Mailing List Archive

Is there a header size limit on To: header rules?
We have been receiving 419 spam with extremely long lists of email addresses
in the To: header. I'm talking hundreds of addresses.

I've noticed that the same email addresses keep on appearing near my user's
email address in the To: header. I have created a rule to check for those
particular email addresses but unfortunately, it seems that SpamAssassin (at
least my configuration) has some limit on how far it will check in the To:
header. If the addresses I'm scanning for are too far down the list of
addresses, SpamAssassin doesn't seem to detect them. I'm not sure if the
limit is size based (e.g. 10 KB) or number of addresses based (e.g. 350
email addresses).

I'm running version 3.3.1 of SpamAssassin. Is there some setting I can
change to increase the (apparent) limit?
--
View this message in context: http://old.nabble.com/Is-there-a-header-size-limit-on-To%3A-header-rules--tp33721936p33721936.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Is there a header size limit on To: header rules? [ In reply to ]
I have been systematically testing this to see what the limit is.

Specifically, I have been adding characters and addresses to the list of
email addresses in the To: header to see at what point my rule stops being
hit. As far as I can tell, it is a byte limit, not a number of email
addresses limit.

The byte limit (at least in my configuration) seems to be approximately 8
KB. However, it's hard to be sure of the precise limit because I'm not sure
if white space factors into the limit. But there definitely seems to be a
limit.
--
View this message in context: http://old.nabble.com/Is-there-a-header-size-limit-on-To%3A-header-rules--tp33721936p33722189.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Is there a header size limit on To: header rules? [ In reply to ]
On 04/20/2012 08:00 PM, cyboc wrote:
>
> I have been systematically testing this to see what the limit is.
>
> Specifically, I have been adding characters and addresses to the list of
> email addresses in the To: header to see at what point my rule stops being
> hit. As far as I can tell, it is a byte limit, not a number of email
> addresses limit.
>
> The byte limit (at least in my configuration) seems to be approximately 8
> KB. However, it's hard to be sure of the precise limit because I'm not sure
> if white space factors into the limit. But there definitely seems to be a
> limit.


Please put a sample on pastebin.
There may be other traits to catch these
Re: Is there a header size limit on To: header rules? [ In reply to ]
Axb wrote:
>
> Please put a sample on pastebin.
> There may be other traits to catch these
>

Hi Axb, please forgive me: What is pastebin? (Newbie poster here.)
--
View this message in context: http://old.nabble.com/Is-there-a-header-size-limit-on-To%3A-header-rules--tp33721936p33722246.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Is there a header size limit on To: header rules? [ In reply to ]
On 04/20/2012 08:07 PM, cyboc wrote:
>
>
>
> Axb wrote:
>>
>> Please put a sample on pastebin.
>> There may be other traits to catch these
>>
>
> Hi Axb, please forgive me: What is pastebin? (Newbie poster here.)


http://lmgtfy.com/?q=pastebin
Re: Is there a header size limit on To: header rules? [ In reply to ]
On Apr 20, 2012, at 12:17 PM, cyboc wrote:

>
> We have been receiving 419 spam with extremely long lists of email addresses
> in the To: header. I'm talking hundreds of addresses.
>
> I've noticed that the same email addresses keep on appearing near my user's
> email address in the To: header. I have created a rule to check for those
> particular email addresses but unfortunately, it seems that SpamAssassin (at
> least my configuration) has some limit on how far it will check in the To:
> header. If the addresses I'm scanning for are too far down the list of
> addresses, SpamAssassin doesn't seem to detect them. I'm not sure if the
> limit is size based (e.g. 10 KB) or number of addresses based (e.g. 350
> email addresses).
>
> I'm running version 3.3.1 of SpamAssassin. Is there some setting I can
> change to increase the (apparent) limit?

Pretty sure it's hardcoded at 8k. This was done several years ago to protect against DoS type situations.

Michael


> --
> View this message in context: http://old.nabble.com/Is-there-a-header-size-limit-on-To%3A-header-rules--tp33721936p33721936.html
> Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
>