[pmg-devel] [PATCH pmg-api 1/1] rulesystem: limit linelength of disclaimer to 998 bytes

Thomas Lamprecht t.lamprecht at proxmox.com
Tue Nov 23 07:16:01 CET 2021


On 22.11.21 20:50, Stoiko Ivanov wrote:
> As described in
> http://www.postfix.org/postconf.5.html#smtp_line_length_limit
> 
> postfix splits lines which are longer by inserting <cr><lf><space> to
> adhere with RFC 5322 (section 2.1.1):
> https://datatracker.ietf.org/doc/html/rfc5322#section-2.1.1
> 
> If a longer line is part of the disclaimer pmg-smtp-filter adds it
> without this modification, which breaks DKIM signatures (since the
> body is modified by postfix after the body hash is computed)
> 
> reported in our community forum:
> https://forum.proxmox.com/threads/dkim-body-has-been-altered-when-enabling-disclaimer-function.97919/
> 
> Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
> ---
>  src/PMG/RuleDB/Disclaimer.pm | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/src/PMG/RuleDB/Disclaimer.pm b/src/PMG/RuleDB/Disclaimer.pm
> index 1b1accf..1c81b03 100644
> --- a/src/PMG/RuleDB/Disclaimer.pm
> +++ b/src/PMG/RuleDB/Disclaimer.pm
> @@ -84,6 +84,10 @@ sub save {
>      defined($self->{ogroup}) || die "undefined object attribute: ERROR";
>      defined($self->{value}) || die "undefined object attribute: ERROR";
>  
> +    if ($self->{value} =~ /^.{998,}$/m) {


1. a comment that the regex match is used to avoid the fact that the `length` function is
   working on characters (vs. bytes) only would be good, but..

2. regex isn't actually _that_ better, if one adds a `use utf8` it also matches chars and
   not bytes here

Maybe go for the more explicit variant? I think the following should work (but with encodings
involved one is never sure..)

if (length(Encode::encode("UTF-8", $self->{value})) > 998)

> +	die "too long line in disclaimer - breaks RFC 5322!\n";
> +    }
> +
>      if (defined ($self->{id})) {
>  	# update
>  	
> 





More information about the pmg-devel mailing list