Remember the code was written when 32bit OSes were the norm , 4GB of memory was HUGE, and internet connections were sloooooooow. So a reasonable assumption at that time was that this will never happen. (Raise your hand if you've said the same about your own code.) I'm sure there is lots of old code still running with the same issues, just that the qmail code seems to be audited a lot. Thankfully it follows a pattern that makes things like this easy to mitigate.
Yes, having run qmail for most of the 90s, I'm pretty familiar with what was contemporary. I was being hyperbolic. And yes, there's a lot of code out there with the same class of flaw.
My point is, the right answer isn't to say "that will never happen" and get surprised down the road, the right answer is to say "that shouldn't happen" and do something about it.
So, sure...don't wait till the header gets to 3.9GB. Absurd. But 100MB? 10? 1? I think I'd get antsy at 1MB. Especially since RFC2822 implies lines can be no longer than 998 characters. So...you know...someplace between 998B and 1MB would be reasonable to punt. Especially at the time the code was written.
