Re: Hitting an address in the From:name
On 21 Aug 2015, at 11:08, Martin Gregorie wrote: On Fri, 2015-08-21 at 10:47 -0400, Bill Cole wrote: Your response is a non sequitur. Why do you say that? You suggested using what look to be hard limits on the header's size, though admittedly large ones, which puts my comments entirely on topic. You might not agree, but that's another matter entirely. On 21 Aug 2015, at 0:32, Bill Cole wrote: No matter what the RFCs say, sending mail with 600-byte From or Subject headers is not something people who are worth communicating with do intentionally and it can be very cheap to reject such junk before SA sees it. That sentence says NOTHING about applying a 600-byte limit to any header that can validly contain a list of recipients. On 21 Aug 2015, at 8:14, Martin Gregorie wrote: At most this deserves the possibility of writing rules that fire on the number of recipients of an e-mail. Any default rule, especially with a limit as low as 600 characters will do more harm than good. For instance, "Martin Gregorie ," is 39 characters and is not unusually long for a mail address. Judging by this, your criterion would treat any list with more than about 15 recipients as over-long and well out of order. That paragraphs refers specifically to headers that may be lists of recipients. My assertion that a 600-byte limit on From and Subject headers can be "very cheap" is based on not just the compute cost of identifying such headers, but also on the *zero* known false positive cost I've encountered from imposing that limit (or in some cases 510 on header content) on those headers on diverse mail systems handling hundreds to millions of SMTP transactions per day over ~20 years. On many of those systems I have also used a 200-byte limit on Date contents (which is awfully generous for a header that should always have <50 characters) with very few hits and no known false positives. I have seen cases where the very long From or Subject is the result of a broken mail tool or an innocent unintentional user error but those aren't really false positives; rather they are cases of broken messages being identified and stopped further from their sources than they should have been. Mostly, overlong From & Subject headers seem to be the result of spam via insecure web forms, proxies, etc. that inhibit spammers from injecting linebreaks controllably, as the sources usually appear in DNSBL's that catch such sources rather swiftly after they are first seen.
Re: Hitting an address in the From:name
On Fri, 21 Aug 2015 14:28:13 +0200 Reindl Harald wrote: > > Am 21.08.2015 um 14:14 schrieb Martin Gregorie: > > I regularly get sent competition results sheets that your suggestion > > would reject. A recent results sheet I received has 62 recipients > > occupying 2336 characters. This is neither spam nor an unwanted > > e-mail > > it *is* unwanted mail > > everybody who lists 62 and more recipients in the To-header should > refrain from operate a mail client and get from every RCPT a personal > mail back calling him names and point to the BCC option The whole point of it is that someone receiving one of the these emails can hit reply-to-all, and it behaves like a mailing list. I've seen this kind of informal mailing list in corporate mail too.
Re: Hitting an address in the From:name
On Fri, 2015-08-21 at 10:47 -0400, Bill Cole wrote: > Your response is a non sequitur. > Why do you say that? You suggested using what look to be hard limits on the header's size, though admittedly large ones, which puts my comments entirely on topic. You might not agree, but that's another matter entirely. I was pointing out that, for people who care about the size of recipient lists, it would be more useful for SA to count the names in recipient headers and make this count available to rules and/or to limit it with a defaulted parameter than to do asnything with the list size as measured in characters: its far more meaningful to be able to say 'no more than 3 recipients' than it it to say 'recipient list not to exceed 150 characters'. Martin
Re: Hitting an address in the From:name
On 21 Aug 2015, at 8:14, Martin Gregorie wrote: > On Fri, 2015-08-21 at 00:32 -0400, Bill Cole wrote: >> On 20 Aug 2015, at 14:49, Joe Quinn wrote: >> >>> That said, header fields are likely never going to be long enough >>> for >>> what you currently have to be a performance concern. >>> >>> (I was about to say it was impossible, but then I saw there is no >>> length limit on headers: >>> http://stackoverflow.com/questions/2721605/maximum-size-of-email-x- >>> headers) >> >> On the other hand, there's no discernible downside to putting >> generous hard limits outside of (and ahead of) SA for standard >> headers. No matter what the RFCs say, sending mail with 600-byte From >> or Subject headers is not something people who are worth >> communicating with do intentionally and it can be very cheap to >> reject such junk before SA sees it. >> > At most this deserves the possibility of writing rules that fire on the > number of recipients of an e-mail. Any default rule, especially with a > limit as low as 600 characters will do more harm than good. For > instance, "Martin Gregorie ," is 39 characters and > is not unusually long for a mail address. Judging by this, your > criterion would treat any list with more than about 15 recipients as > over-long and well out of order. Read what I wrote more carefully. Your response is a non sequitur.
