It appears that Exim core does not impose any limits on line lengths of
message bodies.
However, some optional Exim components have arbitrarily set limits:
src/src/pdkim/pdkim.c:
#define PDKIM_MAX_BODY_LINE_LEN 16384
src/src/mime.h:
#define MIME_MAX_LINE_LENGTH 32768
src/src/demime.h:
#define MIME_SANITY_MAX_LINE_LENGTH 131071
I encountered a strange DKIM problem after I received a spam mail which
contained an embedded JPG image file, all encoded on a single long line.
The spam mail was received successfully, but when I tried to forward it
for further processing, the message got stuck in the queue and caused
the following log messages on each delivery attempt:
> DKIM: message could not be signed, and dkim_strict is set. Deferring
message delivery.
> mx.example.org [192.0.2.2]: Permission denied
It appears that DKIM signing failed because the message contained a line
longer than 16384 characters and I had "dkim_strict = true". After
unsetting "dkim_strict" the delivery succeeded (without DKIM signature).
The problem can be repeated by setting DKIM signing policy to strict and
running the following command:
perl -e 'print("x" x 60000 . "\n");' | mail foobar@???
According to RFC 5321 and RFC 5322 the maximum line length is 998
characters + CRLF, thus this is not really a bug. I am writing about
this just to make a note for people who might encounter the same issue
in future.
It appears that the line length topic has been discussed previously on
this list:
http://www.gossamer-threads.com/lists/exim/users/39793
Potential future enhancements:
- Fix MIME and DKIM code to handle arbitrarily long lines.
- Harmonize maximum line lengths (now Exim has three different
arbitrary limits for no particular reason).
My solution:
I can limit the line length of incoming messages in the DATA ACL by
adding the following:
deny condition = ${if > {$max_received_linelength}{1024}}
message = Maximum line length here is 1024 characters.
With this ACL in place I should not encounter this problem any more.
Best Regards,
--
Janne Snabb / EPIPE Communications
snabb@??? -
http://epipe.com/
