-
Notifications
You must be signed in to change notification settings - Fork 100
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Message-ID #728
Comments
Let's create a test program to generate the Message-ID using JakartaMail 2.1.3:
On my machine this outputs:
RFC-822 [pg. 39]
From what I can tell JakartaMail matches the Appendix A.3.3 of RFC-822. If the spam rule is failing due to the domain not matching then that is a configuration problem on your sending machine where you need to correct the canonical hostname lookup or simply specify More information is needed. |
Related #460 |
This project changed ownership and name a few times, and old web pages are not in sync. As a result, users of the project are not necessarily using the latest version. When I read JavaMail in the mid, then they are using an old version. Hard to say which one. I see from your demo above that the new mid does not include a reference to the project. This makes it hard for us to help offending senders. If the name of the project is in the mid, then we know they are using a CMS of some sort, so the blame for misconfiguration is on the software house writing the CMS. If you hide the "JavaMail" or "JakartaMail" reference, it will be impossible to offer a reference like this. Still on the new mid, it is still possible for a user to specify a non-conformant domain-ref. The software should include a runtime sanity check, and fail hard when the domain-ref is not a valid FQDN. Ideally, to solve the problem once and for all, the user should not specify any such parameter: the software ought to figure-out the public FQDN of the server and propose it to the user as sane default during initial configuration. Then the user can accept or improve the default. In this case, the configuration should mention the RFC, and include a runtime test to validate the user's value. Again, the software should fail hard in case of non compliance. I would also put a big red notice on all old web pages of the project, pointing at the new page here. |
That is a ticket for the software using JakartaMail. They should be setting a User-Agent and or X-Mailer header on the MimeMessage to identify itself.
This is intentional to hide this information for security reasons:
There are improvements here but they are limited to syntax checking which seems reasonable. Name lookup will be avoided due to cost of the lookup which is a known problem.
That is a issue ticket for the software using JakartaMail. InternetAddress::getLocalAddress is what is used to compute the Message-ID. That method returns an object with a validation method. Consumers of JakartaMail can use that method to validate the Message-ID domain. I'll look at making some of these changes. |
Hello,
JavaMail sends non-conformant Message-IDs that are catched by spam filters.
Be a good netizen and conform to the standard.
Thank you.
RFC-822 [pg. 30]
RFC-822 [pg. 23]
4.6.1. MESSAGE-ID / RESENT-MESSAGE-ID
RFC-822 [pp. 44-46]
The text was updated successfully, but these errors were encountered: