Am 21.08.2015 um 06:32 schrieb Bill Cole:
On 20 Aug 2015, at 14:49, Joe Quinn wrote:That said, header fields are likely never going to be long enough for what you currently have to be a performance concern. (I was about to say it was impossible, but then I saw there is no length limit on headers: http://stackoverflow.com/questions/2721605/maximum-size-of-email-x-headers)On the other hand, there's no discernible downside to putting generous hard limits outside of (and ahead of) SA for standard headers. No matter what the RFCs say, sending mail with 600-byte From or Subject headers is not something people who are worth communicating with do intentionally and it can be very cheap to reject such junk before SA sees it
correct, but your numbers are too low, you forget encoding, in the subject there may occur repeatly encoding definitions for single words
postfix "header_checks" below [root@mail-gw:~]$ cat maillog | grep "Too Long" | wc -l 27 # Restrict Headers/^Cc:.{20000}/ REJECT Administrative Prohibition (Cc-Header Too Long) /^Content\-Type:.{2048}/ REJECT Administrative Prohibition (Content-Type-Header Too Long) /^Date:.{2048}/ REJECT Administrative Prohibition (Date-Header Too Long) /^From:.{2048}/ REJECT Administrative Prohibition (From-Header Too Long) /^Importance:.{2048}/ REJECT Administrative Prohibition (Importance-Header Too Long) /^In\-Reply\-To:.{2048}/ REJECT Administrative Prohibition (In-Reply-To-Header Too Long) /^Message\-ID:.{2048}/ REJECT Administrative Prohibition (Message-ID-Header Too Long) /^Mime\-Version:.{2048}/ REJECT Administrative Prohibition (Mime-Version-Header Too Long) /^Newsgroups:.{2048}/ REJECT Administrative Prohibition (Newsgroups-Header Too Long) /^Priority:.{2048}/ REJECT Administrative Prohibition (Priority-Header Too Long) /^Received:.{2048}/ REJECT Administrative Prohibition (Received-Header Too Long) /^References:.{50000}/ REJECT Administrative Prohibition (References-Header Too Long) /^Reply\-To:.{2048}/ REJECT Administrative Prohibition (Reply-To-Header Too Long) /^Sender:.{2048}/ REJECT Administrative Prohibition (Sender-Header Too Long) /^Status:.{2048}/ REJECT Administrative Prohibition (Status-Header Too Long) /^Subject:.{1024}/ REJECT Administrative Prohibition (Subject-Header Too Long) /^Thread\-Index:.{2048}/ REJECT Administrative Prohibition (Thread-Index-Header Too Long) /^Thread\-Topic:.{2048}/ REJECT Administrative Prohibition (Thread-Topic-Header Too Long) /^To:.{30000}/ REJECT Administrative Prohibition (To-Header Too Long) /^User\-Agent:.{2048}/ REJECT Administrative Prohibition (User-Agent-Header Too Long) /^X\-Msmail\-Priority:.{2048}/ REJECT Administrative Prohibition (X-Msmail-Priority-Header Too Long) /^X\-Msoesrec:.{2048}/ REJECT Administrative Prohibition (X-Msoesrec-Header Too Long) /^X\-Priority:.{2048}/ REJECT Administrative Prohibition (X-Priority-Header Too Long) /^X\-Ref:.{2048}/ REJECT Administrative Prohibition (X-Ref-Header Too Long)
signature.asc
Description: OpenPGP digital signature