MIME headers are special, in that they can appear both in the header
portion of a message and in the body of the message. Such headers
include MIME-Version: (which can only appear in
the header portion), Content-Type: (which can
appear in both), and Content-Disposition: (which
appears in both). All such headers have a name (the part to the left
of the colon) and a field (the part to the right of the colon). The
length of a MIME header is the combined length of these two parts.
In addition, some MIME headers can also have parameters following the
value. For example:
Content-Type: image/gif; name="filename.gif"
Here, the value is everything up to and including the first
semicolon. Each semicolon-delimited item that follows that value is a
parameter. The following, for example, has one value and two
parameters:
Content-Type: multipart/mixed;
charset="Windows-1252";
boundary="----=_NextPart_000_00DC_01BEAC82.35D91E20"
Certain kinds of MUA attacks can be based on overly long MIME
headers. To prevent the success of such attacks, V8.10
sendmail has introduced the
MaxMimeHeaderLength option. It sets the maximum
length for both MIME headers and MIME header parameters. The forms of
the MaxMimeHeaderLength option are as follows:
O MaxMimeHeaderLength=hdr/param 
configuration file (V8.10 and later)
-OMaxMimeHeaderLength=hdr/param command line (V8.10 and later)
define(`confMAX_MIME_HEADER_LENGTH',hdr/param) mc configuration (V8.10 and later)
Here, hdr is the maximum length for the
MIME headers, and param is the maximum
length for each parameter. If param is
missing, that maximum defaults to zero. If the slash and
param are missing, that maximum defaults to
one-half the value of hdr. If
hdr is missing, that maximum defaults to
zero. If either is zero, no checking is done for maximums.
If hdr is positive and nonzero, but less
than 128, the following error is printed:
Warning: MaxMimeHeaderLength: header length limit set lower than 128
If param is positive and nonzero, but less
than 40, the following error is printed:
Warning: MaxMimeHeaderLength: field length limit set lower than 40
When processing messages, if sendmail finds a
MIME header that is listed as belonging to the class
$={checkMIMETextHeaders} ($={checkMIMETextHeaders}) or the class
$={checkMIMEHeaders} ($={checkMIMEHeaders}), it will compare that header length to the
maximum set by hdr. If it is too long,
sendmail will print and log the following error,
and truncate that header line to hdr
bytes:
Truncated long MIME header name:value header (possible attack)
Headers in the class $={checkMIMETextHeaders}
include the default Content-Description: header.
Such headers are simply truncated.
Headers in the class $={checkMIMEHeaders} include
the defaults Content-Disposition:,
Content-Id:,
Content-Transfer-Encoding:,
Content-Type:, and
MIME-Version:. Such headers are more intelligently
truncated in a manner that ensures they will remain legal.
When processing messages, if sendmail finds a
MIME header that is listed in the class
$={checkMIMEFieldHeaders} ($={checkMIMEFieldHeaders}), it will check each parameter to insure that
it is not larger than param bytes. For any that
are too large, sendmail prints and logs the
following error, and truncates that parameter to
param bytes:
Truncated MIME parameter header due to field size (possible attack)
The MaxMimeHeaderLength option is not safe. If
specified from the command line, it can cause
sendmail to relinquish its special privileges.
