Received: from localhost (unknown [200.46.204.183])
	by developer.postgresql.org (Postfix) with ESMTP id D11F12E00CF
	for <pgsql-www-postgresql.org@developer.postgresql.org>;
	Mon,  9 Jun 2008 11:15:29 -0300 (ADT)
Received: from developer.postgresql.org ([200.46.204.71])
	by localhost (mx1.hub.org [200.46.204.183]) (amavisd-maia, port 10024)
	with ESMTP id 35253-03-4
	for <pgsql-www-postgresql.org@developer.postgresql.org>;
	Mon,  9 Jun 2008 11:14:43 -0300 (ADT)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from lists.commandprompt.com (host-159.commandprompt.net
	[207.173.203.159])
	by developer.postgresql.org (Postfix) with ESMTP id 8660F2E00F2
	for <pgsql-www@postgresql.org>; Mon,  9 Jun 2008 10:55:09 -0300 (ADT)
Received: from commandprompt.com (227-54-222-209.mycybernet.net
	[209.222.54.227]) (authenticated bits=0)
	by lists.commandprompt.com (8.13.8/8.13.8) with ESMTP id m59DuevE024049
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <pgsql-www@postgresql.org>; Mon, 9 Jun 2008 06:56:43 -0700
Date: Mon, 9 Jun 2008 09:55:04 -0400
From: Andrew Sullivan <ajs@commandprompt.com>
To: pgsql-www@postgresql.org
Subject: Re: Message-ID should surely not be shown as a mailto:
	URL
Message-ID: <20080609135503.GB83012@commandprompt.com>
References: <5608.1212993055@sss.pgh.pa.us>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <5608.1212993055@sss.pgh.pa.us>
User-Agent: Mutt/1.5.17 (2007-11-01)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0
	(lists.commandprompt.com [207.173.203.159]);
	Mon, 09 Jun 2008 06:56:44 -0700 (PDT)
X-Virus-Scanned: Maia Mailguard 1.0.1
X-Archive-Number: 200806/50
X-Sequence-Number: 15277

On Mon, Jun 09, 2008 at 02:30:55AM -0400, Tom Lane wrote:
> 
> Hm, I wonder if sloppiness of this sort accounts for the remarkable
> prevalence in my mail logs of spam-sign like this:
> 
> Jun  9 00:44:06 sss2 sm-mta[4062]: m594i5Ns004062: <19570.1142971720@sss.pgh.pa.us>... User unknown

Good bet.

> I don't pretend to know what is the approved way to deal with these
> issues, but *this* can't be best practice.

Obviously, someone is looking for something that _looks_ like a mail
address, attempting to munge it, and on the way through, changing it
to a mailto: link.  I think some parsing of the RFC2821/2822 headers
is needed first, so that one doesn't do this for things like the
message id.   

A

-- 
Andrew Sullivan
ajs@commandprompt.com
+1 503 667 4564 x104
http://www.commandprompt.com/