Re: Idea for a protection against massive notifications ?
I replied to the Communities post with why this works. Jason On Sat, Jun 1, 2013 at 10:04 AM, Sylvain YVON wrote: > ** > Thank you guys, creating users named "0", "1", etc is a great trick, I > will try that. > I also posted a small dev idea on Communities which might be complementary. > > > > On Fri, May 31, 2013 at 7:57 PM, David Durling wrote: > >> ** >> >> If there are other characters that can cause the issue, perhaps >> validating the email field on the form minimally with a filter, something >> like 'Your Email Field' LIKE "%_@_%._%" would help I think. >> >> ** ** >> >> By the way, maybe I was wrong about the filter on the AR System Email >> Messages form – it might not see the 0 anyway at that point. >> >> ** ** >> >> David D. >> >> ** ** >> >> ** ** >> >> *From:* Action Request System discussion list(ARSList) [mailto: >> arslist@ARSLIST.ORG] *On Behalf Of *Tanner, Doug >> *Sent:* Friday, May 31, 2013 1:41 PM >> >> *To:* arslist@ARSLIST.ORG >> *Subject:* Re: Idea for a protection against massive notifications ? >> >> ** ** >> >> ** >> >> I have seen a * do it as well.**** >> >> Doug**** >> >> ** ** >> >> *From:* Action Request System discussion list(ARSList) [ >> mailto:arslist@ARSLIST.ORG ] *On Behalf Of *David >> Durling >> *Sent:* Friday, May 31, 2013 1:12 PM >> *To:* arslist@ARSLIST.ORG >> *Subject:* Re: Idea for a protection against massive notifications ? >> >> ** ** >> >> ** >> >> Sylvain, >> >> ** ** >> >> Approaches mentioned in the past have included making a user record named >> 0 (that’s a zero) so it’s notified rather than the Public group, or I >> believe putting a filter on the AR System Email Messages form to throw an >> error on submit. >> >> ** ** >> >> Someone on this old post even mentions 00 could be interpreted as Public: >> search for “WARNING OF BAD AS DESIGNED FEATURE IN ITSM - zero in internet >> email field for person is not good.” >> >> ** ** >> >> David Durling >> >> University of Georgia >> >> ** ** >> >> ** ** >> >> *From:* Action Request System discussion list(ARSList) [ >> mailto:arslist@ARSLIST.ORG ] *On Behalf Of *Sylvain >> YVON >> *Sent:* Friday, May 31, 2013 3:36 AM >> *To:* arslist@ARSLIST.ORG >> *Subject:* Idea for a protection against massive notifications ? >> >> ** ** >> >> ** >> >> Hello all, >> >> >> >> I'm coming to you after a rather big incident on my client's production >> server. >> >> Some filters create a list of users to notify of a certain action. It >> then removes the current user's login name from the list. Anyhow, there was >> a bug in the list that left a trailing "0" after the name of one user. When >> a few days ago he triggered a notification, the list had a "0" in it. Which >> is the id of the "Public" group. So our server started to send an email to >> 160k+ users. Thanks to a full tablespace, "only" 36k emails where sent.** >> ** >> >> >> >> The bug itself is corrected, but my client would like us to find a >> definitive protection against this kind of problems. >> >> >> >> The only thing I can think of for now, is having a script that would >> watch the AR System Email Messages. If it has more than X outbound email to >> send, then interrupt Email Engine. I don't even know how I could do that in >> a clean way. >> >> >> >> Any thoughts ? >> >> >> >> Versions : >> >> AR System 7.5 p6 >> >> RHEL 5 >> >> Oracle 11g >> >> _ARSlist: "Where the Answers Are" and have been for 20 years_ >> >> _ARSlist: "Where the Answers Are" and have been for 20 years_ >> >> >> >> >> This email is subject to certain disclaimers, which may be reviewed via >> the following link. http://compass-usa.com/Pages/Disclaimer.aspx >> >> _ARSlist: "Where the Answers Are" and have been for 20 years_ >> _ARSlist: "Where the Answers Are" and have been for 20 years_ >> > > _ARSlist: "Where the Answers Are" and have been for 20 years_ > ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Re: Idea for a protection against massive notifications ?
