On 3/1/2005 11:53 AM, Stuart Johnston wrote: > it is just that I get the impression that a lot of legitimate > mail servers may be sending mail without proper Message-ID's, causing > FPs. So, I wondered if anyone else had seen this as well.
This is really two separate questions. As to "legitimate" use, ftp://ftp.rfc-editor.org/in-notes/rfc2821.txt is not exactly crystaline, but it is pretty strong about encouraging originating mail servers adding the header: | The following changes to a message being processed MAY be applied | when necessary by an originating SMTP server, or one used as the | target of SMTP as an initial posting protocol: | | - Addition of a message-id field when none appears | | - Addition of a date, time or time zone when none appears | | - Correction of addresses to proper FQDN format | | The less information the server has about the client, the less likely | these changes are to be correct and the more caution and conservatism | should be applied when considering whether or not to perform fixes | and how. These changes MUST NOT be applied by an SMTP server that | provides an intermediate relay function. In my experience, "legitimate" mail servers add this header, and the only time it shows up is when a server is poorly-managed, or when a client is trying to connect to my server directly (the exception is local clients, but they use a different server instance on a different port, and which adds the header if it is missing). Whether or not these indicators are "false positives" is therefore pretty much a local consideration. If you get a lot of mail from poorly-run servers and direct connections, then yes it would be a false positive. -- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
