Loading ...
Sorry, an error occurred while loading the content.

276777Re: rejecting long subject strings with pcre header checks

Expand Messages
  • Victor Duchovni
    Apr 27 7:53 AM
      On Wed, Apr 27, 2011 at 06:42:55PM +0400, Michael Tokarev wrote:

      > 27.04.2011 15:44, Noel Jones wrote:
      > []
      > > regexp and pcre compatible expression:
      > >
      > > /^Subject: +[^[:space:]]{60}/ REJECT no spaces
      > >
      > > matches Subject: followed by one or more spaces, followed by 60 or more
      > > non-space characters.
      >
      > This will reject mime-encoded quoted-printable subjects.

      RFC 2047 sets a maximum size of 75 octets on each chunk of the encoded
      text. While not all encoding applications abide by the limit, something
      longer than 75 octets should encounter fewer false positives.

      http://tools.ietf.org/html/rfc2047#section-2

      An 'encoded-word' may not be more than 75 characters long, including
      'charset', 'encoding', 'encoded-text', and delimiters. If it is
      desirable to encode more text than will fit in an 'encoded-word' of
      75 characters, multiple 'encoded-word's (separated by CRLF SPACE) may
      be used.

      A safer pattern may be:

      if /^Subject:/
      if !/=\?\S+\?=(\s|$)/
      /\S{60}/ REJECT no spaces
      endif
      endif

      Otherwise, this check can be moved to a pre-queue filter or milter that
      decodes RFC 2047 encoding, and applies the test on the "plaintext".

      --
      Viktor.
    • Show all 24 messages in this topic