[pmg-devel] [PATCH pmg-api 1/1] rulesystem: limit linelength of disclaimer to 998 bytes
Thomas Lamprecht
t.lamprecht at proxmox.com
Tue Nov 23 07:16:01 CET 2021
On 22.11.21 20:50, Stoiko Ivanov wrote:
> As described in
> http://www.postfix.org/postconf.5.html#smtp_line_length_limit
>
> postfix splits lines which are longer by inserting <cr><lf><space> to
> adhere with RFC 5322 (section 2.1.1):
> https://datatracker.ietf.org/doc/html/rfc5322#section-2.1.1
>
> If a longer line is part of the disclaimer pmg-smtp-filter adds it
> without this modification, which breaks DKIM signatures (since the
> body is modified by postfix after the body hash is computed)
>
> reported in our community forum:
> https://forum.proxmox.com/threads/dkim-body-has-been-altered-when-enabling-disclaimer-function.97919/
>
> Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
> ---
> src/PMG/RuleDB/Disclaimer.pm | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/src/PMG/RuleDB/Disclaimer.pm b/src/PMG/RuleDB/Disclaimer.pm
> index 1b1accf..1c81b03 100644
> --- a/src/PMG/RuleDB/Disclaimer.pm
> +++ b/src/PMG/RuleDB/Disclaimer.pm
> @@ -84,6 +84,10 @@ sub save {
> defined($self->{ogroup}) || die "undefined object attribute: ERROR";
> defined($self->{value}) || die "undefined object attribute: ERROR";
>
> + if ($self->{value} =~ /^.{998,}$/m) {
1. a comment that the regex match is used to avoid the fact that the `length` function is
working on characters (vs. bytes) only would be good, but..
2. regex isn't actually _that_ better, if one adds a `use utf8` it also matches chars and
not bytes here
Maybe go for the more explicit variant? I think the following should work (but with encodings
involved one is never sure..)
if (length(Encode::encode("UTF-8", $self->{value})) > 998)
> + die "too long line in disclaimer - breaks RFC 5322!\n";
> + }
> +
> if (defined ($self->{id})) {
> # update
>
>
More information about the pmg-devel
mailing list