Anthony, Haven't seen anybody else reply, so I'll take a stab at your question...
If you look at lines 913-924 in SMTPHandler.java (HEAD version), you'll see that the SMTP input stream is wrapped in a SizeLimitedImputStream (same package), if the size limit is enabled. If this input stream type is created with a limit (value greater than 0) it throws a MessageSizeException as soon as it reads byte number limit + 1. So, if the client sends a size command, as you've seen, it can preemptively block the message if it's over the size limit. It only logs in the event the message is too big, but that would be easy enough to change. If the SIZE command isn't sent, then the message can't be restricted until the DATA command, and mail.getMessageSize() is called to force the message to be loaded. This starts reading data until the size limit is hit, at which point an exception is thrown, hitting the if block in the catch handler at line 1021 (checking that the nested exception, if found, is a MessageSizeException). Anyway, as you say, the message does have to be loaded, but only as much of it as is specified by the size limit. -- Matthew Pangaro Loki Technologies http://www.lokitech.com [EMAIL PROTECTED] Anthony Buckton wrote: > The first thing that I noticed is that if the sender does NOT send the > "SIZE" command after data, it appears as if James reads the entire > data stream from the socket to work out what size it is, then it works > out if it has exceeded the size. > > Is this the case? > (I have searched the MimeMessage, MimeMessageWrapper etc and couldn't > find where a read would be limited to a preset maximum size and thus > subject to a resource choke from a malicious sender.) > > I'm still working on the patch for logging the message size and the > parser for the log file - it might be useful for someone else wanting > to do email accounting.... -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
