Bug 1379647

Summary: opendkim reports "too much header data" and mail message is never sent to delivery
Product: [Fedora] Fedora EPEL Reporter: David Sommerseth <dazo>
Component: opendkimAssignee: Steve Jenkins <steve>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: epel7CC: steve
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-12-20 23:13:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
[PATCH] Increases DEFMAXHDRSZ from 64KiB to 256KiB none

Description David Sommerseth 2016-09-27 10:16:01 UTC 
Created attachment 1205150 [details]
[PATCH] Increases DEFMAXHDRSZ from 64KiB to 256KiB

Description of problem:
Occasionally some external senders have a very long To: or Cc: list of recipients, which exceeds the 64KiB header limit which is hard coded into OpenDKIM.  This results in a temporary mail rejection which loops until the message expires.

From the mail log:
-----------------------------------------------------
Sep 27 05:43:56 winterfell opendkim[2594]: too much header data
Sep 27 05:43:56 winterfell postfix/cleanup[583]: A23BE8190F6: milter-reject: END-OF-MESSAGE from unknown[::1]: 4.7.1 Service unavailable - try again later; from=<jane.doe> to=<john.doe> proto=ESMTP helo=<localhost>
-----------------------------------------------------

The attached patch is taken from the Debian bug ticket 838767 which increases the hard coded header size limit to 256KiB.  I have spun my own opendkim package with this patch and it seems to work well.

Version-Release number of selected component (if applicable):
opendkim-2.10.3-7.el7

How reproducible:
Always

Steps to Reproduce:
Send a mail through a OpenDKIM enabled system using Postfix with milter which have message headers exceeding 64KiB


Upstream report: https://sourceforge.net/p/opendkim/support-requests/30/
Comment 1 Steve Jenkins 2016-12-20 23:13:38 UTC 
The "MaximumHeaders" option in opendkim.conf allows an increase in the header size:

##  MaximumHeaders n
##
##  Disallow messages whose header blocks are bigger than "n" bytes.
##  Intended to detect and block a denial-of-service attack.  The default
##  is 65536.  A value of 0 disables this test.

# MaximumHeaders        n

If you prefer a 256K max header size, set Maximum Headers to 262144 in the config file, restart OpenDKIM, and you should be good to go.

Classifying this as "not a bug" and closing.