Blame | Last modification | View Log | RSS feed
# HEADER_CHECKS(5) HEADER_CHECKS(5)## NAME# header_checks - Postfix built-in content inspection## SYNOPSIS# header_checks = pcre:/etc/postfix/header_checks# mime_header_checks = pcre:/etc/postfix/mime_header_checks# nested_header_checks = pcre:/etc/postfix/nested_header_checks# body_checks = pcre:/etc/postfix/body_checks## postmap -q "string" pcre:/etc/postfix/filename# postmap -q - pcre:/etc/postfix/filename <inputfile## DESCRIPTION# This document describes access control on the content of# message headers and message body lines; it is implemented# by the Postfix cleanup(8) server before mail is queued.# See access(5) for access control on remote SMTP client# information.## Each message header or message body line is compared# against a list of patterns. When a match is found the# corresponding action is executed, and the matching process# is repeated for the next message header or message body# line.## For examples, see the EXAMPLES section at the end of this# manual page.## Postfix header or body_checks are designed to stop a flood# of mail from worms or viruses; they do not decode attach-# ments, and they do not unzip archives. See the documents# referenced below in the README FILES section if you need# more sophisticated content analysis.## Postfix supports four built-in content inspection classes:## header_checks# These are applied to initial message headers# (except for the headers that are processed with# mime_header_checks).## mime_header_checks (default: $header_checks)# These are applied to MIME related message headers# only.## This feature is available in Postfix 2.0 and later.## nested_header_checks (default: $header_checks)# These are applied to message headers of attached# email messages (except for the headers that are# processed with mime_header_checks).## This feature is available in Postfix 2.0 and later.## body_checks# These are applied to all other content, including# multi-part message boundaries.## With Postfix versions before 2.0, all content after# the initial message headers is treated as body con-# tent.## Note: message headers are examined one logical header at a# time, even when a message header spans multiple lines.# Body lines are always examined one line at a time.## COMPATIBILITY# With Postfix version 2.2 and earlier specify "postmap -fq"# to query a table that contains case sensitive patterns. By# default, regexp: and pcre: patterns are case insensitive.## TABLE FORMAT# This document assumes that header and body_checks rules# are specified in the form of Postfix regular expression# lookup tables. Usually the best performance is obtained# with pcre (Perl Compatible Regular Expression) tables, but# the slower regexp (POSIX regular expressions) support is# more widely available. Use the command "postconf -m" to# find out what lookup table types your Postfix system sup-# ports.## The general format of Postfix regular expression tables is# given below. For a discussion of specific pattern or# flags syntax, see pcre_table(5) or regexp_table(5),# respectively.## /pattern/flags action# When /pattern/ matches the input string, execute# the corresponding action. See below for a list of# possible actions.## !/pattern/flags action# When /pattern/ does not match the input string,# execute the corresponding action.## if /pattern/flags## endif Match the input string against the patterns between# if and endif, if and only if the same input string# also matches /pattern/. The if..endif can nest.## Note: do not prepend whitespace to patterns inside# if..endif.## if !/pattern/flags## endif Match the input string against the patterns between# if and endif, if and only if the same input string# does not match /pattern/. The if..endif can nest.## blank lines and comments# Empty lines and whitespace-only lines are ignored,# as are lines whose first non-whitespace character# is a `#'.## multi-line text# A pattern/action line starts with non-whitespace# text. A line that starts with whitespace continues# a logical line.## TABLE SEARCH ORDER# For each line of message input, the patterns are applied# in the order as specified in the table. When a pattern is# found that matches the input line, the corresponding# action is executed and then the next input line is# inspected.## TEXT SUBSTITUTION# Substitution of substrings from the matched expression# into the action string is possible using the conventional# Perl syntax ($1, $2, etc.). The macros in the result# string may need to be written as ${n} or $(n) if they# aren't followed by whitespace.