Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #13115 Infinite loop with the mail gateway
    Actions
    Infos
    #13115
    Aurélien Tisné (atisne)
    2019-03-19 15:44
    2019-03-18 17:37
    13979
    Details
    Infinite loop with the mail gateway
    The use of the mail gateway may cause an infinite mail sending.

    Steps to reproduce:
    1- Activate the mail gateway functionality in the Tracker site administration interface (with insecure option. The token based option has not been tested but should also have the issue.)
    2- Activate the option on a tracker
    3- Create an artifact (A1) affected to the user U1 on this tracker
    4- Set an auto-reply message on the email account of the user U1
    5- Update the artifact A1

    When saving the changes on A1, Tuleap notify U1 that the artifact changed. Its email account send the automatic response to the Tuleap email gateway that add the content of the mail on the artifact follow-up and notify U1 that the artifact changed and so on.

    The email gateway should detect the auto-reply emails and ignore them (they are irrelevant mails).
    I'm not sure on the best solution to detect auto-reply: it seems that several headers are used.
    Trackers
    10.9
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Declined
    Empty
    Attachments
    Artifact links
    Empty
    Empty
    References
    Referenced by request #13115

    Artifact Tracker v5

    story #9794 ignore emails from autoreply
    Display settings

    Follow-ups

    User avatar
    Thomas Gerbet (tgerbet)2019-03-19 15:06
    Let's close then.

    Ultimately, we could imagine some kind of rate-limiting when updating an artifact but IMO it goes beyond that just the update through the mail gateway. Typically bad things can happen when playing with the REST API.
    • Status changed from Waiting for information to Declined
    User avatar
    Aurélien Tisné (atisne)2019-03-19 09:09
    I removed the artifact (too big ;-) But I'm pretty sure it was not RFC3834 compliant.
    I'm aware the problem is complex and also depend on MTA.

    I will see what can be done inside my network. This artifact can be closed.

    (Between the fact that it's easy to forge an email and we can't control the header of the sender, the mail gateway must be definitively used with caution.)
    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    User avatar
    Thomas Gerbet (tgerbet)2019-03-18 17:47
    Hello,

    As far as I can tell there is already a detection for auto-reply emails based on the recommendation of the RFC3834, see story #9794. Can you provide one emails with the full headers triggering the issue (site administrators can retrieve it when displaying a follow-up submitted by emails)?
    • Status changed from New to Waiting for information
    • Platform cleared values: CentOS 6