Murray, > Mark opened a bug against dkim-filter for rejecting messages with > oversized headers (over 32k of total header size). This is actually > intended as protection against a denial-of-service attack, but the > hard-coding of the limit isn't especially friendly. > > The next release will make that limit configurable.
The limit is not my concern, I don't mind that verification (or signing) for such message does nothing. The issue is that a reject should not be possible at all, having action set to 'accept' for all situations, including internal or protocol failures (-C dns=a,int=a). A verifying milter has no right to reject a message if it isn't explicitly configured for rejection of non-valid messages. > The logging though is a little confusing; if mlfi_header() returns > SMFIS_REJECT, the recovery of the sending MTA should be graceful. It gracefully rejects the message. It must not do that. Mark ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
