Hello all, Has anyone set up a mail handling filter/GenericAgent script in OTRS that links two distinct tickets (i.e. 2 pieces of new incoming mail from different senders) as actually related to the same ticket, and then treats them as a unit? In our configuration, we believe if we could do this, we would save our operators time and frustration dealing with spam. Here is a background of the issue: Our 'Raw' queue is configured with an autoresponder. We receive several spams for every legitimate user issue. Spam ticket are annoying enough on their own, but our 'Raw' queue often ends up with two unique tickets for each spam received. This is a consequence of using the autoresponder, and the fact that the "reply to" mail used by spammers is usually an invalid address. Therefore, the autoresponse our OTRS sends out is rejected by the destination mail server, and our OTRS will end up with second (new) ticket, from a mailer-daemon, informing our operators that our nice polite OTRS autoresponse sent to the fake spammer email address has failed. <An example follows the body of this message> We know that it is easy enough to set up a mail filter in OTRS to ignore the 2nd incoming mail from our mailer-daemon, which could get rid of the 2nd ticket. However, mightn't we be able to do better than that: turn the fact that spammers use fake addresses as a means to automate our spam handling for the first ticket?. i.e. write a script that does the following: - looks into the body of incoming mailer-deamon emails, and extracts any referenced ticket Ids (in example below, 6634371) - looks up the original ticket on the OTRS system - automatically treats the original item as spam, or moves it to a dedicated "invalid address" queue, etc. Has anyone had any experience with this kind of script, or have suggestions, comments, or warnings? Thanks in advance! best regards, Lisa Lisa Shields hyperWALLET Systems Inc 302-750 West Pender St Vancouver, BC Canada V6C 2T8 ================================================================= Here is an example scenario: (1) Mail received from 73419@mail.broadpark.no with subject "read it immediately" received by our OTRS. (2) Item placed on Raw queue and first Ticket, #6634371 created (3) Autoresponse sent by OTRS to 73419@mail.broadpark.no A few minutes passes as mail works its way across the internet and bandwidth is consumed...bounce comes back (4) New Mail received from mailer-daemon@ourdomain.com with subject:"Failure notice" received by our OTRS (5) 2nd Item placed on Raw queue and new Ticket, #6634376 created (no autoresponder sent the second time, since ticket is from daemon) Here is an example of what the body of second ticket will look like: Permanent error: qmail-send program wasn't able to deliver your message to the following addresses. <73419@mail.broadpark.no>: Remote host said: 550 <73419@mail.broadpark.no>: User unknown --- Below this line is a copy of the message. Received: (qmail 23935 invoked from network); 25 Aug 2004 10:13:00 -0000 Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline Content-Transfer-Encoding: 8bit MIME-Version: 1.0 Subject: [Ticket #: 6634371] RE: read it immediately X-Powered-BY: OTRS - Open Ticket Request System (http://otrs.org/) X-Mailer: OTRS Mail Service (1.15)