To workaround this issue many years ago we created read-only user id's with the same name as the groupid for all of the key permission groups in the system. The email address for these users was set to be the default 'helpdesk' mailbox that we use.
When carrying out a notification action the system will first treat the address data it is passed as a userid, then group identifier then an email address. By having dummy userid's present, any attempt to mail to an address of 0 for example will send a mail to the user 0 rather than all of members of the group with an id of 0. This workaround still leaves the problem of wildcards but does help reduce the problem somewhat. A minimum input length in email address fields and some basic validation would also be a good idea. Regards, Chris Fo On Mon, 19 Feb 2007 11:21:39 -0500, Shellman, David <[EMAIL PROTECTED]> wrote: >Oddly enough it's working as designed. Entering the number associated >with a Group triggers email to that group. This is how ticket >assignment to a Group is handled. The values of *, -, along with others >get translated to zero. This just happens to be the Public group and >email is sent to everyone in the system. > >Not sure why this would happen with a negative number. Unless it's the >dash in the negative number that's gets translated. > >I thought I saw that a patch to the email engine addressed some of these >characters but for the life of me, I can't find it now. > >Dave > >-----Original Message----- >From: Action Request System discussion list(ARSList) >[mailto:[EMAIL PROTECTED] On Behalf Of Axton >Sent: Monday, February 19, 2007 10:58 AM >To: [email protected] >Subject: Re: EMailing the Universe > >Let's not forget that the number 0 does the same too. If memory >serves me correctly, and negative number will do the same (someone >feel free to correct me if I'm wrong). > >We too added logic to catch this and set it so no email is sent if the >email address contains any of the bad values. > ><rant>The bugs really seem to be piling up in the email engine; though >this one is old, there are several new ones in the 7.x release; I >really hope this application does not suffer from the neglect that >some of the other apps have in the past.</rant> > >Axton Grams > >On 2/19/07, Shellman, David <[EMAIL PROTECTED]> wrote: >> Jerry, >> >> You will find that many characters, including - and *, get translated >in >> a manner that causes the email engine to send to every one in the User >> form. In turn if there the email address field is blank in the User >> form, the engine will use the login as the email alias. >> >> We have had to add logic to catch this condition and generate an error >> message that the email address is not valid. >> >> Dave >> >> -----Original Message----- >> From: Action Request System discussion list(ARSList) >> [mailto:[EMAIL PROTECTED] On Behalf Of Jerry Niman >> Sent: Monday, February 19, 2007 7:41 AM >> To: [email protected] >> Subject: EMailing the Universe >> >> All right - a bit of an exaggeration... >> >> >> ARS 6.03.00 patch 013 >> Solaris 8 >> Oracle 9.2.0.1.0 >> >> We recently had ain incident logged in our Problem schema in ARS, and >> because the email address of the person reporting the >> problem is a mandatory field, but the person taking the call didn't >get >> the information, a hyphen, "-" was entered under Email >> Address. >> >> When the problem was closed, the workflow sends a confirmation by >Email >> to the person who reported it. This meant that ARS >> attempted send an email to the email address "-". >> >> It appears to have interpreted this as "all ARS Users". >> >> The majority of ARS users don't yet have defined email addresses, so >as >> well as hundreds of confused recipients of a >> confirmation email about a problem they know nothing about, there were >> thousands of exception reports in the AREmail.sh_log and >> the Email daemon crashed. >> >> The obvious course of action is to put some validation workflow on the >> email address field, and a default "null" email address >> for all the user records. >> >> My question is, is this what you would expect ARS to do under these >> circumstances? I wasn't aware that "-" was a wildcard. >> >> Jerry >> >> Jerry Niman Tel +44 (0)161-247 >> 1474 >> Head of Information Systems Email >[EMAIL PROTECTED] >> the Manchester Metropolitan University Mobile +44 (0)7770 >638104 >> >> Before acting on this email or opening any attachments you should read >> the Manchester Metropolitan University's email >> disclaimer available on its website >http://www.mmu.ac.uk/emaildisclaimer >> >> >> >________________________________________________________________________ >> _______ >> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org >ARSlist:"Where >> the Answers Are" >> >> >________________________________________________________________________ >_______ >> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org >ARSlist:"Where the Answers Are" >> > >________________________________________________________________________ >_______ >UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where >the Answers Are" > >___________________________________________________________________________ ____ >UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are" >======================================================================== _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"
