Re: Fwd: Huge header detection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Feb 06, 2009 at 04:34:39PM -0200, Carlos Horowicz wrote:
> Hi there,
> 
> postfix author suggested me to post here following issue :
> 
> we received a spam that bypassed all controls and consisted of a huge
> header (4M) , repeating these four lines 31.000 times (chaning only
> the Reply-To):
> 
> MIME-Version: 1.0
> Content-type: text/html; charset=iso-8859-1
> From: Magaly <verano@xxxxxxxx>
> Reply-To: fdsafdsafdsa@xxxxxx

Oh yeah!  I just recreated this on my testbed here (copying that and
appending a number from 1 to 31000 after the address part of the reply
to)

Gosh!

Here's a segment of the cyrus.cache file:

 (("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly"
NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.co
m")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "ver
ano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Mag
aly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "cl
ub.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL
 "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")
("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano
" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly
" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.
com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "v
erano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("M
agaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "
club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" N
IL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com
")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "vera
no" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Maga
ly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "clu
b.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL
"verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")(
"Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano"
 "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly"
 NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano"

-rw------- 1 cyrus mail 5446660 Feb  6 17:58 cyrus.cache

That's pretty much all just this one email.

It looks like Cyrus needs not only a "maximum number of headers to cache" 
but a "maximum number of instances of each header"!

Bron.
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux