>>>>> "Michael" == Michael Peddemors <mich...@linuxmagic.com> writes:
> This should almost be an RFC discussion, rather than a dovecot > discussion, for clarity on what to do with a malformed Message-Id. Seems simple, just rename it to "Message-Id-Orig: ..." and insert your own. Fixes the problem, still let's you trace the message, etc. > For the record, if you start modifying it by deleting the bad message > id, and adding your own, you can start breaking other things, such as > DKIM signing etc.. > IMHO, Dovecot should simply refuse to accept or deliver a message with a > 'bad' message id, so that the sending system can identify and correct > the problem. > That way Dovecot doesn't need to address/modify the email message. > -- Michael -- > On 2022-10-01 21:35, Sébastien Riccio wrote: >> Hi, >> >> After reading a bit the code and trying to understand it, here is what I >> think happens here: >> >> Given a bogus Message-ID, for example (notice it's missing angle >> brackets < >: >> >> Message-ID: >> 1883biz_pay_after_purchase:0:0_572392900$ae7ed6e4d53b424c84aaf83b30c507e7 >> >> Dovecot is parsing Message-ID headers and is looking for the angle >> bracket as the begining of the Message-ID: >> https://github.com/dovecot/core/blob/d2ff32792ac052610cea7d65f30de1ee139cb55c/src/lib-mail/message-id.c#L75 >> >> <https://github.com/dovecot/core/blob/d2ff32792ac052610cea7d65f30de1ee139cb55c/src/lib-mail/message-id.c#L75> >> >> As none is found it will act as if there was no Message-ID header in the >> mail (even that the header is present). >> >> Then, pigeonhole's redirect function is told to generate a new >> Message-ID if none was previously detected: >> https://github.com/dovecot/pigeonhole/blob/5a3f4bd672cc2fb9e755a4b09c4753ac86e15f99/src/lib-sieve/cmd-redirect.c#L569 >> >> <https://github.com/dovecot/pigeonhole/blob/5a3f4bd672cc2fb9e755a4b09c4753ac86e15f99/src/lib-sieve/cmd-redirect.c#L569> >> >> The result is the mail being forwarded, in this case, is now having dual >> Message-ID and is not RFC 5322 compliant anymore and can be rejected for >> this reason (hi, gmail?) >> https://www.spamresource.com/2022/08/gmail-weird-rfc-5322-bounces-and-what.html >> >> <https://www.spamresource.com/2022/08/gmail-weird-rfc-5322-bounces-and-what.html> >> >> Some thoughts: >> >> - First, to be honest, I'm not sure gmail would accept the original mail >> with the bogus Message-ID sent directly to their servers, but if it was >> refused, I would assume that these senders would have fixed the issue on >> their side so their message are delivered (unless there is some >> whitelisting going on?) >> >> - What options could we have to resolve this? >> >> a) Having dovecot core to remove the Message-ID header line from the >> mail if it is not going to consider it valid ? (So there is no dupe >> headers when pigeonhole adds one?) >> b) Having pigeonhole check, when adding a new valid Message-ID, if there >> is already one existing, and remove the bogus one ? >> For now, to workaround this, I'm trying to find a way in the mail flow >> on our servers to keep only the top most Message-ID when more than one >> exists. >> Maybe using: https://www.postfix.org/postconf.5.html#smtp_header_checks >> <https://www.postfix.org/postconf.5.html#smtp_header_checks> but I'm not >> sure how to achieve it yet or even if it's possible. >> >> Kind regards >> >> *Sébastien RICCIO* >> >> *SYSTEM ADMINISTRATOR* >> >> *P* +41 840 888 888 >> >> *F***+41 840 888 000 >> >> *M****sric...@swisscenter.com <mailto:sric...@swisscenter.com>* >> >> * >> * >> >> >> >> ------ Message d'origine ------ >> De "michael.z...@feierfighter.de <mailto:michael.z...@feierfighter.de>" >> <michael.z...@feierfighter.de <mailto:michael.z...@feierfighter.de>> >> À "dovecot@dovecot.org <mailto:dovecot@dovecot.org>" >> <dovecot@dovecot.org <mailto:dovecot@dovecot.org>> >> Date 01.10.2022 14:49:13 >> Objet Re: Re[6]: Pigeonhole redirect is adding a message-id header when >> it already exists >> >>> Hi there, >>> I can confirm this behavior. A few months ago I introduced a milter >>> which is checking for multiple headers when the RFC says that there >>> just should be one of them For example "Message-Id". >>> I found the described problem in an email coming from Alibaba, which >>> had an invalid "Message-Id" header. It didn't contain an "@" sign or >>> similar. It was RFC-invalid. >>> This email was sent from Alibaba to a German email provider. There was >>> a redirect at that email provider, pointing to my mailserver. >>> My server rejected the email because there were 2 "Message-Id" >>> headers: The original invalid "Message-Id" header from Alibaba, and a >>> new "Message-Id" header from the German provider, which seems to have >>> been added during the redirect. There were "Dovecot-sieve" headers in >>> that mail, so my guess was that it happened because of >>> Dovecot-sieve/pigeonhole implementation. >>> I contacted the email provider, asking for help. Asking if it really >>> is a bug in pigeonhole (or maybe some other system at that provider, >>> who knows). And I contacted Alibaba, so they fix the invalid >>> "Message-Id". I got responses from both, but until now, as far as I >>> can see, it has not been fixed. >>> The best fix would be (if it really is a bug in pigeonhole), if >>> pigeonhole fixes the problem, then it's fixed for all users of >>> Dovecot. I guess Alibaba is not the only sender with an invalid >>> "Message-ID" header, but that's the only one I saw. >>> Michael >>> >>> >>> Am 01-Oct-2022 14:00:45 +0200 schrieb sric...@swisscenter.com >>> <mailto:sric...@swisscenter.com>: >>> >>> >You wrote in the original email the message was rejected. Sorry I >>> don't have login access to my gmail test account anymore since the >>> google @#$%@#$% wanted to have me add a phone number. >>> >>> In my original post I said that gmail was rejecting the forwards >>> because >>> of duplicate headers, and that the duplicate header seems to be a >>> Message-ID added by pigeonhole when it's "not happy" with the >>> original >>> mail Message-ID. >>> >>> I probably failed to explain the issue clearly and sorry for that. >>> >>> Thank you anyway for trying to help :) >>> > -- > "Catch the Magic of Linux..." > ------------------------------------------------------------------------ > Michael Peddemors, President/CEO LinuxMagic Inc. > Visit us at http://www.linuxmagic.com @linuxmagic > A Wizard IT Company - For More Info http://www.wizard.ca > "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. > ------------------------------------------------------------------------ > 604-682-0300 Beautiful British Columbia, Canada > This email and any electronic data contained are confidential and intended > solely for the use of the individual or entity to which they are addressed. > Please note that any views or opinions presented in this email are solely > those of the author and are not intended to represent those of the company.