Previous Section Next Section

MaxHeadersLength

Set maximum header length V8.10 and later

One form of a denial-of-service attack is to send email with many or huge header lines—so huge that memory becomes filled. Prior to V8.10, sendmail limited the maximum total bytes for all headers to the value of the MAXHDRSLEN compile-time macro (MAX...). That macro defaults to 32768 bytes if you don't define it yourself. Beginning with V8.10 sendmail, the MaxHeadersLength option has been added as a way to reduce that limit. The forms of the MaxHeadersLength option are as follows:

O MaxHeadersLength=num               configuration file (V8.10 and later) 
-OMaxHeadersLength=num               command line (V8.10 and later) 
define(`confMAX_HEADERS_LENGTH',num) mc configuration (V8.10 and later) 

The num is the maximum total number of bytes you want to allow for all headers combined. If num is missing it defaults to zero. If the entire MaxHeadersLength option is missing, the default is the value of the MAXHDRSLEN compile-time macro. The default for the mc configuration technique is 32768. If num is less than half of MAXHDRSLEN, the following error is printed, but the limit set by num is still used:

Warning: MaxHeadersLength: headers length limit set lower than (MAXHDRSLEN/2)

During message processing, sendmail reads all headers into memory. When they become larger than the limit imposed by this MaxHeadersLength option (or by the MAXHDRSLEN compile-time macro), the following message is logged:

headers too large (bytes max)
headers too large (bytes max) from sending host during message collect V8.12 and later

The offending message will also be bounced with this error:

552 5.0.0 Headers too large (bytes max)

The MaxHeadersLength option is not safe. If specified from the command line, it can cause sendmail to relinquish its special privileges.

    Previous Section Next Section