[pmg-devel] [PATCH pmg-api] fix #2785: no message-id for attachment-quarantine

Wed Jun 17 13:58:37 CEST 2020

Am 6/8/20 um 5:06 PM schrieb Stoiko Ivanov:
> When using the attachment quarantine - the message is:
> a) stored in the quarantine unaltered
> b) sent on with the attachment removed
> 
> Currently we do not change the message in any other way - in particular
> we do not change the message-id header of any of the 2 mails.
> 
> When a mail is released from the attachment quarantine it is sent by PMG
> with the same message-id as the mail with the attachments removed.
> 
> This is a violation of RFC 5322 (see [0]), and additionally newer versions
> of Exchange do accept 2 mails with the same message-id but silently discard
> the second version, thus making the attachment quarantine unusable for
> Exchange users.
> 
> This patch simply removes the Message-ID of the mail where the attachment is
> removed. When delivering this first message postfix/cleanup simply assigns
> a new message-id.
> 
> The Message-ID is left intact on the original message in order to keep DKIM
> signatures valid (they are invalidated on the modified mail by the removal
> of the attachment anyways).
> 
> Tested on my local setup with two rules (which both remove the attachment, but
> have different to objects) - the mails arrive as expected.
> 
> [0] https://tools.ietf.org/html/rfc5322 (section 3.6.4)
> 
> Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
> ---
> a few threads of our community forum where this has been reported:
> https://forum.proxmox.com/threads/delivering-attachments-from-the-attachment-quarantine-not-delivered-in-the-user-mailbox.68854/#post-308631
> https://forum.proxmox.com/threads/modify-subject-bei-attachment-quarantine-release.68227/#post-306209
> 
>  src/PMG/RuleDB/Remove.pm | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/src/PMG/RuleDB/Remove.pm b/src/PMG/RuleDB/Remove.pm
> index e57c216..2b15e2c 100644
> --- a/src/PMG/RuleDB/Remove.pm
> +++ b/src/PMG/RuleDB/Remove.pm
> @@ -224,6 +224,9 @@ sub execute {
>  	    my $original_entity = $entity->dup;
>  	    PMG::Utils::remove_marks($original_entity);
>  	    if (my $qid = $queue->quarantine_mail($ruledb, 'A', $original_entity, $tg, $msginfo, $vars, $ldap)) {
> +		# remove Message-ID header from mail without attachment to
> +		# prevent 2 different mails with the same Message-ID
> +		$entity->head->delete('Message-ID');
>  		foreach (@$tg) {
>  		    syslog ('info', "$queue->{logid}: moved mail for <%s> to attachment quarantine - %s (rule: %s)", $_, $qid, $rulename);
>  		}
> 

as said off-list, I'd keep the old message-id and prefix it with "pmgq-" or "copy-" or the like,
as the rest is already known unique and we only do this once here it is normally enough.
Optionally one could add some time/pid/... info but that shouldn't be needed.

rationale: I use message-ids quite a bit, so keeping some relation to the original one could be
nice, as it then allows searching for the common part easily.