They were just talking about this on the Postfix list today, as well. Wietse Venema is the developer of Postfix. Attached is a question regarding the Message ID, and his response. Interesting that this issue came up on both lists today.
Bill ----- Original Message ----- From: "R. Scott Perry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, June 03, 2003 1:43 PM Subject: RE: [Declude.JunkMail] Non-unique MessageID vs. BADHEADERS ? > > >So the HELOBOGUS will apply the same logic and NO longer check for "BOGUS" > >host names? > > > >If not - then why doesn't the same logic apply? > > The HELOBOGUS test gets around this by only checking the HELO/EHLO if the > sender is not a local user. > > >Frankly, I rather prefer to have a test that does it advertises to do (e.g., > >check for "BAD HEADERS"), and then let ME decide via "weights", how highly I > >want to rate this. > > The problem here is that if the BADHEADERS test catches 50% of legitimate > E-mail, nobody will use it. > > If you'd like to take this on with the mail client vendors, that would be > great. But this is one battle we're not going to try taking on. > > >Remember: Nobody is forced to use the BADHEADERS test > > True. But given that it can catch about 40%-50% of spam and virtually no > legitimate E-mail, it's one of the best tests in Declude JunkMail. > > > but those who do should be able to 'rely' on it discovering non-compliancy. > > It isn't designed to be a foolproof test of the headers (such as one that > mail client vendors could use to say "Our headers are 100% > RFC-compliant). It's designed to detect headers that are common in spam > that are not sent by standard mail clients, and which are not RFC-compliant. > > >For all other purposes you have the SPAMHEADERS test that is > >designed/advertised to be "flexible" and which is expected to "adopt" based > >on occurrence of certain issues in the "wild" - so THERE it would make sense > >to leave the MessageID FQDN check out of SPAMHEADERS. > > The qualifications for the two tests are: > > BADHEADERS: The header [1] must be common in spam, [2] must not be sent by > most legitimate mail clients, and [3] must be non-RFC-compliant. > > SPAMHEADERS: The header [1] must be common in spam, [2] must not be sent by > most legitimate mail clients, and [3] is RFC-compliant. > > The problem is that the non-FQDN in a Message-ID: header violates #2 -- it > is commonly sent by legitimate mail clients. Therefore, it isn't > appropriate for these tests. > > -Scott > --- > Declude JunkMail: The advanced anti-spam solution for IMail mailservers. > Declude Virus: Catches known viruses and is the leader in mailserver > vulnerability detection. > Find out what you have been missing: Ask for a free 30-day evaluation. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. >
--- Begin Message ---M. Yamaura: > Hi, > > I want to reject incoming mail without message-id. I saw > the some sources and it seems that Postfix can reject the content > of header below but I couldnot find how to reject when no message-id mail > is comming. The Message-ID header is not required. A week ago I added some code to require Message-ID (or Received: or From: or Date:) and removed this code after a few days. This feature stops too much mail. Wietse
--- End Message ---
