Carlos Horowicz:
> Hello list,
>
> I recently found out an unsolicited e-mail that caused high CPU
> consumption by cyrus imap on different mailstores.
> The poisoned e-mail has a structure of over 31.000 repetiions of these
> 4 lines in the header
>
> MIME-Version: 1.0
> Content-type: text/html; charset=iso-8859-1
> From: Magaly <ver...@club.com>
> Reply-To: fdsafdsaf...@xxxxxx
>
> The header lines are a bit less than 4 Megabytes.
>
> I'm running postfix 2.4.5 as MX for the domain that received this
> spam, and the only configuration line that seems to do some check
> regarding the header size is in main.cf.default:
>
> header_size_limit = 102400
This limits one header line, not the total number of bytes of
all headers combined.
> Is there a way in postfix configuration to control the header size or
> the max number of lines the header has ?
> or do I need to write a content-filter ?
Yes. Postfix makes no byte counts available in header_checks
or body_checks.
Meanwhile, you may want to ask cyrus imap people to make their
software more robust against large amounts of header text.
Wietse
