SquirrelMail  
Donations
News
About
Support
Security
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties





Junk Email Filter






Security Notice
Phishing campain
Version 1.4.15
Security Upgrade

Uploading the attachment to the server

Limitations in PHP

PHP sets limits on the maximum files size when uploading files to the server. To change this limit, you need to edit the php.ini configuration file. The values you will need to increase or decrease are:

The values can be set in bytes (1,048,576 per MB) or they can be set by MB by appending the value with an "M", i.e. 8M.

To upload large files, post_max_size must be larger than upload_max_filesize. If memory limit is enabled by configure script, memory_limit also affects file uploading. Generally speaking, memory_limit should be larger than post_max_size. [1]

There is also more information to be found in the PHP documentation about [handling file uploads].

Limitations in the web server

The HTTP server may add further restrictions on the file upload size:

  • Apache: You can restrict maximum file size using [LimitRequestBody] directive. Search for /etc/httpd/conf.d/php.conf and comment out LimitRequestBody. Restart Apache after editing the configuration and you will be able to attach file with sizes over 0,5 MB again.\n
    <Files *.php>
        SetOutputFilter PHP
        SetInputFilter PHP
    #    LimitRequestBody 524288
    </Files> 
    

Limitation in web proxies

Pay attention if you use any proxy server like Squid. In Squid, you need to change the request_body_max_size (the default is 1 MB), e.g: request_body_max_size 10 MB

In some versions of Squid this is called request_size rather than request_body_max_size.

Sending the mail with the attachment

You should also take into account limits for your MTA software:

  • Courier-MTA: showconfig or /etc/courier/sizelimit - default 10MBytes
  • Postfix: a configuration parameter called message_size_limit in the file /etc/postfix/main.cf sets the maximum size (in bytes) of the entire message - default: 10240000 - i.e. approximately 10MBytes
  • Qmail-MTA: a file in /var/qmail/control called databytes. The file contains one line that represents the max size of attachments in bytes.
  • Sendmail: option MaxMessageSize, usually unset; can be changed in mc file define(`confMAX_MESSAGE_SIZE',`5242880')dnl
  • hMail: !Max message size (KB) in Settings > Protocols > SMTP

Comments

You may be able to keep your users from submitting attachments that are too large by implementing this piece of HTML code:

<input type="hidden" name="MAX_FILE_SIZE" value="1000">

NOTE: It may not work with all browsers. This, of course, begs the question "Which browsers does it work with?" Please post your findings here:

  • Konqueror seems not to obey this limit.
  • Mozilla seems not to obey this limit.
  • Microsoft Explorer seems not to obey this limit.
So, does this work or is the code no good?
kink: I think this is an error in the PHP documentation, because I couldn't find a single browser which does something with this limit.
tokul: Firefox (1.0 Debian Sarge) follows it, but interface can't rely on restriction that is controlled by the end user.

Related bug: [SquirrelMail bug 597206]

Probably the problem with memory starvation with big files is not a SquirrelMail problem but a PHP problem, seems to be solved since PHP 4.2.0, look at: [PHP bug 17606] (not sure anyway).

Problem noted on Red Hat 8.0/9.0 with Apache 2.0.x, the error "Requested content-length of 670955 is larger than the configured limit of 524288" was occurring under Apache and a "Page not found" would appear in the browser. Trying the above settings made no change with PHP, but on Red Hat 8.0/9.0 there is an additional PHP configuration file, /etc/httpd/conf.d/php.conf}, and increasing the number on the line {{LimitRequestBody 524288 solves the issue.

Gentoo Linux has a file like the above mentioned where the limits are set, the file is /etc/apache2/conf/modules.d/70_mod_php.conf.

As a side note, check the maximum execution time in php.ini. Very large attachments may take longer than the 30 seconds allowed. Symptoms may be found by looking at the httpd error log and seeing "httpd in free(): warning: recursive call" yet the httpd does not core fault and die altogether. For a 10 MB file attachment I set execution time to 120 seconds.

Gentoo Linux - Update - Actually, I did not find the *mod_php.conf file in Gentoo Linux had any of the above information. I modified the /etc/php4/php.ini file as directed. Though, I did find a link to this file in the Apache directory under /etc/apache/conf/php.ini.

The file that needs to be adjusted in the Red Hat 9 configuration of Apache 2.x is in /etc/httpd/conf.d/php.conf. The paths given above are inaccurate, at least for Red Hat 9. This solves the Apache interference, but is not the only limiter on large files.

Gentoo Linux: After raising the above mentioned values to 10M in php.ini, you do need to change LimitRequestBody in /etc/apache2/conf/modules.d/70_mod_php.conf! I put mine to 2097152, which is equivalent to 2M. This way, I can limit each attachment file size to 2M while the message size is 10M.

IMPORTANT: You must restart Apache before any changes take effect.

© 1999-2016 by The SquirrelMail Project Team