Set customer based on replay-to

We currently have the problem that an external system sends emails to our customers with the Zammad Email-Adress in CC.
All these tickets have therefor the customer with the sender email-adress of the external system. As the Reply-To header has the customer email-adress, it should be possible to set it based on that.

As I currently understand, there is no way to do that with a filter? Right?
Thanks for the help!

Please see this documentation page and search for “reply-to”.

Thanks for the help! Here is the link for everybody else: Einstellungen — Zammad Dokumentation

Is there any way to limit it to some “from” email addresses? I see a security risk if all reply-to addresses are processed. That way, anybody can pose as everybody. As we have proper DMARC, DKIM and SPF for your own domain, limiting it to senders from your own Domain would help a lot!

Huh I’m very sorry.
I was certain I did paste the link yesterday night…

https://admin-docs.zammad.org/en/latest/channels/email/settings.html

No there is not.

Yes and no.
While I can possibly impose one of your customers should I know the ticket number or correct customer mail and name, I can open a ticket as that person. However, I cannot access the data via web interface and cannot receive the answer because the answer will be going to the customer and not the evil guy.

Yes and no.
While I can possibly impose one of your customers should I know the ticket number or correct customer mail and name, I can open a ticket as that person. However, I cannot access the data via web interface and cannot receive the answer because the answer will be going to the customer and not the evil guy.

Thanks for the detailed response. I agree. Nonetheless, I would prefer if it was possible to restrict it to some “from” addresses. There is no downside to it, and safer is safer ;). Maybe you could consider it for the future. Thx for all the great work!

You already can make Postmaster Filters ignore emails of a special kind. That’s a manual configuration part right now though.

If you believe that this is not good enough and needs improvement, please search our feature request list and if you cannot find such a feature request, create one:

You can try to create an Agent’s account for the external system and hijack the feature that comes directly after the “reply-to”-setting:

But you will need to make sure, that no one is able to login using that Agent’s account, who is not allowed to do so.

Thanks for the Help!