MaxHeadersLength
Set maximum header length V8.10 and later
One form of a denial-of-service attack is to send
email with many or huge header lines—so huge that
memory becomes filled. Prior to V8.10,
sendmail limited the maximum
total bytes for all headers to the value of the
MAXHDRSLEN compile-time macro (MAX... on page 120). That macro
defaults to 32,768 bytes if you don’t define it
yourself. Beginning with V8.10
sendmail, the MaxHeadersLength option
has been added as a way to reduce that limit. The
forms of the MaxHeadersLength option are as
follows:
O MaxHeadersLength=num ← configuration file (V8.10 and later) -OMaxHeadersLength=num ← command line (V8.10 and later) define(`confMAX_HEADERS_LENGTH',num) ← mc configuration (V8.10 and later)
The num is the maximum
total number of bytes you want to allow for all
headers combined. If num
is missing, it defaults to zero. If the entire
MaxHeadersLength option is missing, the
default is the value of the MAXHDRSLEN compile-time
macro. The default for the mc
configuration technique is 32768. If
num is less than half
of MAXHDRSLEN, the following error is printed, but
the limit set by num is
still used:
Warning: MaxHeadersLength: headers length limit set lower than (MAXHDRSLEN/2)
During message processing,
sendmail reads all headers
into memory. When they become larger than the limit
imposed by this MaxHeadersLength option (or by the
MAXHDRSLEN compile-time macro), the following
message is logged:
headers too large (bytes max) headers too large ...Get sendmail, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