Re: Hitting an address in the From:name
Am 21.08.2015 um 14:14 schrieb Martin Gregorie: Its quite common to find large recipient lists in newsletters sent by committee members in hobby or sports clubs. These clubs generally don't have the time or expertise to maintain a listserv. The roles of secretary and/or newsletter editor tends to change from year to year and, since they'll be sending club newsletters etc. from their own PC, its unreasonable to expect them all to use, or even know about, e-mail features such as BCC lists. I regularly get sent competition results sheets that your suggestion would reject. A recent results sheet I received has 62 recipients occupying 2336 characters. This is neither spam nor an unwanted e-mail it *is* unwanted mail everybody who lists 62 and more recipients in the To-header should refrain from operate a mail client and get from every RCPT a personal mail back calling him names and point to the BCC option these dumbasses are feeding spam databases because every infected destination of such mail has 61 new verified addresses signature.asc Description: OpenPGP digital signature
Re: Hitting an address in the From:name
On Fri, 2015-08-21 at 00:32 -0400, Bill Cole wrote: > On 20 Aug 2015, at 14:49, Joe Quinn wrote: > > > That said, header fields are likely never going to be long enough > > for > > what you currently have to be a performance concern. > > > > (I was about to say it was impossible, but then I saw there is no > > length limit on headers: > > http://stackoverflow.com/questions/2721605/maximum-size-of-email-x- > > headers) > > On the other hand, there's no discernible downside to putting > generous hard limits outside of (and ahead of) SA for standard > headers. No matter what the RFCs say, sending mail with 600-byte From > or Subject headers is not something people who are worth > communicating with do intentionally and it can be very cheap to > reject such junk before SA sees it. > At most this deserves the possibility of writing rules that fire on the number of recipients of an e-mail. Any default rule, especially with a limit as low as 600 characters will do more harm than good. For instance, "Martin Gregorie ," is 39 characters and is not unusually long for a mail address. Judging by this, your criterion would treat any list with more than about 15 recipients as over-long and well out of order. Its quite common to find large recipient lists in newsletters sent by committee members in hobby or sports clubs. These clubs generally don't have the time or expertise to maintain a listserv. The roles of secretary and/or newsletter editor tends to change from year to year and, since they'll be sending club newsletters etc. from their own PC, its unreasonable to expect them all to use, or even know about, e-mail features such as BCC lists. I regularly get sent competition results sheets that your suggestion would reject. A recent results sheet I received has 62 recipients occupying 2336 characters. This is neither spam nor an unwanted e-mail. Martin
Re: Hitting an address in the From:name
Am 21.08.2015 um 06:32 schrieb Bill Cole:
On 20 Aug 2015, at 14:49, Joe Quinn wrote:
That said, header fields are likely never going to be long enough for
what you currently have to be a performance concern.
(I was about to say it was impossible, but then I saw there is no
length limit on headers:
http://stackoverflow.com/questions/2721605/maximum-size-of-email-x-headers)
On the other hand, there's no discernible downside to putting generous
hard limits outside of (and ahead of) SA for standard headers. No matter
what the RFCs say, sending mail with 600-byte From or Subject headers is
not something people who are worth communicating with do intentionally
and it can be very cheap to reject such junk before SA sees it
correct, but your numbers are too low, you forget encoding, in the
subject there may occur repeatly encoding definitions for single words
postfix "header_checks" below
[root@mail-gw:~]$ cat maillog | grep "Too Long" | wc -l
27
# Restrict Headers
/^Cc:.{2}/REJECT Administrative
Prohibition (Cc-Header Too Long)
/^Content\-Type:.{2048}/ REJECT Administrative
Prohibition (Content-Type-Header Too Long)
/^Date:.{2048}/ REJECT Administrative
Prohibition (Date-Header Too Long)
/^From:.{2048}/ REJECT Administrative
Prohibition (From-Header Too Long)
/^Importance:.{2048}/ REJECT Administrative
Prohibition (Importance-Header Too Long)
/^In\-Reply\-To:.{2048}/ REJECT Administrative
Prohibition (In-Reply-To-Header Too Long)
/^Message\-ID:.{2048}/REJECT Administrative
Prohibition (Message-ID-Header Too Long)
/^Mime\-Version:.{2048}/ REJECT Administrative
Prohibition (Mime-Version-Header Too Long)
/^Newsgroups:.{2048}/ REJECT Administrative
Prohibition (Newsgroups-Header Too Long)
/^Priority:.{2048}/ REJECT Administrative
Prohibition (Priority-Header Too Long)
/^Received:.{2048}/ REJECT Administrative
Prohibition (Received-Header Too Long)
/^References:.{5}/REJECT Administrative
Prohibition (References-Header Too Long)
/^Reply\-To:.{2048}/ REJECT Administrative
Prohibition (Reply-To-Header Too Long)
/^Sender:.{2048}/ REJECT Administrative
Prohibition (Sender-Header Too Long)
/^Status:.{2048}/ REJECT Administrative
Prohibition (Status-Header Too Long)
/^Subject:.{1024}/REJECT Administrative
Prohibition (Subject-Header Too Long)
/^Thread\-Index:.{2048}/ REJECT Administrative
Prohibition (Thread-Index-Header Too Long)
/^Thread\-Topic:.{2048}/ REJECT Administrative
Prohibition (Thread-Topic-Header Too Long)
/^To:.{3}/REJECT Administrative
Prohibition (To-Header Too Long)
/^User\-Agent:.{2048}/REJECT Administrative
Prohibition (User-Agent-Header Too Long)
/^X\-Msmail\-Priority:.{2048}/REJECT Administrative
Prohibition (X-Msmail-Priority-Header Too Long)
/^X\-Msoesrec:.{2048}/REJECT Administrative
Prohibition (X-Msoesrec-Header Too Long)
/^X\-Priority:.{2048}/REJECT Administrative
Prohibition (X-Priority-Header Too Long)
/^X\-Ref:.{2048}/ REJECT Administrative
Prohibition (X-Ref-Header Too Long)
signature.asc
Description: OpenPGP digital signature
