[Dovecot] New deduplicate doveadm command - was Re: v2.2.4 released

Reindl Harald h.reindl at thelounge.net
Tue Jun 25 17:13:38 EEST 2013



Am 25.06.2013 16:02, schrieb Timo Sirainen:
> On 25.6.2013, at 16.52, Reindl Harald <h.reindl at thelounge.net> wrote:
> 
>> Am 25.06.2013 15:28, schrieb Timo Sirainen:
>>> Also there are several potential problems.. Like if there are duplicate Message-ID: headers, 
>>> but the body is different, should that be a duplicate?
>>
>> the answer is simply *yes* because there must not be the same
>> Message-ID's for different messages because the words "single
>> unique message identifier" are pretty clear
> 
> I'm more concerned about intentional abuse. For example if you're dropping duplicate 
> messages by Message-ID, I could first send this reply to you privately, and then another 
> message with same Message-ID: but different content to the mailing list, and you'd never 
> know it without looking into the archives from web.

this is very much theory und unlikely as well as
only for this specific example possible where you
send both messages

this way nobody is able to guess a message-ID of
a regular message and replace it and veen if he
knows he needs to be faster with hiss fake as
the origin message - very very unlikely

> Also I wouldn't be surprised if there still were some crappy webforms that 
> always sent the same Message-Id..

well if we take care of such crap we can stop read any RFC and
would need to disable any spamfilters which especially for
score based filters rely on common standards

hence, these days on barracuda spamfirewall you get even a FULL
score point if you send a HTML-message and subject/html-title
differs

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20130625/8328303a/attachment-0001.bin>


More information about the dovecot mailing list