header_checks revision 1.1.1.6
1 1.1 tron # HEADER_CHECKS(5) HEADER_CHECKS(5) 2 1.1 tron # 3 1.1 tron # NAME 4 1.1 tron # header_checks - Postfix built-in content inspection 5 1.1 tron # 6 1.1 tron # SYNOPSIS 7 1.1 tron # header_checks = pcre:/etc/postfix/header_checks 8 1.1 tron # mime_header_checks = pcre:/etc/postfix/mime_header_checks 9 1.1 tron # nested_header_checks = pcre:/etc/postfix/nested_header_checks 10 1.1 tron # body_checks = pcre:/etc/postfix/body_checks 11 1.1 tron # 12 1.1.1.3 tron # milter_header_checks = pcre:/etc/postfix/milter_header_checks 13 1.1.1.3 tron # 14 1.1.1.3 tron # smtp_header_checks = pcre:/etc/postfix/smtp_header_checks 15 1.1.1.3 tron # smtp_mime_header_checks = pcre:/etc/postfix/smtp_mime_header_checks 16 1.1.1.3 tron # smtp_nested_header_checks = pcre:/etc/postfix/smtp_nested_header_checks 17 1.1.1.3 tron # smtp_body_checks = pcre:/etc/postfix/smtp_body_checks 18 1.1.1.3 tron # 19 1.1 tron # postmap -q "string" pcre:/etc/postfix/filename 20 1.1 tron # postmap -q - pcre:/etc/postfix/filename <inputfile 21 1.1 tron # 22 1.1 tron # DESCRIPTION 23 1.1 tron # This document describes access control on the content of 24 1.1 tron # message headers and message body lines; it is implemented 25 1.1 tron # by the Postfix cleanup(8) server before mail is queued. 26 1.1 tron # See access(5) for access control on remote SMTP client 27 1.1 tron # information. 28 1.1 tron # 29 1.1 tron # Each message header or message body line is compared 30 1.1 tron # against a list of patterns. When a match is found the 31 1.1 tron # corresponding action is executed, and the matching process 32 1.1 tron # is repeated for the next message header or message body 33 1.1 tron # line. 34 1.1 tron # 35 1.1.1.3 tron # Note: message headers are examined one logical header at a 36 1.1.1.3 tron # time, even when a message header spans multiple lines. 37 1.1.1.3 tron # Body lines are always examined one line at a time. 38 1.1.1.3 tron # 39 1.1 tron # For examples, see the EXAMPLES section at the end of this 40 1.1 tron # manual page. 41 1.1 tron # 42 1.1 tron # Postfix header or body_checks are designed to stop a flood 43 1.1 tron # of mail from worms or viruses; they do not decode attach- 44 1.1 tron # ments, and they do not unzip archives. See the documents 45 1.1 tron # referenced below in the README FILES section if you need 46 1.1 tron # more sophisticated content analysis. 47 1.1 tron # 48 1.1.1.3 tron # FILTERS WHILE RECEIVING MAIL 49 1.1.1.3 tron # Postfix implements the following four built-in content 50 1.1.1.3 tron # inspection classes while receiving mail: 51 1.1 tron # 52 1.1.1.3 tron # header_checks (default: empty) 53 1.1 tron # These are applied to initial message headers 54 1.1 tron # (except for the headers that are processed with 55 1.1 tron # mime_header_checks). 56 1.1 tron # 57 1.1 tron # mime_header_checks (default: $header_checks) 58 1.1 tron # These are applied to MIME related message headers 59 1.1 tron # only. 60 1.1 tron # 61 1.1 tron # This feature is available in Postfix 2.0 and later. 62 1.1 tron # 63 1.1 tron # nested_header_checks (default: $header_checks) 64 1.1 tron # These are applied to message headers of attached 65 1.1 tron # email messages (except for the headers that are 66 1.1 tron # processed with mime_header_checks). 67 1.1 tron # 68 1.1 tron # This feature is available in Postfix 2.0 and later. 69 1.1 tron # 70 1.1 tron # body_checks 71 1.1 tron # These are applied to all other content, including 72 1.1 tron # multi-part message boundaries. 