Bug#838767: marked as done (opendkim: Refuses to check mails with large headers)

Mon, 24 Oct 2016 20:27:38 -0700 

Your message dated Mon, 24 Oct 2016 13:41:05 -0400
with message-id <2247958.Xfv2q0TlPL@kitterma-e6430>
and subject line Re: Bug#838767: opendkim: Refuses to check mails with large 
headers
has caused the Debian Bug report #838767,
regarding opendkim: Refuses to check mails with large headers
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
838767: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838767
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: opendkim
Version: 2.9.2-2
Severity: normal
Tags: patch

For the exact problem see 
https://sourceforge.net/p/opendkim/support-requests/30/

-- System Information:
Debian Release: 8.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: sysvinit (via /sbin/init)

Versions of packages opendkim depends on:
ii  adduser            3.113+nmu3
ii  libbsd0            0.7.0-2
ii  libc6              2.19-18+deb8u6
ii  libdb5.3           5.3.28-9
ii  libldap-2.4-2      2.4.40+dfsg-1+deb8u2
ii  liblua5.1-0        5.1.5-7.1
ii  libmemcached11     1.0.18-4
ii  libmemcachedutil2  1.0.18-4
ii  libmilter1.0.1     8.14.4-8+deb8u1
ii  libopendbx1        1.4.6-8
ii  libopendkim9       2.9.2-2
ii  librbl1            2.9.2-2
ii  libssl1.0.0        1.0.1t-1+deb8u5
ii  libunbound2        1.4.22-3+deb8u2
ii  libvbr2            2.9.2-2
ii  lsb-base           4.1+Debian13+nmu1

opendkim recommends no packages.

Versions of packages opendkim suggests:
ii  opendkim-tools  2.9.2-2

-- Configuration Files:
/etc/opendkim.conf changed [not included]

-- no debconf information

-- Patch

Description: Increase max header size
 See https://sourceforge.net/p/opendkim/support-requests/30/
 .
 opendkim (2.9.2-2.1) UNRELEASED; urgency=medium
 .
   * Non-maintainer upload.
   * Increased allowed header size
Author: Patrik Schindler <[email protected]>

---
The information above should follow the Patch Tagging Guidelines, please
checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
are templates for supplementary fields that you might want to add:

Origin: other
Bug: https://sourceforge.net/p/opendkim/support-requests/30/
Bug-Debian: https://bugs.debian.org/<bugnumber>
Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
Forwarded: <no|not-needed|url proving that it has been forwarded>
Reviewed-By: <name and email of someone who approved the patch>
Last-Update: <2016-09-24>

--- opendkim-2.9.2.orig/opendkim/opendkim.h
+++ opendkim-2.9.2/opendkim/opendkim.h
@@ -49,7 +49,7 @@
 #define        DEFCONFFILE     CONFIG_BASE "/opendkim.conf"
 #define        DEFFLOWDATATTL  86400
 #define        DEFINTERNAL     "csl:127.0.0.1,::1"
-#define        DEFMAXHDRSZ     65536
+#define        DEFMAXHDRSZ     262144
 #define        DEFMAXVERIFY    3
 #define        DEFTIMEOUT      5
 #define        HOSTUNKNOWN     "unknown-host"

--- End Message ---
--- Begin Message --- 
On Saturday, September 24, 2016 06:03:52 PM Patrik Schindler wrote:
> Hello Scott,
> 
> Thanks for your fast response!
> 
> Am 24.09.2016 um 17:45 schrieb Scott Kitterman <[email protected]>:
> > Thanks.  I like to minimize long-term differences with upstream.  Before
> > applying this to the Debian package, I'd like to have an upstream
> > suitable patch, which I think would involve making this a configuration
> > item rather than just changing the hard coded value.
> I wanted to provide a fast fix for the issue, so it’s just hard coded. I see
> that new upstream versions are pulled into stretch and sid, so why put time
> into something which will be obsolete in a few months?
> > If you can update the patch, I'll add it.  Otherwise, I'll do it
> > eventually, but I'm not sure when I'll have time.
> Same here: Time. Since I’m not a seasoned programmer, I’m sure I need a lot
> of additional time compared to you. :-) Please consider the hard coded
> stuff vor my reason above. Thank you!

I did finally take a look at this.  opendkim already supports the option you 
are looking for:

##  MaximumHeaders n
##
##  Disallow messages whose header blocks are bigger than "n" bytes.
##  Intended to detect and block a denial-of-service attack.  The default
##  is 65536.  A value of 0 disables this test.

# MaximumHeaders        n

Closing the bug.

Scott K

Attachment: signature.asc
Description: This is a digitally signed message part.


--- End Message ---

Reply via email to