From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:403:4789::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id SAHPLQnnEmXORwAA9RJhRA:P1 (envelope-from ) for ; Tue, 26 Sep 2023 16:13:29 +0200 Received: from aspmx1.migadu.com ([2001:41d0:403:4789::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id SAHPLQnnEmXORwAA9RJhRA (envelope-from ) for ; Tue, 26 Sep 2023 16:13:29 +0200 Received: from mail.notmuchmail.org (yantan.tethera.net [IPv6:2a01:4f9:c011:7a79::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 01FA44CDEB for ; Tue, 26 Sep 2023 16:13:29 +0200 (CEST) Authentication-Results: aspmx1.migadu.com; dkim=fail ("body hash did not verify") header.d=fifthhorseman.net header.s=2019 header.b=RasnUILq; dkim=fail ("body hash did not verify") header.d=fifthhorseman.net header.s=2019rsa header.b=yrRhvgpW; spf=pass (aspmx1.migadu.com: domain of notmuch-bounces@notmuchmail.org designates 2a01:4f9:c011:7a79::1 as permitted sender) smtp.mailfrom=notmuch-bounces@notmuchmail.org; dmarc=fail reason="SPF not aligned (relaxed)" header.from=fifthhorseman.net (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1695737609; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references:list-id:list-help: list-owner:list-unsubscribe:list-subscribe:list-post:dkim-signature:autocrypt:autocrypt; bh=45r0Z0GvKNgdT8amDlZeyaWSL3qK2mcE5PgYGY9Q5Cc=; b=nyLrN75J1qzdykra2U0b0q4tY6/RFEXMb25NkVWPH0QA+17Dqo6KfK0DTkgWYD09+yI74R GIlDRxIJE/YYchTHAoco2VpWVHAgM6V86rxRp2lfEfCylfie7wDOvofDxX1CxxucCTM20V rK0o+hd06DJGcSnCJAC3YYPm/r4T6XmbYqCxhu34vjTEbJuTKf6mJ8A13szLIbQ/wuspyA F5itNlu71a/pZu0GJEJSwwkLhh5ER6g42F2XHWwKCY8rveku10JLser+U1MYDqXarIdYZ+ 3c/O/ERDUNNPvDXVYmqH6RnvisC6fczhAKg+ebciNYnhZI/3tYn9wrjNJMXvnw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1695737609; a=rsa-sha256; cv=none; b=X3DoFRy6K65yE5CI80rRbY+weKrZTGx8YPi78zTk+lb2AgBOtDaSIrR7IL00j9DyOaimLK 3khxe00F1zrVoCZMUnMiuTuz9NiF7oxIZShStzo5r9Uzva9Xr6/YDcQ4iF7+j0XmrFPzA3 01IJZMEoDhFgFPi1FGPY5AW3UbvR8dNe9LqI6oXYgC3uySmQj6AUe/Iivk3nq+O80aL9re tDIEG8Izgs7UHWplzdAEzZ14Rpzwfs0+QjRxh1AK2OZOi2m0x0nOvnAVdTtFkTmhxIRwoM y5xhzpT3BZ7QM7VHa2LI1ildnFbykV2TNxC/jRxVokFB8VAi/ZILY3n6SZaukA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("body hash did not verify") header.d=fifthhorseman.net header.s=2019 header.b=RasnUILq; dkim=fail ("body hash did not verify") header.d=fifthhorseman.net header.s=2019rsa header.b=yrRhvgpW; spf=pass (aspmx1.migadu.com: domain of notmuch-bounces@notmuchmail.org designates 2a01:4f9:c011:7a79::1 as permitted sender) smtp.mailfrom=notmuch-bounces@notmuchmail.org; dmarc=fail reason="SPF not aligned (relaxed)" header.from=fifthhorseman.net (policy=none) Received: from yantan.tethera.net (localhost [127.0.0.1]) by mail.notmuchmail.org (Postfix) with ESMTP id 45DA260A62; Tue, 26 Sep 2023 14:13:26 +0000 (UTC) X-Greylist: delayed 521 seconds by postgrey-1.36 at yantan; Tue, 26 Sep 2023 14:13:23 UTC Received: from che.mayfirst.org (unknown [162.247.75.117]) by