On Thu, Jun 15, 2006 at 03:18:11PM +0200, Jan-Pieter Cornet wrote: > Also: I have a patch against MIME::Parser to support a max_depth > limit
I promised to get back on this. The patch is now available at: http://www.xs4all.nl/~johnpc/MIME-tools-5.420-maxdepth.patch This includes a test to test for both max_parts and max_depth. max_parts was previously untested. The patch adds a simple $parser->max_depth() method to the MIME::Parser class, which can subsequently be invoked from MD. For example, a simple patch (against MIMEDefang 2.57 :) is here: http://www.xs4all.nl/~johnpc/mimedefang-maxmimedepth-2.57.patch Note that this latter patch is pretty much untested, use at your own risk. You'd at least need to set "$MaxMIMEDepth = 20;" in your mimedefang-filter. Based on code reviews of sendmail 8.13.6, 8.13.7 and the mime-nesting milter release by sendmail, I believe that the above patches offer you a suitable protection against the DoS attack for sendmail 8.13.6, and very likely also for earlier versions. However, there's no real replacement for upgrading to the latest and greatest, of course. Also be aware that this patch is different from the sendmail 8.13.7 behaviour. Sendmail 8.13.7 will pass deeply nested MIME structures unaltered, while the proposed MIMEDefang and MIME-Tools patches will reject such deeply nested messages. -- Jan-Pieter Cornet <[EMAIL PROTECTED]> !! Disc lamer: The addressee of this email is not the intended recipient. !! !! This is only a test of the echelon and data retention systems. Please !! !! archive this message indefinitely to allow verification of the logs. !! _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
