On 4/8/2019 4:55 PM, @lbutlr via dovecot wrote:
On 8 Apr 2019, at 16:35, Shawn Heisey via dovecot dovecot@dovecot.org wrote:
I would like to create a sieve rule where I do a regex match on ALL headers, not a specific header.
This is a really bad idea. Headers can be quite long, contain data that you do not have control over, and checking all headers will be very expensive and may leave you open to various regex attacks.
I want to catch any email where a specific IP address appears in any header. I do not know what header it might appear in - that could vary widely depending on what email account is being used to send the message.
This will appear in exactly one sieve script (the one for my mailbox), and I will be in complete control of the regex used, so the regular expression denial of service is extremely unlikely.
I'm already potentially vulnerable to that because I have a handful of external users on my mail server and they can create whatever sieve scripts they want via the managesieve service. Thankfully all of those people are pretty trustworthy folks.
Thanks, Shawn