Fwd: Huge header detection

Bron Gondwana brong at fastmail.fm
Fri Feb 6 18:02:20 EST 2009


On Fri, Feb 06, 2009 at 04:34:39PM -0200, Carlos Horowicz wrote:
> Hi there,
> 
> postfix author suggested me to post here following issue :
> 
> we received a spam that bypassed all controls and consisted of a huge
> header (4M) , repeating these four lines 31.000 times (chaning only
> the Reply-To):
> 
> MIME-Version: 1.0
> Content-type: text/html; charset=iso-8859-1
> From: Magaly <verano at club.com>
> Reply-To: fdsafdsafdsa at xxxxxx

Oh yeah!  I just recreated this on my testbed here (copying that and
appending a number from 1 to 31000 after the address part of the reply
to)

Gosh!

Here's a segment of the cyrus.cache file:

 (("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly"
NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.co
m")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "ver
ano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Mag
aly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "cl
ub.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL
 "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")
("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano
" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly
" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.
com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "v
erano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("M
agaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "
club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" N
IL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com
")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "vera
no" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Maga
ly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "clu
b.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL
"verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")(
"Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano"
 "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly"
 NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano" "club.com")("Magaly" NIL "verano"

-rw------- 1 cyrus mail 5446660 Feb  6 17:58 cyrus.cache

That's pretty much all just this one email.

It looks like Cyrus needs not only a "maximum number of headers to cache" 
but a "maximum number of instances of each header"!

Bron.


More information about the Info-cyrus mailing list