[pmg-devel] [PATCH pmg-api] fix #2785: no message-id for attachment-quarantine

Stoiko Ivanov s.ivanov at proxmox.com
Mon Jun 8 17:06:48 CEST 2020


When using the attachment quarantine - the message is:
a) stored in the quarantine unaltered
b) sent on with the attachment removed

Currently we do not change the message in any other way - in particular
we do not change the message-id header of any of the 2 mails.

When a mail is released from the attachment quarantine it is sent by PMG
with the same message-id as the mail with the attachments removed.

This is a violation of RFC 5322 (see [0]), and additionally newer versions
of Exchange do accept 2 mails with the same message-id but silently discard
the second version, thus making the attachment quarantine unusable for
Exchange users.

This patch simply removes the Message-ID of the mail where the attachment is
removed. When delivering this first message postfix/cleanup simply assigns
a new message-id.

The Message-ID is left intact on the original message in order to keep DKIM
signatures valid (they are invalidated on the modified mail by the removal
of the attachment anyways).

Tested on my local setup with two rules (which both remove the attachment, but
have different to objects) - the mails arrive as expected.

[0] https://tools.ietf.org/html/rfc5322 (section 3.6.4)

Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
---
a few threads of our community forum where this has been reported:
https://forum.proxmox.com/threads/delivering-attachments-from-the-attachment-quarantine-not-delivered-in-the-user-mailbox.68854/#post-308631
https://forum.proxmox.com/threads/modify-subject-bei-attachment-quarantine-release.68227/#post-306209

 src/PMG/RuleDB/Remove.pm | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/PMG/RuleDB/Remove.pm b/src/PMG/RuleDB/Remove.pm
index e57c216..2b15e2c 100644
--- a/src/PMG/RuleDB/Remove.pm
+++ b/src/PMG/RuleDB/Remove.pm
@@ -224,6 +224,9 @@ sub execute {
 	    my $original_entity = $entity->dup;
 	    PMG::Utils::remove_marks($original_entity);
 	    if (my $qid = $queue->quarantine_mail($ruledb, 'A', $original_entity, $tg, $msginfo, $vars, $ldap)) {
+		# remove Message-ID header from mail without attachment to
+		# prevent 2 different mails with the same Message-ID
+		$entity->head->delete('Message-ID');
 		foreach (@$tg) {
 		    syslog ('info', "$queue->{logid}: moved mail for <%s> to attachment quarantine - %s (rule: %s)", $_, $qid, $rulename);
 		}
-- 
2.20.1




More information about the pmg-devel mailing list