73 1.1 tron # 74 1.1 tron # With Postfix versions before 2.0, all content after 75 1.1 tron # the initial message headers is treated as body con- 76 1.1 tron # tent. 77 1.1 tron # 78 1.1.1.3 tron # FILTERS AFTER RECEIVING MAIL 79 1.1.1.3 tron # Postfix supports a subset of the built-in content inspec- 80 1.1.1.3 tron # tion classes after the message is received: 81 1.1.1.3 tron # 82 1.1.1.3 tron # milter_header_checks (default: empty) 83 1.1.1.3 tron # These are applied to headers that are added with 84 1.1.1.3 tron # Milter applications. 85 1.1.1.3 tron # 86 1.1.1.3 tron # This feature is available in Postfix 2.7 and later. 87 1.1.1.3 tron # 88 1.1.1.3 tron # FILTERS WHILE DELIVERING MAIL 89 1.1.1.3 tron # Postfix supports all four content inspection classes while 90 1.1.1.3 tron # delivering mail via SMTP. 91 1.1.1.3 tron # 92 1.1.1.3 tron # smtp_header_checks (default: empty) 93 1.1.1.3 tron # 94 1.1.1.3 tron # smtp_mime_header_checks (default: empty) 95 1.1.1.3 tron # 96 1.1.1.3 tron # smtp_nested_header_checks (default: empty) 97 1.1.1.3 tron # 98 1.1.1.3 tron # smtp_body_checks (default: empty) 99 1.1.1.3 tron # These features are available in Postfix 2.5 and 100 1.1.1.3 tron # later. 101 1.1 tron # 102 1.1 tron # COMPATIBILITY 103 1.1 tron # With Postfix version 2.2 and earlier specify "postmap -fq" 104 1.1 tron # to query a table that contains case sensitive patterns. By 105 1.1.1.3 tron # default, regexp: and pcre: patterns are case insensitive. 106 1.1 tron # 107 1.1 tron # TABLE FORMAT 108 1.1.1.3 tron # This document assumes that header and body_checks rules 109 1.1.1.3 tron # are specified in the form of Postfix regular expression 110 1.1.1.3 tron # lookup tables. Usually the best performance is obtained 111 1.1.1.4 tron # with pcre (Perl Compatible Regular Expression) tables. The 112 1.1.1.4 tron # regexp (POSIX regular expressions) tables are usually 113 1.1.1.4 tron # slower, but more widely available. Use the command "post- 114 1.1.1.4 tron # conf -m" to find out what lookup table types your Postfix 115 1.1.1.4 tron # system supports. 116 1.1 tron # 117 1.1 tron # The general format of Postfix regular expression tables is 118 1.1.1.3 tron # given below. For a discussion of specific pattern or 119 1.1.1.3 tron # flags syntax, see pcre_table(5) or regexp_table(5), 120 1.1 tron # respectively. 121 1.1 tron # 122 1.1 tron # /pattern/flags action 123 1.1.1.3 tron # When /pattern/ matches the input string, execute 124 1.1.1.3 tron # the corresponding action. See below for a list of 125 1.1 tron # possible actions. 126 1.1 tron # 127 1.1 tron # !/pattern/flags action 128 1.1.1.3 tron # When /pattern/ does not match the input string, 129 1.1 tron # execute the corresponding action. 130 1.1 tron # 131 1.1 tron # if /pattern/flags 132 1.1 tron # 133 1.1.1.5 christos # endif If the input string matches /pattern/, then match 134 1.1.1.5 christos # that input string against the patterns between if 135 1.1.1.5 christos # and endif. The if..endif can nest. 136 1.1 tron # 137 1.1.1.3 tron # Note: do not prepend whitespace to patterns inside 138 1.1 tron # if..endif. 139 1.1 tron # 140 1.1 tron # if !/pattern/flags 141 1.1 tron # 142 1.1.1.5 christos # endif If the input string does not match /pattern/, then 143 1.1.1.5 christos # match that input string against the patterns 144 1.1.1.5 christos # between if and endif. The if..endif can nest. 145 1.1 tron # 146 1.1 tron # blank lines and comments 147 1.1.1.3 tron # Empty lines and whitespace-only lines are ignored, 148 1.1.1.3 tron # as are lines whose first non-whitespace character 149 1.1 tron # is a `#'. 150 1.1 tron # 151 1.1 tron # multi-line text 152 1.1.1.3 tron # A pattern/action line starts with non-whitespace 153 1.1.1.3 tron # text. A line that starts with whitespace continues 154 1.1 tron # a logical line. 155 1.1 tron # 156 1.1 tron # TABLE SEARCH ORDER 157 1.1.1.3 tron # For each line of message input, the patterns are applied 158 1.1.1.3 tron # in the order as specified in the table. When a pattern is 159 1.1.1.3 tron # found that matches the input line, the corresponding 160 1.1.1.3 tron # action is executed and then the next input line is 161 1.1 tron # inspected. 162 1.1 tron # 163 1.1 tron # TEXT SUBSTITUTION 164 1.1.1.3 tron # Substitution of substrings from the matched expression 165 1.1.1.3 tron # into the action string is possible using the conventional 166 1.1.1.3 tron # Perl syntax ($1, $2, etc.). The macros in the result 167 1.1.1.3 tron # string may need to be written as ${n} or $(n) if they 168 1.1 tron # aren't followed by whitespace. 169 1.1 tron # 170 1.1.1.3 tron # Note: since negated patterns (those preceded by !) return 171 1.1 tron # a result when the expression does not match, substitutions 172 1.1 tron # are not available for negated patterns. 173 1.1 tron # 174 1.1 tron # ACTIONS 175 1.1 tron # Action names are case insensitive. They are shown in upper 176 1.1 tron # case for consistency with other Postfix documentation. 177 1.1 tron # 178 1.1.1.5 christos # BCC user@domain 179 1.1.1.5 christos # Add the specified address as a BCC recipient, and 180 1.1.1.5 christos # inspect the next input line. The address must have 181 1.1.1.5 christos # a local part and domain part. The number of BCC 182 1.1.1.5 christos # addresses that can be added is limited only by the 183 1.1.1.5 christos # amount of available storage space. 184 1.1.1.5 christos # 185 1.1.1.5 christos # Note 1: the BCC address is added as if it was spec- 186 1.1.1.5 christos # ified with NOTIFY=NONE. The sender will not be 187 1.1.1.5 christos # notified when the BCC address is undeliverable, as 188 1.1.1.5 christos # long as all down-stream software implements RFC 189 1.1.1.5 christos # 3461. 190 1.1.1.5 christos # 191 1.1.1.5 christos # Note 2: this ignores duplicate addresses (with the 192 1.1.1.5 christos # same delivery status notification options). 193 1.1.1.5 christos # 194 1.1.1.5 christos # This feature is available in Postfix 3.0 and later. 195 1.1.1.5 christos # 196 1.1.1.5 christos # This feature is not supported with smtp header/body 197 1.1.1.5 christos # checks. 198 1.1.1.5 christos # 199 1.1 tron # DISCARD optional text... 200 1.1.1.5 christos # Claim successful delivery and silently discard the 201 1.1.1.5 christos # message. Do not inspect the remainder of the input 202 1.1.1.3 tron # message. Log the optional text if specified, oth- 203 1.1 tron # erwise log a generic message. 204 1.1 tron # 205 1.1.1.3 tron # Note: this action disables further header or 206 1.1.1.3 tron # body_checks inspection of the current message and 207 1.1 tron # affects all recipients. To discard only one recip- 208 1.1 tron # ient without discarding the entire message, use the 209 1.1 tron # transport(5) table to direct mail to the discard(8) 210 1.1 tron # service. 211 1.1 tron # 212 1.1 tron # This feature is available in Postfix 2.0 and later. 213 1.1 tron # 214 1.1.1.3 tron # This feature is not supported with smtp header/body 215 1.1.1.3 tron # checks. 216 1.1.1.3 tron # 217 1.1 tron # DUNNO Pretend that the input line did not match any pat- 218 1.1 tron # tern, and inspect the next input line. This action 219 1.1 tron # can be used to shorten the table search. 220 1.1 tron # 221 1.1 tron # For backwards compatibility reasons, Postfix also 222 1.1 tron # accepts OK but it is (and always has been) treated 223 1.1 tron # as DUNNO. 224 1.1 tron # 225 1.1 tron # This feature is available in Postfix 2.1 and later. 226 1.1 tron # 227 1.1 tron # FILTER transport:destination 228 1.1.1.5 christos # Override the content_filter parameter setting, and 229 1.1.1.5 christos # inspect the next input line. After the message is 230 1.1.1.5 christos # queued, send the entire message through the speci- 231 1.1.1.5 christos # fied external content filter. The transport name 232 1.1.1.5 christos # specifies the first field of a mail delivery agent 233 1.1.1.5 christos # definition in master.cf; the syntax of the next-hop 234 1.1.1.5 christos # destination is described in the manual page of the 235 1.1.1.5 christos # corresponding delivery agent. More information 236 1.1.1.5 christos # about external content filters is in the Postfix 237 1.1.1.5 christos # FILTER_README file. 238 1.1.1.2 tron # 239 1.1.1.2 tron # Note 1: do not use $number regular expression sub- 240 1.1.1.2 tron # stitutions for transport or destination unless you 241 1.1.1.2 tron # know that the information has a trusted origin. 242 1.1.1.2 tron # 243 1.1.1.2 tron # Note 2: this action overrides the main.cf con- 244 1.1.1.2 tron # tent_filter setting, and affects all recipients of 245 1.1.1.2 tron # the message. In the case that multiple FILTER 246 1.1.1.2 tron # actions fire, only the last one is executed. 247 1.1.1.2 tron # 248 1.1.1.2 tron # Note 3: the purpose of the FILTER command is to 249 1.1.1.2 tron # override message routing. To override the recipi- 250 1.1.1.2 tron # ent's transport but not the next-hop destination, 251 1.1.1.2 tron # specify an empty filter destination (Postfix 2.7 252 1.1.1.2 tron # and later), or specify a transport:destination that 253 1.1.1.2 tron # delivers through a different Postfix instance 254 1.1.1.2 tron # (Postfix 2.6 and earlier). Other options are using 255 1.1.1.2 tron # the recipient-dependent transport_maps or the sen- 256 1.1.1.2 tron # der-dependent sender_dependent_default_transport- 257 1.1.1.2 tron # _maps features. 258 1.1 tron # 259 1.1 tron # This feature is available in Postfix 2.0 and later. 260 1.1 tron # 261 1.1.1.3 tron # This feature is not supported with smtp header/body 262 1.1.1.3 tron # checks. 263 1.1.1.3 tron # 264 1.1 tron # HOLD optional text... 265 1.1.1.3 tron # Arrange for the message to be placed on the hold 266 1.1.1.3 tron # queue, and inspect the next input line. The mes- 267 1.1.1.3 tron # sage remains on hold until someone either deletes 268 1.1.1.3 tron # it or releases it for delivery. Log the optional 269 1.1 tron # text if specified, otherwise log a generic message. 270 1.1 tron # 271 1.1.1.3 tron # Mail that is placed on hold can be examined with 272 1.1.1.3 tron # the postcat(1) command, and can be destroyed or 273 1.1 tron # released with the postsuper(1) command. 274 1.1 tron # 275 1.1.1.3 tron # Note: use "postsuper -r" to release mail that was 276 1.1.1.3 tron # kept on hold for a significant fraction of $maxi- 277 1.1 tron # mal_queue_lifetime or $bounce_queue_lifetime, or 278 1.1.1.3 tron # longer. Use "postsuper -H" only for mail that will 279 1.1 tron # not expire within a few delivery attempts. 