On Sat, 30 May 2009 12:04:54 +0200 Ricardo Mones <mo...@debian.org> wrote:
>> Claws-Mail generates Message-ID headers of the form >> <time.num...@hostname> ; for example, >> <20090529055315.7f6ad...@foobar> . >> >> This does not conform to RFC-2822, which requires that the string >> after the "@" character be a fully-qualified domain name, in order to >> make the Message-ID globally unique. > > That's simply not true: it requires the Message-ID to be globally > unique and provides an example of algorithm to generate it, and > *recommends* the domain name to be in the right side to help it to be > unique. Yes. Anyway, the point is that without a FQDN in the Message-ID, there can be no guarantee that some other site will not coincidentally generate the same identifier. >> Some mailing list software will refuse to process messages because of >> this problem. > > That's interesting because they are wrongly interpreting then the RFC > in the way you exposed here while the RFC clearly states that there's > several algorithms to get a globally unique identifier and they would > also work. IOW: these list software are buggy regarding RFC 2822. Do > you have a list of them? See here, for example: http://www.robomod.net/doc/faq.txt It's clear that what Claws-Mail currently generates is not guaranteed to be globally unique, and is thus in violation of RFC-2822. Another problem with using the hostname of the sending machine is that this can expose information about a private network, which is undesirable. The message recipient doesn't need to know the name of the machine where the message was generated. >> A better choice would be for the Message-ID to be of the form >> <time.number.use...@fqdn> , where "use...@fqdn" is the sender's email >> address; for example, >> <20090309043710.b6bc3b96.ian_br...@fastmail.net> . This is what >> Sylpheed already does. > > This doesn't guarantee the identifier is globally unique and is just > slightly better than current one. Notice also the FQDN can also be > poorly configured in lots of machines which simply return the > hostname. That's why it should use the SENDER'S EMAIL ADDRESS, which is guaranteed to be qualified with respect to whatever domain the email is being transmitted within. Note that for POP and IMAP accounts, the domain part of the email address will probably have nothing to do with the host on which the message is generated. > The main source of uniqueness of the identifier goes to the number > part which I think is correct as it is. It can go right on being the main source of uniqueness; the point is that if the Message-ID includes the sender's email address, you won't get a collision when some unrelated host picks the same random number. It's important to also include the userid part of the email address, to cover the situation of a large number of accounts being hosted on the same POP or IMAP server, and having their messages generated on multiple uncoordinated client machines. >> Please import the relevant code section from Sylpheed, and also send >> this patch upstream. Thanks. > > It can be somewhat better to use the FQDN, hence I will probably > prepare a patch, but that won't solve the problem on machines whose > FQDN is the hostname. Once again, the machine hostname is irrelevant, because it's got nothing to do with the sender's email address. As Colin Leroy pointed out, there's already an option to set the domain name of the Message-ID, so most of the necessary code is already there. It just needs to be changed so that the default option is to use the email address instead of the hostname. And again, the Sylpheed code already does the right thing; I don't know why Claws-Mail doesn't just inherit that. -- Ian Bruce -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
