>From: Nico Erfurth <masta@???>
>To: Craig Kelley <ckelley@???>,
> "Exim-Users (E-mail)" <exim-users@???>
>Subject: Re: [Exim] Adding "Seen" Headers
>Date: Wed, 21 Apr 2004 17:43:09 +0200
>
>Craig Kelley wrote:
>
>> I would like to uniquely tag a message after it's been "seen" by a
>> transport. I was thinking of something like this:
>>
>> headers_add = X-Done-Spamcheck: ${md5:thisisthespamsecret$h_Message-ID:}
>>
>> Where "thisisthespamsecret" would be the "secret" and the Message-ID
>> would be the unique bit of information in an email. I'm worried that
>> Message-ID may be null at some point though? Is there a better string
>> expansion to use as some sort of unique identifier?
RFC2822 requires the originator field(s) and Date header to be
present. Everything else is optional. So it's quite possible that
$h_Message-ID: may be null as there's no requirement for it to be
present. And exim will no longer add the Message-ID: header if it
isn't present. The Changelog for exim4.30 includes:
56. Exim used to add From:, Date:, and Message-Id: header lines to any
incoming messages that did not have them. Now it does so only if the
message originates locally, that is, if there is no associated remote host
address. When Resent- header lines are present, this applies to the Resent-
lines rather than the non-Resent- lines.
>IIRC Message-ID is ALWAYS available when running the transports,
>either the original one or one generate by exim (when there was no
>msg-id while receiving the message).
>
>Btw, you should consider using the hmac
>expansion item instead of md5 on it's own, see
>http://www.exim.org/exim-html-4.30/doc/html/spec_11.html#IX795
I'll endorse the recommendation for using hmac. I'm doing something
similar to what you want, but in acl_smtp_data.
I have:
# We're just about to accept this message. There's a chance
# (maildelivery file, sieve script, mailing list expansion etc) it
# may go off-campus. So attempt to add a cryptographic "checks
# done" header to prevent re-scanning if the body doesn't change.
# This is never going to be perfect, unless we use the entire
# message body. But it should be a reasonable check.
warn message = X-scanner: CRYPTOSECRET
where CRYPTOSECRET was set earlier as:
# Used when constructing a cryptographic checksum for a message.
CRYPTOSECRET = ${hmac{sha1}{SHASECRET}\
{$h_message_id:,$message_body,$message_body_end,$body_linecount}}
and SHASECRET was set as the oputput of:
dd if=/dev/urandom bs=1024 count=1 | sha1
on an OpenBSD box.