Thank you guys, creating users named "0", "1", etc is a great trick, I will try that. I also posted a small dev idea on Communities which might be complementary. On Fri, May 31, 2013 at 7:57 PM, David Durling wrote: > ** > > If there are other characters that can cause the issue, perhaps validating > the email field on the form minimally with a filter, something like 'Your > Email Field' LIKE "%_@_%._%" would help I think. > > ** ** > > By the way, maybe I was wrong about the filter on the AR System Email > Messages form – it might not see the 0 anyway at that point. > > ** ** > > David D. > > ** ** > > ** ** > > *From:* Action Request System discussion list(ARSList) [mailto: > arslist@ARSLIST.ORG] *On Behalf Of *Tanner, Doug > *Sent:* Friday, May 31, 2013 1:41 PM > > *To:* arslist@ARSLIST.ORG > *Subject:* Re: Idea for a protection against massive notifications ? > > ** ** > > ** > > I have seen a * do it as well. > > Doug > > ** ** > > *From:* Action Request System discussion list(ARSList) [ > mailto:arslist@ARSLIST.ORG ] *On Behalf Of *David > Durling > *Sent:* Friday, May 31, 2013 1:12 PM > *To:* arslist@ARSLIST.ORG > *Subject:* Re: Idea for a protection against massive notifications ? > > ** ** > > ** > > Sylvain, > > ** ** > > Approaches mentioned in the past have included making a user record named > 0 (that’s a zero) so it’s notified rather than the Public group, or I > believe putting a filter on the AR System Email Messages form to throw an > error on submit. > > ** ** > > Someone on this old post even mentions 00 could be interpreted as Public: > search for “WARNING OF BAD AS DESIGNED FEATURE IN ITSM - zero in internet > email field for person is not good.” > > ** ** > > David Durling > > University of Georgia > > ** ** > > ** ** > > *From:* Action Request System discussion list(ARSList) [ > mailto:arslist@ARSLIST.ORG ] *On Behalf Of *Sylvain > YVON > *Sent:* Friday, May 31, 2013 3:36 AM > *To:* arslist@ARSLIST.ORG > *Subject:* Idea for a protection against massive notifications ? > > ** ** > > ** > > Hello all, > > > > I'm coming to you after a rather big incident on my client's production > server. > > Some filters create a list of users to notify of a certain action. It then > removes the current user's login name from the list. Anyhow, there was a > bug in the list that left a trailing "0" after the name of one user. When a > few days ago he triggered a notification, the list had a "0" in it. Which > is the id of the "Public" group. So our server started to send an email to > 160k+ users. Thanks to a full tablespace, "only" 36k emails where sent.*** > * > > > > The bug itself is corrected, but my client would like us to find a > definitive protection against this kind of problems. > > > > The only thing I can think of for now, is having a script that would watch > the AR System Email Messages. If it has more than X outbound email to send, > then interrupt Email Engine. I don't even know how I could do that in a > clean way. > > > > Any thoughts ? > > > > Versions : > > AR System 7.5 p6 > > RHEL 5 > > Oracle 11g > > _ARSlist: "Where the Answers Are" and have been for 20 years_ > > _ARSlist: "Where the Answers Are" and have been for 20 years_ > > > > > This email is subject to certain disclaimers, which may be reviewed via > the following link. http://compass-usa.com/Pages/Disclaimer.aspx > > _ARSlist: "Where the Answers Are" and have been for 20 years_ > _ARSlist: "Where the Answers Are" and have been for 20 years_ > ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Re: Idea for a protection against massive notifications ?
If there are other characters that can cause the issue, perhaps validating the email field on the form minimally with a filter, something like 'Your Email Field' LIKE "%_@_%._%" would help I think. By the way, maybe I was wrong about the filter on the AR System Email Messages form - it might not see the 0 anyway at that point. David D. From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Tanner, Doug Sent: Friday, May 31, 2013 1:41 PM To: arslist@ARSLIST.ORG Subject: Re: Idea for a protection against massive notifications ? ** I have seen a * do it as well. Doug From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of David Durling Sent: Friday, May 31, 2013 1:12 PM To: arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG> Subject: Re: Idea for a protection against massive notifications ? ** Sylvain, Approaches mentioned in the past have included making a user record named 0 (that's a zero) so it's notified rather than the Public group, or I believe putting a filter on the AR System Email Messages form to throw an error on submit. Someone on this old post even mentions 00 could be interpreted as Public: search for "WARNING OF BAD AS DESIGNED FEATURE IN ITSM - zero in internet email field for person is not good." David Durling University of Georgia From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Sylvain YVON Sent: Friday, May 31, 2013 3:36 AM To: arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG> Subject: Idea for a protection against massive notifications ? ** Hello all, I'm coming to you after a rather big incident on my client's production server. Some filters create a list of users to notify of a certain action. It then removes the current user's login name from the list. Anyhow, there was a bug in the list that left a trailing "0" after the name of one user. When a few days ago he triggered a notification, the list had a "0" in it. Which is the id of the "Public" group. So our server started to send an email to 160k+ users. Thanks to a full tablespace, "only" 36k emails where sent. The bug itself is corrected, but my client would like us to find a definitive protection against this kind of problems. The only thing I can think of for now, is having a script that would watch the AR System Email Messages. If it has more than X outbound email to send, then interrupt Email Engine. I don't even know how I could do that in a clean way. Any thoughts ? Versions : AR System 7.5 p6 RHEL 5 Oracle 11g _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ This email is subject to certain disclaimers, which may be reviewed via the following link. http://compass-usa.com/Pages/Disclaimer.aspx _ARSlist: "Where the Answers Are" and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Re: Idea for a protection against massive notifications ?
