Message-ID should surely not be shown as a mailto: URL
So looking at page source for, eg,
http://archives.postgresql.org/pgsql-hackers/2008-06/msg00338.php
I see
<li><strong>From</strong>: Tom Lane <<a href="mailto:tgl@DOMAIN.HIDDEN">tgl(at)sss(dot)pgh(dot)pa(dot)us</a>></li>
<li><strong>To</strong>: <a href="mailto:pgsql-hackers@DOMAIN.HIDDEN">pgsql-hackers(at)postgresql(dot)org</a></li>
<li><strong>Subject</strong>: Re: We have a launch abort ... PG update releases will be delayed</li>
<li><strong>Date</strong>: Sat, 07 Jun 2008 11:45:56 -0400</li>
<li><strong>Message-id</strong>: <<a href="mailto:20506.1212853556@DOMAIN.HIDDEN">20506(dot)1212853556(at)sss(dot)pgh(dot)pa(dot)us</a>></li>
This seems outright silly. In the first place, I do not see the value
of displaying mailto: URLs containing intentionally-broken addresses.
In the second, even if the domain names were fixed, there is no way on
god's green earth that mailto: a Message-ID is going to work.
Hm, I wonder if sloppiness of this sort accounts for the remarkable
prevalence in my mail logs of spam-sign like this:
Jun 9 00:44:06 sss2 sm-mta[4062]: m594i5Ns004062: <19570.1142971720@sss.pgh.pa.us>... User unknown
I don't pretend to know what is the approved way to deal with these
issues, but *this* can't be best practice.
regards, tom lane
On Mon, Jun 09, 2008 at 02:30:55AM -0400, Tom Lane wrote:
Hm, I wonder if sloppiness of this sort accounts for the remarkable
prevalence in my mail logs of spam-sign like this:Jun 9 00:44:06 sss2 sm-mta[4062]: m594i5Ns004062: <19570.1142971720@sss.pgh.pa.us>... User unknown
Good bet.
I don't pretend to know what is the approved way to deal with these
issues, but *this* can't be best practice.
Obviously, someone is looking for something that _looks_ like a mail
address, attempting to munge it, and on the way through, changing it
to a mailto: link. I think some parsing of the RFC2821/2822 headers
is needed first, so that one doesn't do this for things like the
message id.
A
--
Andrew Sullivan
ajs@commandprompt.com
+1 503 667 4564 x104
http://www.commandprompt.com/
Andrew Sullivan wrote:
On Mon, Jun 09, 2008 at 02:30:55AM -0400, Tom Lane wrote:
I don't pretend to know what is the approved way to deal with these
issues, but *this* can't be best practice.Obviously, someone is looking for something that _looks_ like a mail
address, attempting to munge it, and on the way through, changing it
to a mailto: link. I think some parsing of the RFC2821/2822 headers
is needed first, so that one doesn't do this for things like the
message id.
Mhonarc does this mangling. I tried to stop it but couldn't find the
way. I didn't investigate it too closely though, so most likely there
is a way to make it work. If anyone wants to spend some time on it,
feel free to send patches. Our resource files are here:
https://pgweb.postgresql.org/browser/trunk/archives/bin/resource-current
https://pgweb.postgresql.org/browser/trunk/archives/bin/resource-common
https://pgweb.postgresql.org/browser/trunk/archives/bin/resource-utf8
The actual mhonarc call is in this script:
https://pgweb.postgresql.org/browser/trunk/archives/bin/mk-mhonarc
The mhonarc documentation:
http://www.mhonarc.org/MHonArc/doc/mhonarc.html
Oh, FWIW, the Message-ID URLs (which are just hard links actually) are
created by this script:
https://pgweb.postgresql.org/browser/trunk/archives/bin/createmsgid.pl
It has a couple of holes (i.e. there are certain types of Message-Ids
for which it doesn't work), so patches are welcome too.
--
Alvaro Herrera http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.
Andrew Sullivan <ajs@commandprompt.com> writes:
On Mon, Jun 09, 2008 at 02:30:55AM -0400, Tom Lane wrote:
I don't pretend to know what is the approved way to deal with these
issues, but *this* can't be best practice.
Obviously, someone is looking for something that _looks_ like a mail
address, attempting to munge it, and on the way through, changing it
to a mailto: link. I think some parsing of the RFC2821/2822 headers
is needed first, so that one doesn't do this for things like the
message id.
