Previous Section Next Section

MaxMimeHeaderLength

Maximum MIME header length V8.10 and later

MIME headers are special, in that they can appear both in the header portion of a message and in the body of the message. Such headers include MIME-Version: (which can only appear in the header portion), Content-Type: (which can appear in both), and Content-Disposition: (which appears in both). All such headers have a name (the part to the left of the colon) and a field (the part to the right of the colon). The length of a MIME header is the combined length of these two parts.

In addition, some MIME headers can also have parameters following the value. For example:

Content-Type: image/gif; name="filename.gif"

Here, the value is everything up to and including the first semicolon. Each semicolon-delimited item that follows that value is a parameter. The following, for example, has one value and two parameters:

Content-Type: multipart/mixed;
        charset="Windows-1252";
        boundary="----=_NextPart_000_00DC_01BEAC82.35D91E20"

Certain kinds of MUA attacks can be based on overly long MIME headers. To prevent the success of such attacks, V8.10 sendmail has introduced the MaxMimeHeaderLength option. It sets the maximum length for both MIME headers and MIME header parameters. The forms of the MaxMimeHeaderLength option are as follows:

O MaxMimeHeaderLength=hdr/param               configuration file (V8.10 and later) 
-OMaxMimeHeaderLength=hdr/param               command line (V8.10 and later) 
define(`confMAX_MIME_HEADER_LENGTH',hdr/param)    mc configuration (V8.10 and later) 

Here, hdr is the maximum length for the MIME headers, and param is the maximum length for each parameter. If param is missing, that maximum defaults to zero. If the slash and param are missing, that maximum defaults to one-half the value of hdr. If hdr is missing, that maximum defaults to zero. If either is zero, no checking is done for maximums.

If hdr is positive and nonzero, but less than 128, the following error is printed:

Warning: MaxMimeHeaderLength: header length limit set lower than 128

If param is positive and nonzero, but less than 40, the following error is printed:

Warning: MaxMimeHeaderLength: field length limit set lower than 40

When processing messages, if sendmail finds a MIME header that is listed as belonging to the class $={checkMIMETextHeaders} ($={checkMIMETextHeaders}) or the class $={checkMIMEHeaders} ($={checkMIMEHeaders}), it will compare that header length to the maximum set by hdr. If it is too long, sendmail will print and log the following error, and truncate that header line to hdr bytes:

Truncated long MIME header name:value header (possible attack)

Headers in the class $={checkMIMETextHeaders} include the default Content-Description: header. Such headers are simply truncated.

Headers in the class $={checkMIMEHeaders} include the defaults Content-Disposition:, Content-Id:, Content-Transfer-Encoding:, Content-Type:, and MIME-Version:. Such headers are more intelligently truncated in a manner that ensures they will remain legal.

When processing messages, if sendmail finds a MIME header that is listed in the class $={checkMIMEFieldHeaders} ($={checkMIMEFieldHeaders}), it will check each parameter to insure that it is not larger than param bytes. For any that are too large, sendmail prints and logs the following error, and truncates that parameter to param bytes:

Truncated MIME parameter header due to field size (possible attack)

The MaxMimeHeaderLength option is not safe. If specified from the command line, it can cause sendmail to relinquish its special privileges.

    Previous Section Next Section