## Note: since negated patterns (those preceded by !) return# a result when the expression does not match, substitutions# are not available for negated patterns.## ACTIONS# Action names are case insensitive. They are shown in upper# case for consistency with other Postfix documentation.## DISCARD optional text...# Claim successful delivery and silently discard the# message. Log the optional text if specified, oth-# erwise log a generic message.## Note: this action disables further header or# body_checks inspection of the current message and# affects all recipients. To discard only one recip-# ient without discarding the entire message, use the# transport(5) table to direct mail to the discard(8)# service.## This feature is available in Postfix 2.0 and later.## DUNNO Pretend that the input line did not match any pat-# tern, and inspect the next input line. This action# can be used to shorten the table search.## For backwards compatibility reasons, Postfix also# accepts OK but it is (and always has been) treated# as DUNNO.## This feature is available in Postfix 2.1 and later.## FILTER transport:destination# Write a content filter request to the queue file,# and inspect the next input line. After the com-# plete message is received it will be sent through# the specified external content filter. More infor-# mation about external content filters is in the# Postfix FILTER_README file.## Note: this action overrides the content_filter set-# ting, and affects all recipients of the message. In# the case that multiple FILTER actions fire, only# the last one is executed.## This feature is available in Postfix 2.0 and later.## HOLD optional text...# Arrange for the message to be placed on the hold# queue, and inspect the next input line. The mes-# sage remains on hold until someone either deletes# it or releases it for delivery. Log the optional# text if specified, otherwise log a generic message.## Mail that is placed on hold can be examined with# the postcat(1) command, and can be destroyed or# released with the postsuper(1) command.## Note: use "postsuper -r" to release mail that was# kept on hold for a significant fraction of $maxi-# mal_queue_lifetime or $bounce_queue_lifetime, or# longer. Use "postsuper -H" only for mail that will# not expire within a few delivery attempts.## Note: this action affects all recipients of the# message.## This feature is available in Postfix 2.0 and later.## IGNORE Delete the current line from the input, and inspect# the next input line.## PREPEND text...# Prepend one line with the specified text, and# inspect the next input line.## Notes:## o The prepended text is output on a separate# line, immediately before the input that# triggered the PREPEND action.## o The prepended text is not considered part of# the input stream: it is not subject to# header/body checks or address rewriting, and# it does not affect the way that Postfix adds# missing message headers.## o When prepending text before a message header# line, the prepended text must begin with a# valid message header label.## o This action cannot be used to prepend multi-# line text.## This feature is available in Postfix 2.1 and later.## REDIRECT user@domain# Write a message redirection request to the queue# file, and inspect the next input line. After the# message is queued, it will be sent to the specified# address instead of the intended recipient(s).## Note: this action overrides the FILTER action, and# affects all recipients of the message. If multiple# REDIRECT actions fire, only the last one is exe-# cuted.## This feature is available in Postfix 2.1 and later.## REPLACE text...# Replace the current line with the specified text,# and inspect the next input line.## This feature is available in Postfix 2.2 and later.# The description below applies to Postfix 2.2.2 and# later.## Notes:## o When replacing a message header line, the# replacement text must begin with a valid# header label.## o The replaced text remains part of the input# stream. Unlike the result from the PREPEND# action, a replaced message header may be# subject to address rewriting and may affect# the way that Postfix adds missing message# headers.## REJECT optional text...# Reject the entire message. Reply with optional# text... when the optional text is specified, other-# wise reply with a generic error message.## Note: this action disables further header or# body_checks inspection of the current message and# affects all recipients.## Postfix version 2.3 and later support enhanced sta-# tus codes. When no code is specified at the begin-# ning of optional text..., Postfix inserts a default# enhanced status code of "5.7.1".