Hello Дилян,
I tested and confirm the behaviour that you described, it works as you
explain.
Thank you!
Nabil El Alami
IT Department _at_ SW Hosting
T: +34 972 010 550
F: +34 972 010 555
www.swhosting.com <
http://www.swhosting.com>
🔒Protect your company from cryptolockers and cyber attacks in real
time. [SW Cybersecurity <
https://www.swhosting.com/en/seguridad>]
This message is addressed exclusively to the recipient and the attached
files are confidential. They contain reserved, privileged or
confidential information of the company that can not be disclosed. If
you are not the intended recipient, be aware that the use, disclosure
and / or copy without authorization is prohibited under the current
legislation. If you have received this message in error, please contact
us immediately over the same medium and proceed with its destruction.
Furthermore, distribution, printing, copying and dissemination by any
means is classified as a crime under article 197 s.s. and 278 of the
current Penal Code. As established in the General Data Protection
Regulation GDPR, European and Spanish, as well as the spanish LSSICE, we
inform you that your email address is part of an automated file property
of SW Hosting. If you wish to know more details about management of data
in this file as well as your rights and how to enforce them, you can
obtain more information in our website
https://www.swhosting.com/en/legal/rgpd
🏞 Please consider the environment before printing this email.
El 06/08/2019 a las 15:11, Дилян Палаузов escribió:
> Hello Nabil,
>
> my understanding is, that there is a setting
>
> MaximumHeaders (integer)
> Defines the maximum number of bytes the header block of a mes‐
> sage may consume before the filter will reject the message.
> This mitigates a denial-of-service attack in which a client con‐
> nects to the MTA and begins feeding an unbounded number of
> header fields of arbitrary size; since the filter keeps a cache
> of these, the attacker could cause the filter to allocate an un‐
> specified amount of memory. The default is 65536; a value of 0
> removes the limit.
>
> and On-Security mandates the action, when the bytes for headers are exhausted. Why doing (by default) tempfail when the
> MaximumHeaders capacity is exhausted I cannot say, neither can I say why “On-Security” is called this way.
>
> Regards
> Дилян
>
>
> On Tue, 2019-08-06 at 10:12 +0200, Nabil El Alami - Àrea Tècnica SW Hosting wrote:
>> Hello,
>>
>> I need to know the purpose of the parameter "On-Security". According to
>> opendkim.conf manual:
>>
>> On-Security (string)
>> Selects the action to be taken when a message arrives containing
>> properties that may be a security concern. Possible values are the same
>> as those for On-BadSignature. The
>> default is tempfail.
>>
>> Which properties are considered a possible security concern? Can I find
>> more information elsewhere about this option?
>>
>> Thanks!
>> Nabil
>>
>>
Received on Fri Aug 23 2019 - 22:30:28 PST