What I'm complaining about is the logical disconnect involved in
sticking a mailto: onto an address that you have carefully made
unusable for sending mail to. I don't have a problem with munging
all of them, just leave off the mailto decoration.
regards, tom lane
Alvaro Herrera wrote:
Andrew Sullivan wrote:
On Mon, Jun 09, 2008 at 02:30:55AM -0400, Tom Lane wrote:
I don't pretend to know what is the approved way to deal with these
issues, but *this* can't be best practice.Obviously, someone is looking for something that _looks_ like a mail
address, attempting to munge it, and on the way through, changing it
to a mailto: link. I think some parsing of the RFC2821/2822 headers
is needed first, so that one doesn't do this for things like the
message id.Mhonarc does this mangling. I tried to stop it but couldn't find the
way. I didn't investigate it too closely though, so most likely there
is a way to make it work. If anyone wants to spend some time on it,
feel free to send patches. Our resource files are here:https://pgweb.postgresql.org/browser/trunk/archives/bin/resource-current
https://pgweb.postgresql.org/browser/trunk/archives/bin/resource-common
https://pgweb.postgresql.org/browser/trunk/archives/bin/resource-utf8The actual mhonarc call is in this script:
https://pgweb.postgresql.org/browser/trunk/archives/bin/mk-mhonarcThe mhonarc documentation:
http://www.mhonarc.org/MHonArc/doc/mhonarc.html
I looked at this for a while and am uncertain how to affect the header
display. When I was dealing with this, I considered the message-id to
be an identifier, rather than something I wanted displayed in the email
header block, so I put it above the header:
http://momjian.us/mhonarc/patches_hold/msg00021.html
Using these mhonarc.rc lines:
<MSGHEAD>
Message-ID: $MSGID$
</MSGHEAD>
You could even modify this to add a link to show the message by
message-id URL.
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
Alvaro Herrera wrote:
Andrew Sullivan wrote:
On Mon, Jun 09, 2008 at 02:30:55AM -0400, Tom Lane wrote:
I don't pretend to know what is the approved way to deal with these
issues, but *this* can't be best practice.Obviously, someone is looking for something that _looks_ like a mail
address, attempting to munge it, and on the way through, changing it
to a mailto: link. I think some parsing of the RFC2821/2822 headers
is needed first, so that one doesn't do this for things like the
message id.Mhonarc does this mangling. I tried to stop it but couldn't find the
way. I didn't investigate it too closely though, so most likely there
is a way to make it work. If anyone wants to spend some time on it,
feel free to send patches. Our resource files are here:https://pgweb.postgresql.org/browser/trunk/archives/bin/resource-current
https://pgweb.postgresql.org/browser/trunk/archives/bin/resource-common
https://pgweb.postgresql.org/browser/trunk/archives/bin/resource-utf8The actual mhonarc call is in this script:
https://pgweb.postgresql.org/browser/trunk/archives/bin/mk-mhonarcThe mhonarc documentation:
http://www.mhonarc.org/MHonArc/doc/mhonarc.html
Have you tried adding this to your mhonarc.rc file?
<NOMAILTO>
In fact looking at:
https://pgweb.postgresql.org/browser/trunk/archives/bin/resource-common
I see the use of MAILTO even though the comment doesn't match:
<!-- Don't convert e-mail addresses to mailto: URLs -->
25 <MAILTO>
It seems logical seeing as we are already using:
<SPAMMODE>
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
Bruce Momjian wrote:
Have you tried adding this to your mhonarc.rc file?
<NOMAILTO>
Hmm, no, I just added it and the archive is being reprocessed. The
mailto: links have now been removed; for example see
http://archives.postgresql.org/pgsql-committers/2008-11/msg00111.php
(Mhonarc is still running)
I see the use of MAILTO even though the comment doesn't match:
<!-- Don't convert e-mail addresses to mailto: URLs -->
25 <MAILTO>
Ugh. I assume Marc took the original config file and switched the
setting without even looking at the comment.
--
Alvaro Herrera http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.
Okay, so Bruce got in Perl hacking mode today and wrote a script to
munge the message-ids. If you look at our archives you'll notice that
on each message the Message-Id header is now a proper link to the
message itself using the message-id-style URL, and it is no longer
munged by the "no spam" Mhonarc mode. (Well, actually it is, and it's
de-munged by Bruce's script later on. We'll be fixing that too
hopefully!)
Thanks Bruce!
--
Alvaro Herrera http://www.CommandPrompt.com/
PostgreSQL Replication, Consulting, Custom Development, 24x7 support