Max SpamAssassin Size problems

Desai, Jason jase at
Thu Aug 24 17:46:10 IST 2006

>>> do I chop half way through an image?
>>> do I chop at the end of an image?
>>> do I carry on for a max of 100 lines of Base64 data or until the end


> If the code was chopping at the end of an image (ie until it found a 
> MIME boundary or a blank line.  It would be very easy for someone to 
> craft an email message that had a starting boundary claiming to be an 
> image type, but then pumped 100s of Mb without an ending boundary. 
> There _HAS_ to be a limit to this.

Agreed.  I don't think the limit should be 100 lines though.  A
malicious email could be crafted which had a mime boundary claiming to
be an image, a few normal lines, and then one very long line, MBs long.
Instead, the limit should probably be a certain number of bytes.
Perhaps something like 8kB?


More information about the MailScanner mailing list