From 8d95ceb31a696dd88bb65d9720d22f42f57d3988 Mon Sep 17 00:00:00 2001
From: Chris Zietlow <aczietlow@gmail.com>
Date: Tue, 23 Apr 2019 18:31:30 -0400
Subject: [PATCH] Update Sending Profile Message-ID headers (#1417) (#1441)

Adds a default message-ID header to outbound emails.
---
 models/maillog.go | 38 ++++++++++++++++++++++++++++++++++++++
 models/smtp.go    |  1 +
 2 files changed, 39 insertions(+)

diff --git a/models/maillog.go b/models/maillog.go
index 98e4a904..59a7f639 100644
--- a/models/maillog.go
+++ b/models/maillog.go
@@ -1,12 +1,15 @@
 package models
 
 import (
+	"crypto/rand"
 	"encoding/base64"
 	"errors"
 	"fmt"
 	"io"
 	"math"
+	"math/big"
 	"net/mail"
+	"os"
 	"strings"
 	"time"
 
@@ -162,6 +165,14 @@ func (m *MailLog) Generate(msg *gomail.Message) error {
 	if conf.ContactAddress != "" {
 		msg.SetHeader("X-Gophish-Contact", conf.ContactAddress)
 	}
+
+	// Add Message-Id header as described in RFC 2822.
+	messageID, err := m.generateMessageID()
+	if err != nil {
+		return err
+	}
+	msg.SetHeader("Message-Id", messageID)
+
 	// Parse the customHeader templates
 	for _, header := range c.SMTP.Headers {
 		key, err := ExecuteTemplate(header.Key, ptx)
@@ -261,3 +272,30 @@ func LockMailLogs(ms []*MailLog, lock bool) error {
 func UnlockAllMailLogs() error {
 	return db.Model(&MailLog{}).Update("processing", false).Error
 }
+
+var maxBigInt = big.NewInt(math.MaxInt64)
+
+// generateMessageID generates and returns a string suitable for an RFC 2822
+// compliant Message-ID, e.g.:
+// <1444789264909237300.3464.1819418242800517193@DESKTOP01>
+//
+// The following parameters are used to generate a Message-ID:
+// - The nanoseconds since Epoch
+// - The calling PID
+// - A cryptographically random int64
+// - The sending hostname
+func (m *MailLog) generateMessageID() (string, error) {
+	t := time.Now().UnixNano()
+	pid := os.Getpid()
+	rint, err := rand.Int(rand.Reader, maxBigInt)
+	if err != nil {
+		return "", err
+	}
+	h, err := os.Hostname()
+	// If we can't get the hostname, we'll use localhost
+	if err != nil {
+		h = "localhost.localdomain"
+	}
+	msgid := fmt.Sprintf("<%d.%d.%d@%s>", t, pid, rint, h)
+	return msgid, nil
+}
diff --git a/models/smtp.go b/models/smtp.go
index f6dca63e..b2e45459 100644
--- a/models/smtp.go
+++ b/models/smtp.go
@@ -213,6 +213,7 @@ func PutSMTP(s *SMTP) error {
 		log.Error(err)
 		return err
 	}
+	// Save custom headers
 	for i := range s.Headers {
 		s.Headers[i].SMTPId = s.Id
 		err := db.Save(&s.Headers[i]).Error