280 1.1 tron # 281 1.1.1.3 tron # Note: this action affects all recipients of the 282 1.1 tron # message. 283 1.1 tron # 284 1.1 tron # This feature is available in Postfix 2.0 and later. 285 1.1 tron # 286 1.1.1.3 tron # This feature is not supported with smtp header/body 287 1.1.1.3 tron # checks. 288 1.1.1.3 tron # 289 1.1 tron # IGNORE Delete the current line from the input, and inspect 290 1.1.1.6 christos # the next input line. See STRIP for an alternative 291 1.1.1.6 christos # that logs the action. 292 1.1 tron # 293 1.1.1.3 tron # INFO optional text... 294 1.1.1.3 tron # Log an "info:" record with the optional text... (or 295 1.1.1.6 christos # log a generic text), and inspect the next input 296 1.1.1.6 christos # line. This action is useful for routine logging or 297 1.1.1.3 tron # for debugging. 298 1.1.1.3 tron # 299 1.1.1.3 tron # This feature is available in Postfix 2.8 and later. 300 1.1.1.3 tron # 301 1.1.1.6 christos # PASS optional text... 302 1.1.1.6 christos # Log a "pass:" record with the optional text... (or 303 1.1.1.6 christos # log a generic text), and turn off header, body, and 304 1.1.1.6 christos # Milter inspection for the remainder of this mes- 305 1.1.1.6 christos # sage. 306 1.1.1.6 christos # 307 1.1.1.6 christos # Note: this feature relies on trust in information 308 1.1.1.6 christos # that is easy to forge. 309 1.1.1.6 christos # 310 1.1.1.6 christos # This feature is available in Postfix 3.2 and later. 311 1.1.1.6 christos # 312 1.1.1.6 christos # This feature is not supported with smtp header/body 313 1.1.1.6 christos # checks. 314 1.1.1.6 christos # 315 1.1 tron # PREPEND text... 316 1.1.1.6 christos # Prepend one line with the specified text, and 317 1.1 tron # inspect the next input line. 318 1.1 tron # 319 1.1 tron # Notes: 320 1.1 tron # 321 1.1.1.6 christos # o The prepended text is output on a separate 322 1.1 tron # line, immediately before the input that 323 1.1 tron # triggered the PREPEND action. 324 1.1 tron # 325 1.1 tron # o The prepended text is not considered part of 326 1.1.1.6 christos # the input stream: it is not subject to 327 1.1 tron # header/body checks or address rewriting, and 328 1.1 tron # it does not affect the way that Postfix adds 329 1.1 tron # missing message headers. 330 1.1 tron # 331 1.1 tron # o When prepending text before a message header 332 1.1.1.6 christos # line, the prepended text must begin with a 333 1.1 tron # valid message header label. 334 1.1 tron # 335 1.1.1.6 christos # o This action cannot be used to prepend 336 1.1.1.5 christos # multi-line text. 337 1.1 tron # 338 1.1 tron # This feature is available in Postfix 2.1 and later. 339 1.1 tron # 340 1.1.1.3 tron # This feature is not supported with mil- 341 1.1.1.3 tron # ter_header_checks. 342 1.1.1.3 tron # 343 1.1 tron # REDIRECT user@domain 344 1.1.1.6 christos # Write a message redirection request to the queue 345 1.1.1.6 christos # file, and inspect the next input line. After the 346 1.1 tron # message is queued, it will be sent to the specified 347 1.1 tron # address instead of the intended recipient(s). 348 1.1 tron # 349 1.1.1.6 christos # Note: this action overrides the FILTER action, and 350 1.1.1.6 christos # affects all recipients of the message. If multiple 351 1.1.1.6 christos # REDIRECT actions fire, only the last one is exe- 352 1.1 tron # cuted. 