To prevent the
success of suchattacks, V8.10 sendmail has introduced the MaxMimeHeaderLength option. It
sets the maximum length for both MIME headers and MIME header parameters. The
forms of the MaxMimeHeaderLength option are as follows:
O MaxMimeHeaderLength=hdr/param ?†? configuration file (V8.10 and later)
-OMaxMimeHeaderLength=hdr/param ?†? command line (V8.10 and later)
define(`confMAX_MIME_HEADER_LENGTH??,hdr/param) ?†? mc configuration (V8.10 and later)
Here, hdr is the maximum length for the MIME headers, and param is the maximum length
for eachparameter. If param is missing, that maximum defaults to zero. If the slash and
param are missing, that maximum defaults to one-half the value of hdr. If hdr is missing,
that maximum defaults to zero. If either is zero, no checking is done for maximums.
If hdr is positive and nonzero, but less than 128, the following error is printed:
Warning: MaxMimeHeaderLength: header length limit set lower than 128
If param is positive and nonzero, but less than 40, the following error is printed:
Warning: MaxMimeHeaderLength: field length limit set lower than 40
When processing messages, if sendmail finds a MIME header that is listed as belonging to the
class $={checkMIMETextHeaders} (?§22.6.4 on page 871) or the class $={checkMIMEHeaders}
(?§22.6.3 on page 871), it will compare that header length to the maximum set by hdr.
Pages:
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876