On Sun, 08 Sep 2024 08:55:54 +0200,
Christian Schulte <schulte.it@gmail.com> wrote:
> 
> You are talking about something like this, right? Looks reasonable to me.
> No hurry.
> 
> Sorry, if this mail does not show up correctly in the thread. I cannot get mutt
> to authenticate to the gmail account. So I really used vi and sendmail -t.
> 
> 
> Index: usr.sbin/smtpd/smtp_session.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/smtpd/smtp_session.c,v
> retrieving revision 1.442
> diff -u -p -u -r1.442 smtp_session.c
> --- usr.sbin/smtpd/smtp_session.c	20 Mar 2024 17:52:43 -0000	1.442
> +++ usr.sbin/smtpd/smtp_session.c	8 Sep 2024 06:48:13 -0000
> @@ -2625,7 +2625,7 @@ smtp_tx_dataline(struct smtp_tx *tx, con
>  
>  		case RFC5322_END_OF_HEADERS:
>  			if (tx->session->listener->local ||
> -			    tx->session->listener->port == htons(587)) {
> +			    tx->session->flags & SF_AUTHENTICATED) {
>  
>  				if (!tx->has_date) {
>  					log_debug("debug: %p: adding Date", tx);
> 


For what it's worth, this seems to be the right approach.

It is fully consistent with the wording of RFC 6409, which states that
authentication is required.

It also fixes some strange things like wired scanners that can only connect
to port 25 (or 465) and don't add date and message ID headers on their own.

-- 
wbr, Kirill