mail.notmuchmail.org (Postfix) with ESMTPS id 7347A60A5F for ; Tue, 26 Sep 2023 14:13:23 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1695737078; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=vLICrHcpZT2S3kLL74HHnbMZvxxHOUIpxaO6SDGuMW0=; b=RasnUILqIlMbPvjpW0OUhA3ZSm9XuHtS7tgdVIVXpBul/XsL6PgPRzhndMvHhk8atYbTA Qn9xX3QF+Rtiy6DDQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1695737078; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=vLICrHcpZT2S3kLL74HHnbMZvxxHOUIpxaO6SDGuMW0=; b=yrRhvgpWCXkbWjPEhmA0ew8jB+iGG4lqi8mpjV8raCmivcad6Z8QkAY7kT2fRZsPq9u4q UAD1Zmnt6moy8lGarn01IUW30Orm0+d+w+1NB8LiPSnATTTCuUy87Pn/LG8DS3MmuNRDfb6 t6q2CVKbqgLz/nmMjZotk/iQHA6V7Dt3B03xiZTpr4zosP3bzkseUpNxmV3CcRV2jiGwLMz B2rS5szGfeVaUJKKDtaBT2Cj8E5gOkUjovKylLaxOw1inazO4HMV9M9r5MrjSi3uYv/vbQc h/PGdDx0jqQ0hJfAwIGKtYRF5nzm+o2wlSr8m54RY8gVNQAIGcBRXHuk3clA== Received: from fifthhorseman.net (AMERICAN-CI.ear2.NewYork6.Level3.net [4.59.214.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1)) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 0939BF9E8; Tue, 26 Sep 2023 10:04:37 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id B48612057F; Mon, 25 Sep 2023 18:45:23 -0400 (EDT) From: Daniel Kahn Gillmor To: Teemu Likonen , notmuch@notmuchmail.org Subject: Re: Fixed Message-ID trouble In-Reply-To: <874jjiskeo.fsf@iki.fi> References: <874jjiskeo.fsf@iki.fi> Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEX+i03xYJKwYBBAHaRw8BAQdACA4xvL/xI5dHedcnkfViyq84doe8zFRid9jW7CC9XBiI0QQf FgoAgwWCX+i03wWJBZ+mAAMLCQcJEOCS6zpcoQ26RxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNl cXVvaWEtcGdwLm9yZ/tr8E9NA10HvcAVlSxnox6z62KXCInWjZaiBIlgX6O5AxUKCAKbAQIeARYh BMKfigwB81402BaqXOCS6zpcoQ26AADZHQD/Zx9nc3N2kj13AUsKMr/7zekBtgfSIGB3hRCU74Su G44A/34Yp6IAkndewLxb1WdRSokycnaCVyrk0nb4imeAYyoPtBc8ZGtnQGZpZnRoaG9yc2VtYW4u bmV0PojRBBMWCgCDBYJf6LTfBYkFn6YAAwsJBwkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3Rh dGlvbnMuc2VxdW9pYS1wZ3Aub3JnL0Gwxvypz2tu1IPG+yu1zPjkiZwpscsitwrVvzN3bbADFQoI ApsBAh4BFiEEwp+KDAHzXjTYFqpc4JLrOlyhDboAAPkXAP0Z29z7jW+YzLzPTQML4EQLMbkHOfU4 +s+ki81Czt0WqgD/SJ8RyrqDCtEP8+E4ZSR01ysKqh+MUAsTaJlzZjehiQ24MwRf6LTfFgkrBgEE AdpHDwEBB0DkKHOW2kmqfAK461+acQ49gc2Z6VoXMChRqobGP0ubb4kBiAQYFgoBOgWCX+i03wWJ BZ+mAAkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3Jnfvo+ nHoxDwaLaJD8XZuXiaqBNZtIGXIypF1udBBRoc0CmwICHgG+oAQZFgoAbwWCX+i03wkQPp1xc3He VlxHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnaheiqE7Pfi3Atb3GGTw+ jFcBGOaobgzEJrhEuFpXREEWIQQttUkcnfDcj0MoY88+nXFzcd5WXAAAvrsBAIJ5sBg8Udocv25N stN/zWOiYpnjjvOjVMLH4fV3pWE1AP9T6hzHz7hRnAA8d01vqoxOlQ3O6cb/kFYAjqx3oMXSBhYh BMKfigwB81402BaqXOCS6zpcoQ26AADX7gD/b83VObe14xrNP8xcltRrBZF5OE1rQSPkMNy+eWpk eCwA/1hxiS8ZxL5/elNjXiWuHXEvUGnRoVj745Vl48sZPVYMuDgEX+i03xIKKwYBBAGXVQEFAQEH QIGex1WZbH6xhUBve5mblScGYU+Y8QJOomXH+rr5tMsMAwEICYjJBBgWCgB7BYJf6LTfBYkFn6YA CRDgkus6XKENukcUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmcEAx9vTD3b