I have seen a * do it as well. Doug From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of David Durling Sent: Friday, May 31, 2013 1:12 PM To: arslist@ARSLIST.ORG Subject: Re: Idea for a protection against massive notifications ? ** Sylvain, Approaches mentioned in the past have included making a user record named 0 (that's a zero) so it's notified rather than the Public group, or I believe putting a filter on the AR System Email Messages form to throw an error on submit. Someone on this old post even mentions 00 could be interpreted as Public: search for "WARNING OF BAD AS DESIGNED FEATURE IN ITSM - zero in internet email field for person is not good." David Durling University of Georgia From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Sylvain YVON Sent: Friday, May 31, 2013 3:36 AM To: arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG> Subject: Idea for a protection against massive notifications ? ** Hello all, I'm coming to you after a rather big incident on my client's production server. Some filters create a list of users to notify of a certain action. It then removes the current user's login name from the list. Anyhow, there was a bug in the list that left a trailing "0" after the name of one user. When a few days ago he triggered a notification, the list had a "0" in it. Which is the id of the "Public" group. So our server started to send an email to 160k+ users. Thanks to a full tablespace, "only" 36k emails where sent. The bug itself is corrected, but my client would like us to find a definitive protection against this kind of problems. The only thing I can think of for now, is having a script that would watch the AR System Email Messages. If it has more than X outbound email to send, then interrupt Email Engine. I don't even know how I could do that in a clean way. Any thoughts ? Versions : AR System 7.5 p6 RHEL 5 Oracle 11g _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ This email is subject to certain disclaimers, which may be reviewed via the following link. http://compass-usa.com/Pages/Disclaimer.aspx ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Re: Idea for a protection against massive notifications ?
Sylvain, Approaches mentioned in the past have included making a user record named 0 (that's a zero) so it's notified rather than the Public group, or I believe putting a filter on the AR System Email Messages form to throw an error on submit. Someone on this old post even mentions 00 could be interpreted as Public: search for "WARNING OF BAD AS DESIGNED FEATURE IN ITSM - zero in internet email field for person is not good." David Durling University of Georgia From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Sylvain YVON Sent: Friday, May 31, 2013 3:36 AM To: arslist@ARSLIST.ORG Subject: Idea for a protection against massive notifications ? ** Hello all, I'm coming to you after a rather big incident on my client's production server. Some filters create a list of users to notify of a certain action. It then removes the current user's login name from the list. Anyhow, there was a bug in the list that left a trailing "0" after the name of one user. When a few days ago he triggered a notification, the list had a "0" in it. Which is the id of the "Public" group. So our server started to send an email to 160k+ users. Thanks to a full tablespace, "only" 36k emails where sent. The bug itself is corrected, but my client would like us to find a definitive protection against this kind of problems. The only thing I can think of for now, is having a script that would watch the AR System Email Messages. If it has more than X outbound email to send, then interrupt Email Engine. I don't even know how I could do that in a clean way. Any thoughts ? Versions : AR System 7.5 p6 RHEL 5 Oracle 11g _ARSlist: "Where the Answers Are" and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Re: Idea for a protection against massive notifications ?
** I have posted this on Communities also : https://communities.bmc.com/message/326184 But I thought there might be more suggestions on the ARS List with all the veterans here. On Fri, May 31, 2013 at 9:36 AM, Sylvain YVON wrote: > Hello all, > > > > I'm coming to you after a rather big incident on my client's production > server. > > Some filters create a list of users to notify of a certain action. It then > removes the current user's login name from the list. Anyhow, there was a > bug in the list that left a trailing "0" after the name of one user. When a > few days ago he triggered a notification, the list had a "0" in it. Which > is the id of the "Public" group. So our server started to send an email to > 160k+ users. Thanks to a full tablespace, "only" 36k emails where sent. > > > > The bug itself is corrected, but my client would like us to find a > definitive protection against this kind of problems. > > > > The only thing I can think of for now, is having a script that would watch > the AR System Email Messages. If it has more than X outbound email to send, > then interrupt Email Engine. I don't even know how I could do that in a > clean way. > > > > Any thoughts ? > > > > Versions : > > AR System 7.5 p6 > > RHEL 5 > > Oracle 11g > ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"