The Message-ID that mutt generates is supposed to be unique. Up till now
mutt would generate this ID based on the current date and time, followed by
".G". followed by a letter A to Z (A for the 1st and 27th email sent, Z for
the 26th, etc.), followed by the pid of the active mutt process, followed
by "@" and the configured hostname.
This can lead to information being leaked as to an users email habits and
activities, which might be undesirable.
By replacing these parts between the "." and the "@" in the Message-ID
with a random number we no longer include this information. An additional
benefit of this change is that the domain of values from which this part
now gets constructed is bigger and less predictable.
---
sendlib.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/sendlib.c b/sendlib.c
index cdec5beb..bfb83eb2 100644
--- a/sendlib.c
+++ b/sendlib.c
@@ -79,8 +79,6 @@ const char B64Chars[64] = {
'8', '9', '+', '/'
};
-static char MsgIdPfx = 'A';
-
static void transform_to_7bit (BODY *a, FILE *fpin);
static void encode_quoted (FGETCONV * fc, FILE *fout, int istext)
@@ -2410,10 +2408,9 @@ char *mutt_gen_msgid (void)
if (!(fqdn = mutt_fqdn(0)))
fqdn = NONULL(Hostname);
- snprintf (buf, sizeof (buf), "<%d%02d%02d%02d%02d%02d.G%c%u@%s>",
+ snprintf (buf, sizeof (buf), "<%d%02d%02d%02d%02d%02d.%d@%s>",
tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, tm->tm_hour,
- tm->tm_min, tm->tm_sec, MsgIdPfx, (unsigned int)getpid (), fqdn);
- MsgIdPfx = (MsgIdPfx == 'Z') ? 'A' : MsgIdPfx + 1;
+ tm->tm_min, tm->tm_sec, random(), fqdn);
return (safe_strdup (buf));
}
--
2.25.3