J0SXkhvcRcCr6uIDJwic3KFKxkH1m4QW0QKbDAIeARYhBMKfigwB81402BaqXOCS6zpcoQ26AAAX mwD8CWmukxwskU82RZLMk5fm1wCgMB5z8dA50KLw3rgsCykBAKg1w/Y7XpBS3SlXEegIg1K1e6dR fRxL7Z37WZXoH8AH Date: Mon, 25 Sep 2023 18:45:21 -0400 Message-ID: <874jjhvpmm.fsf@fifthhorseman.net> MIME-Version: 1.0 Message-ID-Hash: WJQBL7WR22DQ6BAXY5WURG5FWHICMOI4 X-Message-ID-Hash: WJQBL7WR22DQ6BAXY5WURG5FWHICMOI4 X-MailFrom: dkg@fifthhorseman.net X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-notmuch.notmuchmail.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.3 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Content-Type: multipart/mixed; boundary="===============2802734279442193181==" X-Migadu-Country: DE X-Migadu-Flow: FLOW_IN X-Spam-Score: 6.09 X-Migadu-Spam-Score: 6.09 X-Migadu-Scanner: mx1.migadu.com X-Migadu-Queue-Id: 01FA44CDEB X-TUID: eIrEzBJVPpsP --===============2802734279442193181== Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On Mon 2023-09-25 11:54:07 +0300, Teemu Likonen wrote: > Some person on debian-user mailing list seems to be sending messages > with fixed Message-ID field: the same ID in different messages. In > Notmuch it is creating trouble because it connects unrelated threads to > one. The person has different messages in different threads but Notmuch > thinks they are the same message because the Message-ID is the same. > > This is potentially a "denial of service" for Notmuch. Well, not quite, > but is harmful nonetheless. How would a Notmuch user fix the mess or > protect himself against it? fwiw, the duplicate message-id attack vector a long-recognized problem: https://nmbug.notmuchmail.org/nmweb/show/87k42vrqve.fsf%40pip.fifthhorsem= an.net yikes, over a decade ago =E2=98=B9 With recent versions of notmuch, if the problem is a message-id collision, you can at least *see* the different variant forms of a given message by cycling through the list of duplicates (e.g. via notmuch-show-choose-duplicate in notmuch-emacs), thanks to excellent work by David Bremner: https://nmbug.notmuchmail.org/nmweb/show/20220701214548.461943-1-david%40te= thera.net As for thread splitting/re-joining based on References: and In-Reply-To: headers, you might be interested in these oldies-but-goodies from the mailing list archives, which as far as i know we have never managed to resolve: https://nmbug.notmuchmail.org/nmweb/show/AANLkTimDjk_-Xjpf6uovGXgyG_3j-ySLW= QR%2B0UvdVjjT%40mail.gmail.com https://nmbug.notmuchmail.org/nmweb/show/87mvp9uwi4.fsf%40alice.fifthhorsem= an.net Sorry to only have archival references here and not robust/complete fixes. --dkg --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQQttUkcnfDcj0MoY88+nXFzcd5WXAUCZRINgwAKCRA+nXFzcd5W XDZoAQDHc5VaX/FDuoZ3TeIUfqInWcpnUzVKFQeFE806j8ETqQD/Q0IW2fCsNIdR SUU8wnjYateB9777rvw6XW0AdKo1VA0= =QbF+ -----END PGP SIGNATURE----- --=-=-=-- --===============2802734279442193181== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline --===============2802734279442193181==--