Matus UHLAR - fantomas:
> >Nick Tait:
> >> A couple of months ago an email I sent from my phone was bounced by the
> >> recipient's SMTP server because the email had no Message-ID header. It
> >> turns out the email app that I've been using on my phone for years
> >> doesn't generate a Message-ID, but this was the first time that this had
> >> been a problem...
>
> On 12.10.22 09:41, Wietse Venema wrote:
> >Then that recipient will lose some portion of their email, because
> >the email RFCs do NOT require a Message-ID.
>
> while correct, missing message-id can increase spamminess of mail message
> (been there)
>
> >> Anyway it turned out to be fairly simple to get Postfix to add the
> >> missing Message-ID header: I just needed the email to satisfy
> >> "local_header_rewrite_clients".
> >
> >This will break valid DKIM signatures when you change the setting
> >to match arbitrary senders.
>
> only if the sender generates DKIM signature, which is unlikely for clients
> that don't generate message-id.
This would break signatures from REMOTE MTAs.
> >> But this got me thinking about 'best practice' configuration of Postfix
> >> to meet RFC 6409, and I realised that (AFAICT) this isn't covered by the
> >> Postfix documentation. And so I assume that most people (like me) just
> >> uncomment the submission lines (in master.cf) provided by their distro's
> >> postfix package? But this Message-ID experience has shown me that the
> >> distro's master.cf submission, while good, is not 100% perfect?
> >
> >There is no perfect defense against idiot system adminstrators.
> >Trying to enumerate all their mistakes is pointless. There is
> >no limit to human fallability.
>
> if really needed, setting local_header_rewrite_clients on submission or
> smtps(submissions) ports should be safe as SMTP authentication is required
> on those portz.
There is no need for that, just do in main.cf:
local_header_rewrite_clients = permit_mynetworks, permit_sasl_authenticated
Why it isn't the default I cannot remember.
Wietse
