Loading ...
Sorry, an error occurred while loading the content.

276799Re: rejecting long subject strings with pcre header checks

Expand Messages
  • Troy Piggins
    Apr 27, 2011
    • 0 Attachment
      * Victor Duchovni wrote :
      > On Wed, Apr 27, 2011 at 06:42:55PM +0400, Michael Tokarev wrote:
      >
      > > 27.04.2011 15:44, Noel Jones wrote:
      > > []
      > > > regexp and pcre compatible expression:
      > > >
      > > > /^Subject: +[^[:space:]]{60}/ REJECT no spaces
      > > >
      > > > matches Subject: followed by one or more spaces, followed by 60 or more
      > > > non-space characters.
      > >
      > > This will reject mime-encoded quoted-printable subjects.
      >
      > RFC 2047 sets a maximum size of 75 octets on each chunk of the encoded
      > text. While not all encoding applications abide by the limit, something
      > longer than 75 octets should encounter fewer false positives.
      >
      > http://tools.ietf.org/html/rfc2047#section-2
      >
      > An 'encoded-word' may not be more than 75 characters long, including
      > 'charset', 'encoding', 'encoded-text', and delimiters. If it is
      > desirable to encode more text than will fit in an 'encoded-word' of
      > 75 characters, multiple 'encoded-word's (separated by CRLF SPACE) may
      > be used.
      >
      > A safer pattern may be:
      >
      > if /^Subject:/
      > if !/=\?\S+\?=(\s|$)/
      > /\S{60}/ REJECT no spaces
      > endif
      > endif
      >
      > Otherwise, this check can be moved to a pre-queue filter or milter that
      > decodes RFC 2047 encoding, and applies the test on the "plaintext".

      Thanks for that.

      --
      Troy Piggins
    • Show all 24 messages in this topic