Defect #6355
closed
Redmine notification mailer.rb creates email messages with RFC-violating Message-ID: headers containing invalid ".." (doubled periods) sub-strings
0%
Description
Redmine notification mailer.rb creates email messages with RFC-violating Message-ID: headers containing invalid ".." (doubled periods) sub-strings. The invalid messages trigger our anti-spam filters.
Issue appears on version 0.8.5 and in version 0.9.4. The message-id generating code appears unchanged in 1.0.1.
It might be a bug in mailer.rb code - messages for items with an associated object (bug status update messages to watchers) seem valid, but account related messages (new user registration and password reset) create bogus message-ids.
No header format complaints are generated for substituting underscore for dot as separator in left hand side of message-id header. So long as there's no code depending on parsing dot-separated contents in that string, a simple substitution should fix the header format.
The RFC 5322 spec disallows consecutive periods in a mail address or a Message-ID header.
See http://tools.ietf.org/html/rfc5322
Probably needs this code fixed in app/models/mailer.rb, replacing underscore for period as the separator.
# Returns a predictable Message-Id for the given object
def self.message_id_for(object)
# id + timestamp should reduce the odds of a collision
# as far as we don't send multiple emails for the same object
timestamp = object.send(object.respond_to?(:created_on) ? :created_on : :updated_on)
hash = "redmine.#{object.class.name.demodulize.underscore}-#{object.id}.#{timestamp.strftime("%Y%m%d%H%M%S")}"
host = Setting.mail_from.to_s.gsub(%r{^.*@}, '')
host = "#{::Socket.gethostname}.redmine" if host.empty?
"<#{hash}@#{host}>"
end
Updated by 
Updated by 
Updated by