Holy cow! Found a MASSIVE bug that generated thousands of emails, eventually shutting down the email server (too many messages per hour) and throttling CPU for over usage of script.
A user entered a ticket with username and email similar to the following:
Name: postmaster@exchange.xyzserver.co
Email: postmaster@exchange.xyzserver.com
(Yes, no "m" on the first entry, and I've changed it to a generic "xyzserver" instead of the actual server)
The ticket was entered into a running osTicket system. The standard notices were sent to admin, dept heads, etc.
The Confirmation email (normally sent to the user, with the ticket number and such) was bounced from the postmaster account, which generated an additional ticket (mail delivery error).
A terrible loop was created where a constant stream of failed messages created new tickets, which (I think) also bounced. These tickets also went out to admin, dept heads, and to the alerts email address.
This quickly flooded our email sending system (the one configured in osTicket), which stopped accepting SMTP emails, which generated additional system errors, which generated additional tickets.
The system was so busy trying to process and send the tickets that our host went into automatic CPU throttling, slowing down the system.
We could not access the admin panel (I wanted to add the postmaster@... account to the ban list). I eventually got the email added to the banlist via direct SQL database access.
This stopped the emails from going out, but the tickets continued to be generated, now as errors.
This went on for a day and a half, now all the tickets started generating stale ticket alerts today.
I went into direct SQL database access and deleted all tickets with "Email delivery system" in the Name field. Over 3000 tickets were deleted.
In summary:
1. A single ticket started a flood of new tickets and emails
2. These processes overwhelmed the CPU of the host, blocking access to the admin banlist section
3. I couldn't "stop" osTicket, nor could my host.
4. This activity triggered automatic flooding controls which shut down our SMTP server
5. Thousands of tickets were generated.
6. A day or so later (we are set to 24hrs for stale ticket alert), each ticket generated a stale ticket alert and began the loop over again
7. Only by direct manipulation of the SQL database could I delete the tickets and stop the storm, including removing the original, offending ticket.
Had we hosted either of the domains used for osTicket or for the email system serving osTicket (two separate domains) on our main domain, we would have been out of business for a few days as a result of a single bad email address.
The closest forum post/topic I found is:
http://osticket.com/forums/showpost.php?p=16844&postcount=1(http://osticket.com/forums/showpost.php?p=16844&postcount=1)
1. How can we prevent this in the future?
2. Is there some way to limit the retries to 5 attempts, and stop the system from generating new tickets with each error?
3. Is there some way to validate email addresses in the ticket entry form?
4. Can this happen with any email address, or is it the "unlimited power" of the postmaster@.... account that contributed to this problem?
5. Is there an "emergency stop" that can be run on the system to stop the processing of all tickets (take the system offline) so only the admin can make changes?
Please help, as we had to take this offline until this is resolved.
Thanks!
- DD