## WARN optional text...# Log a warning with the optional text... (or log a# generic message), and inspect the next input line.# This action is useful for debugging and for testing# a pattern before applying more drastic actions.## BUGS# Empty lines never match, because some map types mis-behave# when given a zero-length search string. This limitation# may be removed for regular expression tables in a future# release.## Many people overlook the main limitations of header and# body_checks rules.## o These rules operate on one logical message header# or one body line at a time. A decision made for one# line is not carried over to the next line.## o If text in the message body is encoded (RFC 2045)# then the rules need to be specified for the encoded# form.## o Likewise, when message headers are encoded (RFC# 2047) then the rules need to be specified for the# encoded form.## Message headers added by the cleanup(8) daemon itself are# excluded from inspection. Examples of such message headers# are From:, To:, Message-ID:, Date:.## Message headers deleted by the cleanup(8) daemon will be# examined before they are deleted. Examples are: Bcc:, Con-# tent-Length:, Return-Path:.## CONFIGURATION PARAMETERS# body_checks# Lookup tables with content filter rules for message# body lines. These filters see one physical line at# a time, in chunks of at most $line_length_limit# bytes.## body_checks_size_limit# The amount of content per message body segment# (attachment) that is subjected to $body_checks fil-# tering.## header_checks## mime_header_checks (default: $header_checks)## nested_header_checks (default: $header_checks)# Lookup tables with content filter rules for message# header lines: respectively, these are applied to# the initial message headers (not including MIME# headers), to the MIME headers anywhere in the mes-# sage, and to the initial headers of attached mes-# sages.## Note: these filters see one logical message header# at a time, even when a message header spans multi-# ple lines. Message headers that are longer than# $header_size_limit characters are truncated.## disable_mime_input_processing# While receiving mail, give no special treatment to# MIME related message headers; all text after the# initial message headers is considered to be part of# the message body. This means that header_checks is# applied to all the initial message headers, and# that body_checks is applied to the remainder of the# message.## Note: when used in this manner, body_checks will# process a multi-line message header one line at a# time.## EXAMPLES# Header pattern to block attachments with bad file name# extensions. For convenience, the PCRE /x flag is speci-# fied, so that there is no need to collapse the pattern# into a single line of text. The purpose of the# [[:xdigit:]] sub-expressions is to recognize Windows CLSID# strings.## /etc/postfix/main.cf:# header_checks = pcre:/etc/postfix/header_checks.pcre## /etc/postfix/header_checks.pcre:# /^Content-(Disposition|Type).*name\s*=\s*"?(.*(\.|=2E)(# ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|# hlp|ht[at]|# inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws|# \{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}|# ops|pcd|pif|prf|reg|sc[frt]|sh[bsm]|swf|# vb[esx]?|vxd|ws[cfh]))(\?=)?"?\s*(;|$)/x# REJECT Attachment name "$2" may not end with ".$4"## Body pattern to stop a specific HTML browser vulnerability# exploit.## /etc/postfix/main.cf:# body_checks = regexp:/etc/postfix/body_checks## /etc/postfix/body_checks:# /^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/# REJECT IFRAME vulnerability exploit## SEE ALSO# cleanup(8), canonicalize and enqueue Postfix message# pcre_table(5), format of PCRE lookup tables# regexp_table(5), format of POSIX regular expression tables# postconf(1), Postfix configuration utility# postmap(1), Postfix lookup table management# postsuper(1), Postfix janitor# postcat(1), show Postfix queue file contents# RFC 2045, base64 and quoted-printable encoding rules# RFC 2047, message header encoding for non-ASCII text## README FILES# Use "postconf readme_directory" or "postconf html_direc-# tory" to locate this information.# DATABASE_README, Postfix lookup table overview# CONTENT_INSPECTION_README, Postfix content inspection overview# BUILTIN_FILTER_README, Postfix built-in content inspection# BACKSCATTER_README, blocking returned forged mail## LICENSE# The Secure Mailer license must be distributed with this# software.## AUTHOR(S)# Wietse Venema# IBM T.J. Watson Research# P.O. Box 704# Yorktown Heights, NY 10598, USA## HEADER_CHECKS(5)