Max SpamAssassin Size problems
Desai, Jason
jase at sensis.com
Thu Aug 24 17:46:10 IST 2006
>>> do I chop half way through an image?
>>> do I chop at the end of an image?
>>> do I carry on for a max of 100 lines of Base64 data or until the end
[snip]
> If the code was chopping at the end of an image (ie until it found a
> MIME boundary or a blank line. It would be very easy for someone to
> craft an email message that had a starting boundary claiming to be an
> image type, but then pumped 100s of Mb without an ending boundary.
> There _HAS_ to be a limit to this.
Agreed. I don't think the limit should be 100 lines though. A
malicious email could be crafted which had a mime boundary claiming to
be an image, a few normal lines, and then one very long line, MBs long.
Instead, the limit should probably be a certain number of bytes.
Perhaps something like 8kB?
Jase
More information about the MailScanner
mailing list