Spammy mails get a customer created and a ticket too

  • Used Zammad version: 3.1.x
  • Used Zammad installation source: package CentOS7
  • Operating system: Centos Linux 7
  • Browser + version: Any

Expected behavior:

  • The spammer sends a recognized email
    I get neither a ticket nor a customer generated

Actual behavior:

  • The spammer sends a recognized email
    I get a ticket and a customer generated if I still don’t have it

Steps to reproduce the behavior:

really you want to be spammed? :smiley:

The description is straightforward. I would never open a topic if all the other means of obtaining my aim failed… I created lots of filters to filter what I’m not interested of getting in zammad (mailer daemon, vmware, veeam, cron, root mails and so on) and filtered a very important part of the emails.
After this I created 2 filters on spamassassin headers I get receiving emails as example below:
X-Spam-Flag: NO
X-Spam-Score: 4.705
X-Spam-Level: ****
My flags are particular, as we’re quite permissive dealing with spam, so that X-Spam-Flag gets YES when X-Spam-Score is > 5, so that, below that, we can let our users decide if they want to receive or not mails in inbox.

Reaching out Zammad the problems are:
1 X-Spam-Flag is useless as for my settings I will anyway get a reasonable amount of spam
2 X-Spam-Score i useless because there’s no ‘greater than’ or ‘less than’ operators in zammad, so as it is a number cannot use it at all
3 X-Spam-Level was setup, indicating that the check was matching if I had ‘**’ in the value or we tried even ‘**’ but no way, the emails are anyway going through the filter.
It in general means that I get tickets opened by any guy that wants to share with me millions of $… And worst (I honestly receive them twice per day) is that if I click “close and tag as spam” sometimes the domain owner, that disabled the mailbox in the meanwhile, makes me create other useless tickets…
I hope there’s a solution to this…
IMHO the best would be to let the backoffice decide when to create a new customer…
My 2¢€ :slight_smile:
Bye,
Massimiliano

1 Like

The only solution -in my opinion- is to make your mail server filter for that spam.
If you don’t want to receive spam (and seem to reliably be able to tell what spam is by automation), you should block or discard it on server site.

Okay, so what you’re saying is that your back office has to decide if they want to ticket or not?
Because the customer (so the user) is mandatory for a ticket.Thus you’d need to decide what is spam or what not before creating the ticket.

Thus: The best option would be your humble mail server. ;-x


You could solve this by moving everything that’s too likely being spam into a sub folder “junk” / “spam” and then have a manual look over it. If it is not spam, your specially trained user moves the mail into the inbox where Zammad fetches the mail.

However: This raises the risk of failing imports (because a human being is reading that mailbox as well) and, even worse, might be a potential thread if the user in question is not aware how squishy spam can get.

Just my 1 cent.

The point is that who manages the trouble ticketing system should have the control of tickets that get generated in a ticketing system. Of course it depends from the mission of the product.
If Zammad was thought as a contact platform mainly by unknown people that submit requests to a business ok, that’s more a CRM/Lead Management platform, ok then I’m not using this for the proper aim, my fault. As a trouble ticketing platform the matter that a customer gets created automatically is unmanageable.
It means tha my tech staff would have to answer to tickets to any guy that asks for help even without a contract.
For the rest, as for you it works as expected, I don’t argue. It is limiting but ok, it is your mission.
Anyway as an enhancement it would be interesting the following:
The solution that is adopted in other ticketing product (https://www.sitracker.org, now abandoned project) is the one of having a smart queue instead of loading all tickets in the customers.
It works this way:
1 If the sender is already a customer mail goes directly to the tickets
2 If the sender is not a customer (nor there’s a customer in CC or BCC) the mail sits there
3 if the mail is considered spam (headers and so on) it still sits there and you can just ignore them or with a job wipe them out
Smart, simple, no bulky customers and just good email and tickets.

Sit goes even more forward with customer contracts: you can decide the beginning and the end so that tickets that are not covered by a contract just don’t get in the ticket queue (they stay with spam).

With this I’m not telling that SIT is better… It as many major drawbacks, but this was a very nice feature and saved us hours of poking and no trashy customers were created.

Anyway, I don’t expect zammad to become like Sit, I don’t need that, or I would fit with SIt instead.
What I expect is that, as a community user, I give suggestions and submit bug reports.

Dealing with spam filtering the bug in zammad here is evident or you would not answer me to use the server do limit the spam in the mailbox… Zammad has in it selections to use
X-Spam-Score
a number, how do I check a number i there’s no GT LT operators? You answerred “works as expected”
X-Spam-level
a multi star symbol which seems to be a problem because of regex: from zammad docs if I want to use a regex I should prepend regex: to the expression, while I did not do this. I think it is a bug, it seems as if you put or not regex it treats it as a regex
X-Spam-Status: SPAM (ok, but as explained I don’t use it this way, SPAM for me is when Score > 5)

the answer, in general, has been, not a bug, use your mail server :smiley:.
If it is not a bug, options above should help me in solving the problem directly with zammad… Or there’s something I miss?
thanks anyway for the good product!