folks are somehow making it through anyway. So this is why we are actively working on multiple issues to improve the situation.

On one side we are actively working on issue #721 (and #2010) which improve(s) the general experience with inactive users (and Organizations).
On the other side a new functionality will be added soon to delete users etc. as described in issue #2074.

Hope this helps :rocket:


#8

I have Come from OStickets and find Zammad a much Nicer system at user level, how ever the admin is behind some functions of ostickets,

one feature in ostickets is to block a customer from ever creating tickets again, and this can be assigned by a security group which you would apply to a power user,

ostickets still polls an imports it and simply drops it, would be a very usefull function in zammad to have


#9

Hey there,

wouldn’t deactivating the user in zammad have the same effect for you?

cheers


#10

Unfortunately not the email still arrived to the unassigned queue, there is not a way to even set a trigger for block to auto close that i could see


#11

Aaah the ticket was created via mail. You actually should be able to automatically close these tickets via trigger BUT if you want to keep the tickets from beeing created you should add an email filter - that’ll do the trick.

cheers


#12

do you mean filter in the email application itself ?


#13

sorry i see what you mean i will try it :smile:

thanks


#14

I’ve come up with a better simple idea how to handle spam
but zammad triggers or macro need to be able to update organizations

create Org called something like “Spam Block”

Create a Mail filter to Ignore mail where Org is = "Spam Block,

Then add a Type for tickets also called “Spam Block”

Trick part that needs to be developed in Zammad along with Macro or trigger to update Org

in triggers is when agent sets ticket type to “Spam Block” on update the trigger can set Org to “Spam Block”

this way its much cleaner we have almost 1500 filters to block spam and only admin can set this up, with above solution its can be managed by the base agent


#15

Could you elaborate on how you set this up? I.e. did you just put ‘maybejunk’ to the ‘folder’ setting within the email settings?


#16

In your example you’ll need a second E-Mail-Channel set up that gets your “Junks” from maybejunk folder in your IMAP Account.

My setup works as follows:
Every Zammad-Mailbox (on my mailserver) has a filter rule set up that says “If you receive a new mail in ‘Junk’ forward this mail to mailbox maybejunk@domain.tld and delete the mail from this folder”. I have to do this, because I set up a global rule that moves all Junk classified mail into the folder Junk.

With this, all Spam mails will come to one single mailbox which I then import with Zammad (like a regular mailbox) with a group called “Spam”. Selected agents have access to this group and will ensure it’s really spam and run a Macro on those spam mails.

The macro moves selected junk tickets to a group “zzz_deleted_spam” (no one has access to) and marks it as spam. On a regular basis a scheduler job handles the spams and removes them from Zammad.

The benifit from this way is that you can decide that one mail may not be spam and move it into the correct group afterwards.

Macro:

Scheduler:


#17

How does the ‘folder’ setting within the email settings work, then? (Maybe I’ve missed it in the documentation.)


#18

In my setup I don’t need to go into a subfolder of the mailbox, as the “maybejunk@” will have it in it’s INBOX.

You can fetch mails from a subfolder using IMAP.
Please note that you have to know your mail servers delimiter.

We normally can’t help you with that, mostly it takes fiddling around until you find the right way.


#19

We use a spam tag (Should be there by default) , and have a scheduler that automatically deletes all email with the tag once a day. The agents would then “Close and Tag as Spam” … Job done.


#20

Hi,

We use the same tactic in our setup. However this does not solve the problem of the same spammer creating more spam tickets (and sometimes new users, if ticket is created by mail, that are unaware that they are now in someones ticket system, GDPR says hello…). Usually one wants to block them indefinitely. This has to be currently done manually by setting the user Inactive and set his e-mail to the e-mail filter list which is very tedious.

BR,
Nino