Re: Huge header detection
Thanks! Carlos On Fri, Feb 6, 2009 at 12:02 AM, Wietse Venema wie...@porcupine.org wrote: Carlos Horowicz: Hello list, I recently found out an unsolicited e-mail that caused high CPU consumption by cyrus imap on different mailstores. The poisoned e-mail has a structure of over 31.000 repetiions of these 4 lines in the header MIME-Version: 1.0 Content-type: text/html; charset=iso-8859-1 From: Magaly ver...@club.com Reply-To: fdsafdsaf...@xx The header lines are a bit less than 4 Megabytes. I'm running postfix 2.4.5 as MX for the domain that received this spam, and the only configuration line that seems to do some check regarding the header size is in main.cf.default: header_size_limit = 102400 This limits one header line, not the total number of bytes of all headers combined. Is there a way in postfix configuration to control the header size or the max number of lines the header has ? or do I need to write a content-filter ? Yes. Postfix makes no byte counts available in header_checks or body_checks. Meanwhile, you may want to ask cyrus imap people to make their software more robust against large amounts of header text. Wietse
Huge header detection
Hello list, I recently found out an unsolicited e-mail that caused high CPU consumption by cyrus imap on different mailstores. The poisoned e-mail has a structure of over 31.000 repetiions of these 4 lines in the header MIME-Version: 1.0 Content-type: text/html; charset=iso-8859-1 From: Magaly ver...@club.com Reply-To: fdsafdsaf...@xx The header lines are a bit less than 4 Megabytes. I'm running postfix 2.4.5 as MX for the domain that received this spam, and the only configuration line that seems to do some check regarding the header size is in main.cf.default: header_size_limit = 102400 Is there a way in postfix configuration to control the header size or the max number of lines the header has ? or do I need to write a content-filter ? Thank you all in advance, Carlos
Re: Huge header detection
Carlos Horowicz: Hello list, I recently found out an unsolicited e-mail that caused high CPU consumption by cyrus imap on different mailstores. The poisoned e-mail has a structure of over 31.000 repetiions of these 4 lines in the header MIME-Version: 1.0 Content-type: text/html; charset=iso-8859-1 From: Magaly ver...@club.com Reply-To: fdsafdsaf...@xx The header lines are a bit less than 4 Megabytes. I'm running postfix 2.4.5 as MX for the domain that received this spam, and the only configuration line that seems to do some check regarding the header size is in main.cf.default: header_size_limit = 102400 This limits one header line, not the total number of bytes of all headers combined. Is there a way in postfix configuration to control the header size or the max number of lines the header has ? or do I need to write a content-filter ? Yes. Postfix makes no byte counts available in header_checks or body_checks. Meanwhile, you may want to ask cyrus imap people to make their software more robust against large amounts of header text. Wietse