X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=class%2Fdeliver%2FDeliver.class.php;h=2f8e6a3153c666d2cdbd11def8e2be5668ceb008;hb=49c7f4111d0e0bf2e8e5eb661fc869006c2db2e1;hp=cbf12187c752d51d330cb57a63666bad004d3475;hpb=b67d61ee36dc1cc591fcb6c84e344ec9e10f7ea4;p=squirrelmail.git

diff --git a/class/deliver/Deliver.class.php b/class/deliver/Deliver.class.php
index cbf12187..2f8e6a31 100644
--- a/class/deliver/Deliver.class.php
+++ b/class/deliver/Deliver.class.php
@@ -491,8 +491,10 @@ class Deliver {
         global $domain, $username, $encode_header_key,
                $edit_identity, $hide_auth_header;
 
-        /* if server var SERVER_NAME not available, use $domain */
-        if(!sqGetGlobalVar('SERVER_NAME', $SERVER_NAME, SQ_SERVER)) {
+        /* if server var SERVER_NAME not available, or contains
+           ":" (e.g. IPv6) which is illegal in a Message-ID, use $domain */
+        if(!sqGetGlobalVar('SERVER_NAME', $SERVER_NAME, SQ_SERVER) ||
+            strpos($SERVER_NAME,':') !== FALSE) {
             $SERVER_NAME = $domain;
         }
 
@@ -506,16 +508,17 @@ class Deliver {
 
         /* This creates an RFC 822 date */
         $date = date('D, j M Y H:i:s ', time()) . $this->timezone();
+
         /* Create a message-id */
-        $message_id = '<' . (!empty($REMOTE_PORT) ? $REMOTE_PORT . '.' : '');
-//FIXME: if $REMOTE_ADDR is missing, should we skip this if/else block?  or perhaps try to generate it with some different kind of info?
-        if (isset($encode_header_key) && trim($encode_header_key)!='') {
-            // use encrypted form of remote address
-            $message_id.= OneTimePadEncrypt($this->ip2hex($REMOTE_ADDR),base64_encode($encode_header_key));
-        } else {
-            $message_id.= $REMOTE_ADDR;
-        }
-        $message_id .= '.' . time() . '.squirrel@' . $SERVER_NAME .'>';
+        $message_id = '<';
+        /* user-specifc data to decrease collision chance */
+        $seed_data = $username . '.';
+        $seed_data .= (!empty($REMOTE_PORT) ? $REMOTE_PORT . '.' : '');
+        $seed_data .= (!empty($REMOTE_ADDR) ? $REMOTE_ADDR . '.' : '');
+        /* add the current time in milliseconds and randomness */
+        $seed_data .= uniqid(mt_rand(),true);
+        /* put it through one-way hash and add it to the ID */
+        $message_id .= md5($seed_data) . '.squirrel@' . $SERVER_NAME .'>';
         $this->message_id = $message_id;
 
         /* Make an RFC822 Received: line */