fix: set max raw-message size to 25MB

Author: s-aga-r

mail/api/outbound.py

@@ -13,6 +13,8 @@
 from mail.utils.rate_limiter import dynamic_rate_limit
 from mail.utils.user import has_role
 
+MAX_MESSAGE_SIZE = 25 * 1024 * 1024  # 25 MB
+
 
 @frappe.whitelist(methods=["POST"])
 @dynamic_rate_limit()
@@ -116,6 +118,9 @@ def send_raw(
 	if not raw_message:
 		frappe.throw(_("The raw message is required."), frappe.MandatoryError)
 
+	if len(raw_message.encode("utf-8")) > MAX_MESSAGE_SIZE:
+		frappe.throw(_("The raw message exceeds the maximum allowed size of 25 MB."))
+
 	return _enqueue_mail(from_, to, raw_message, is_newsletter)
 
 
@@ -182,6 +187,11 @@ def _handle_chunked_upload(
 		f.seek(offset)
 		f.write(file.stream.read())
 
+	current_size = os.path.getsize(temp_path)
+	if current_size > MAX_MESSAGE_SIZE:
+		os.remove(temp_path)
+		frappe.throw(_("The raw message exceeds the maximum allowed size of 25 MB."))
+
 	if chunk_index < total_chunks - 1:
 		return f"Chunk {chunk_index + 1} of {total_chunks} received."
 

mail/install.py

@@ -43,7 +43,7 @@ def add_rate_limits() -> None:
 		# mail.api.outbound
 		{"method_path": "mail.api.outbound.upload_attachment", "limit": 60, "seconds": 60},
 		{"method_path": "mail.api.outbound.send", "limit": 300, "seconds": 60},
-		{"method_path": "mail.api.outbound.send_raw", "limit": 300, "seconds": 60},
+		{"method_path": "mail.api.outbound.send_raw", "limit": 300, "seconds": 120},
 		# mail.api.spamd
 		{"method_path": "mail.api.spamd.scan", "limit": 60, "seconds": 60},
 		{"method_path": "mail.api.spamd.get_spam_score", "limit": 60, "seconds": 60},