Murray S. Kucherawy skrev, on 13-12-2007 18:43: >> That's Postfix stuff from milter.c, so it's not very likely that >> Sendmail people here can answer. I haven't had that (Postfix 2.4.6, >> dkim-filter 2.4.0), but I occasionally get "can't read SMFIC_HEADER >> reply packet header: Connection reset by peer" when over-eager mailers >> send HUGE CCs or TOs to scores of recipients. It just means Postfix >> doesn't sign the message; it doesn't die, thank $DEITY, like it does if >> it can't contact amavisd-new or my dspam daemon. > > Mark opened a bug against dkim-filter for rejecting messages with > oversized headers (over 32k of total header size). This is actually > intended as protection against a denial-of-service attack, but the > hard-coding of the limit isn't especially friendly.
It's interesting that Mark has his own (Perl) amavisd-new (that's his own daemon glue for content that is primarily directed at extensions and AV, but has also glue for anti-spam and all sorts of other useful Postfix things, without which my life would be much more difficult) baby, a Perl-based DKIM milter implementation. It would be just as interesting to know how Mark has solved this problem. Recently Mark posted to the PF ML that he's fed up with Postfix DKIM milters and wishes to concentrate on his own own Perl-based amavisd-new-based solution. He had support from one of the Postfix developers. Me, I'm sticking to Sendmail DKIM milter. That having been said, he helped me (as did you), personally, over the Sendmail dkim-milter "doesn't work" to "works now" hump. I owe him much. > The next release will make that limit configurable. I'd prefer it to be dynamic ;) . How am I as mailadmin supposed to know in advance how many CCs or TOs my users are going to use? > The logging though is a little confusing; if mlfi_header() returns > SMFIS_REJECT, the recovery of the sending MTA should be graceful. As far as Postfix 2.4.6 goes it is already graceful, in as much as it doesn't die; it just doesn't sign the message (one in 2000?). --Tonni -- Tony Earnshaw Email: tonni at hetnet dot nl ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