353 1.1 tron # 354 1.1 tron # This feature is available in Postfix 2.1 and later. 355 1.1 tron # 356 1.1.1.3 tron # This feature is not supported with smtp header/body 357 1.1.1.3 tron # checks. 358 1.1.1.3 tron # 359 1.1 tron # REPLACE text... 360 1.1.1.6 christos # Replace the current line with the specified text, 361 1.1 tron # and inspect the next input line. 362 1.1 tron # 363 1.1 tron # This feature is available in Postfix 2.2 and later. 364 1.1.1.6 christos # The description below applies to Postfix 2.2.2 and 365 1.1 tron # later. 366 1.1 tron # 367 1.1 tron # Notes: 368 1.1 tron # 369 1.1.1.6 christos # o When replacing a message header line, the 370 1.1.1.6 christos # replacement text must begin with a valid 371 1.1 tron # header label. 372 1.1 tron # 373 1.1.1.6 christos # o The replaced text remains part of the input 374 1.1.1.6 christos # stream. Unlike the result from the PREPEND 375 1.1.1.6 christos # action, a replaced message header may be 376 1.1.1.6 christos # subject to address rewriting and may affect 377 1.1.1.6 christos # the way that Postfix adds missing message 378 1.1 tron # headers. 379 1.1 tron # 380 1.1 tron # REJECT optional text... 381 1.1.1.6 christos # Reject the entire message. Do not inspect the 382 1.1.1.6 christos # remainder of the input message. Reply with 383 1.1.1.6 christos # optional text... when the optional text is speci- 384 1.1.1.5 christos # fied, otherwise reply with a generic error message. 385 1.1 tron # 386 1.1.1.6 christos # Note: this action disables further header or 387 1.1.1.6 christos # body_checks inspection of the current message and 388 1.1 tron # affects all recipients. 389 1.1 tron # 390 1.1 tron # Postfix version 2.3 and later support enhanced sta- 391 1.1 tron # tus codes. When no code is specified at the begin- 392 1.1 tron # ning of optional text..., Postfix inserts a default 393 1.1 tron # enhanced status code of "5.7.1". 394 1.1 tron # 395 1.1.1.3 tron # This feature is not supported with smtp header/body 396 1.1.1.3 tron # checks. 397 1.1.1.3 tron # 398 1.1.1.6 christos # STRIP optional text... 399 1.1.1.6 christos # Log a "strip:" record with the optional text... (or 400 1.1.1.6 christos # log a generic text), delete the input line from the 401 1.1.1.6 christos # input, and inspect the next input line. See IGNORE 402 1.1.1.6 christos # for a silent alternative. 403 1.1.1.6 christos # 404 1.1.1.6 christos # This feature is available in Postfix 3.2 and later. 405 1.1.1.6 christos # 406 1.1 tron # WARN optional text... 407 1.1.1.6 christos # Log a "warning:" record with the optional text... 408 1.1.1.3 tron # (or log a generic text), and inspect the next input 409 1.1.1.6 christos # line. This action is useful for debugging and for 410 1.1.1.6 christos # testing a pattern before applying more drastic 411 1.1.1.3 tron # actions. 412 1.1 tron # 413 1.1 tron # BUGS 414 1.1 tron # Empty lines never match, because some map types mis-behave 415 1.1.1.6 christos # when given a zero-length search string. This limitation 416 1.1.1.6 christos # may be removed for regular expression tables in a future 417 1.1 tron # release. 418 1.1 tron # 419 1.1.1.6 christos # Many people overlook the main limitations of header and 420 1.1 tron # body_checks rules. 