Ghost user creation sends a confirmation mail to "ghost@example.com"
Summary
After upgrading to the latest release of gitlab I cleaned up some user accounts that looked like spambots. Later received a bounce mail from my mail server telling me it's tried to send a confirmation mail to "ghost@example.com", an address that does not exist on a domain reserved by IETF for use as examples - but not for sending mail to.
This seems linked to some automatic creation of a "ghost user" called ghost that seems to have been added sort of recently, which is registered to the forementioned email address.
Steps to reproduce
Trigger the creation of ghost user somehow, I guess?
What is the current bug behavior?
This internal user is created with an email address that does not exist, and a confirmation email is sent to this non-existant address.
What is the expected correct behavior?
Mail not being sent to non-existant address on example domain.
Results of GitLab environment info
System information System: Debian 8.7 Current User: git Using RVM: no Ruby Version: 2.3.3p222 Gem Version: 2.6.6 Bundler Version:1.13.7 Rake Version: 10.5.0 Redis Version: 3.2.5 Git Version: 2.11.1 Sidekiq Version:4.2.7
GitLab information Version: 9.1.0 Revision: c3f0f143 Directory: /opt/gitlab/embedded/service/gitlab-rails DB Adapter: postgresql Using LDAP: no Using Omniauth: no
GitLab Shell Version: 5.0.2 Repository storage paths:
- default: /var/opt/gitlab/git-data/repositories Hooks: /opt/gitlab/embedded/service/gitlab-shell/hooks Git: /opt/gitlab/embedded/bin/git
Results of GitLab application Check
Possible fixes
Not sending any mail at all for this would be preferrable. Account should also probably just be blocked by default.