Carlos Horowicz: > Hello list, > > I recently found out an unsolicited e-mail that caused high CPU > consumption by cyrus imap on different mailstores. > The poisoned e-mail has a structure of over 31.000 repetiions of these > 4 lines in the header > > MIME-Version: 1.0 > Content-type: text/html; charset=iso-8859-1 > From: Magaly <ver...@club.com> > Reply-To: fdsafdsaf...@xxxxxx > > The header lines are a bit less than 4 Megabytes. > > I'm running postfix 2.4.5 as MX for the domain that received this > spam, and the only configuration line that seems to do some check > regarding the header size is in main.cf.default: > > header_size_limit = 102400
This limits one header line, not the total number of bytes of all headers combined. > Is there a way in postfix configuration to control the header size or > the max number of lines the header has ? > or do I need to write a content-filter ? Yes. Postfix makes no byte counts available in header_checks or body_checks. Meanwhile, you may want to ask cyrus imap people to make their software more robust against large amounts of header text. Wietse