Re: "On-Security" parameter
Hello Nabil,
my understanding is, that there is a setting
MaximumHeaders (integer)
Defines the maximum number of bytes the header block of a mes‐
sage may consume before the filter will reject the message.
This mitigates a denial-of-service attack in which a client con‐
nects to the MTA and begins feeding an unbounded number of
header fields of arbitrary size; since the filter keeps a cache
of these, the attacker could cause the filter to allocate an un‐
specified amount of memory. The default is 65536; a value of 0
removes the limit.
and On-Security mandates the action, when the bytes for headers are exhausted. Why doing (by default) tempfail when the
MaximumHeaders capacity is exhausted I cannot say, neither can I say why “On-Security” is called this way.
Regards
Дилян
On Tue, 2019-08-06 at 10:12 +0200, Nabil El Alami - Àrea Tècnica SW Hosting wrote:
> Hello,
>
> I need to know the purpose of the parameter "On-Security". According to
> opendkim.conf manual:
>
> On-Security (string)
> Selects the action to be taken when a message arrives containing
> properties that may be a security concern. Possible values are the same
> as those for On-BadSignature. The
> default is tempfail.
>
> Which properties are considered a possible security concern? Can I find
> more information elsewhere about this option?
>
> Thanks!
> Nabil
>
>
Received on Tue Aug 06 2019 - 13:11:47 PST
This archive was generated by hypermail 2.3.0
: Wed Aug 07 2019 - 05:00:00 PST