Re: submission configuration and RFC 6409

Wed, 12 Oct 2022 07:37:43 -0700 

Nick Tait:

A couple of months ago an email I sent from my phone was bounced by the
recipient's SMTP server because the email had no Message-ID header. It
turns out the email app that I've been using on my phone for years
doesn't generate a Message-ID, but this was the first time that this had
been a problem...


 On 12.10.22 09:41, Wietse Venema wrote:

Then that recipient will lose some portion of their email, because
the email RFCs do NOT require a Message-ID.


while correct, missing message-id can increase spamminess of mail message
(been there)


Anyway it turned out to be fairly simple to get Postfix to add the
missing Message-ID header: I just needed the email to satisfy
"local_header_rewrite_clients".


This will break valid DKIM signatures when you change the setting
to match arbitrary senders.



only if the sender generates DKIM signature, which is unlikely for clients 
that don't generate message-id.



But this got me thinking about 'best practice' configuration of Postfix
to meet RFC 6409, and I realised that (AFAICT) this isn't covered by the
Postfix documentation. And so I assume that most people (like me) just
uncomment the submission lines (in master.cf) provided by their distro's
postfix package? But this Message-ID experience has shown me that the
distro's master.cf submission, while good, is not 100% perfect?


There is no perfect defense against idiot system adminstrators.
Trying to enumerate all their mistakes is pointless. There is
no limit to human fallability.



if really needed, setting local_header_rewrite_clients on submission or 
smtps(submissions) ports should be safe as SMTP authentication is required 
on those portz.



if in doubt, one can still configure extra port for submission with 
local_header_rewrite_clients enabled although I'm not sure if it makes 
sense, especially when sender can change MUA to one that generates 
message-id.



--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Honk if you love peace and quiet.






















					Reply via email to