[Mimedefang] survey: dropping password protected file

[Michal Jankowski]

Adam Brons <abrons at odu.edu> writes:

>           # If the size is larger than 10MB bailout -- current limit
>           # size limit to accept mail
>           if ($size > 10485760) {
>             md_graphdefang_log('Archive member too big ', $file, $RelayAddr);
>             # Sendmail will bounce the message before we get here...
>             #action_bounce("Archive member $file too big");
>             return;

Please note that sendmail has no idea what the _uncompressed_ file
size might be. The purpose of this check is to prevent "compressed
bombs" DOS attacks. A 10M zip may decompress to 10GB of zeroes - you
don't want to deliver anything like that to your users 8-)

  MJ