421 1.1 tron # 422 1.1.1.6 christos # o These rules operate on one logical message header 423 1.1 tron # or one body line at a time. A decision made for one 424 1.1 tron # line is not carried over to the next line. 425 1.1 tron # 426 1.1.1.6 christos # o If text in the message body is encoded (RFC 2045) 427 1.1 tron # then the rules need to be specified for the encoded 428 1.1 tron # form. 429 1.1 tron # 430 1.1.1.6 christos # o Likewise, when message headers are encoded (RFC 431 1.1.1.6 christos # 2047) then the rules need to be specified for the 432 1.1 tron # encoded form. 433 1.1 tron # 434 1.1.1.6 christos # Message headers added by the cleanup(8) daemon itself are 435 1.1 tron # excluded from inspection. Examples of such message headers 436 1.1 tron # are From:, To:, Message-ID:, Date:. 437 1.1 tron # 438 1.1.1.6 christos # Message headers deleted by the cleanup(8) daemon will be 439 1.1 tron # examined before they are deleted. Examples are: Bcc:, Con- 440 1.1 tron # tent-Length:, Return-Path:. 441 1.1 tron # 442 1.1 tron # CONFIGURATION PARAMETERS 443 1.1 tron # body_checks 444 1.1 tron # Lookup tables with content filter rules for message 445 1.1 tron # body lines. These filters see one physical line at 446 1.1.1.6 christos # a time, in chunks of at most $line_length_limit 447 1.1 tron # bytes. 448 1.1 tron # 449 1.1 tron # body_checks_size_limit 450 1.1.1.6 christos # The amount of content per message body segment 451 1.1 tron # (attachment) that is subjected to $body_checks fil- 452 1.1 tron # tering. 453 1.1 tron # 454 1.1 tron # header_checks 455 1.1 tron # 456 1.1 tron # mime_header_checks (default: $header_checks) 457 1.1 tron # 458 1.1 tron # nested_header_checks (default: $header_checks) 459 1.1 tron # Lookup tables with content filter rules for message 460 1.1.1.6 christos # header lines: respectively, these are applied to 461 1.1.1.6 christos # the initial message headers (not including MIME 462 1.1.1.6 christos # headers), to the MIME headers anywhere in the mes- 463 1.1.1.6 christos # sage, and to the initial headers of attached mes- 464 1.1 tron # sages. 465 1.1 tron # 466 1.1.1.6 christos # Note: these filters see one logical message header 467 1.1.1.6 christos # at a time, even when a message header spans multi- 468 1.1.1.6 christos # ple lines. Message headers that are longer than 469 1.1 tron # $header_size_limit characters are truncated. 470 1.1 tron # 471 1.1 tron # disable_mime_input_processing 472 1.1.1.6 christos # While receiving mail, give no special treatment to 473 1.1.1.6 christos # MIME related message headers; all text after the 474 1.1 tron # initial message headers is considered to be part of 475 1.1.1.6 christos # the message body. This means that header_checks is 476 1.1.1.6 christos # applied to all the initial message headers, and 477 1.1 tron # that body_checks is applied to the remainder of the 478 1.1 tron # message. 479 1.1 tron # 480 1.1.1.6 christos # Note: when used in this manner, body_checks will 481 1.1.1.6 christos # process a multi-line message header one line at a 482 1.1 tron # time. 483 1.1 tron # 484 1.1 tron # EXAMPLES 485 1.1.1.6 christos # Header pattern to block attachments with bad file name 486 1.1.1.6 christos # extensions. For convenience, the PCRE /x flag is speci- 487 1.1.1.6 christos # fied, so that there is no need to collapse the pattern 488 1.1.1.6 christos # into a single line of text. The purpose of the 489 1.1 tron # [[:xdigit:]] sub-expressions is to recognize Windows CLSID 490 1.1 tron # strings. 491 1.1 tron # 492 1.1 tron # /etc/postfix/main.cf: 493 1.1 tron # header_checks = pcre:/etc/postfix/header_checks.pcre 494 1.1 tron # 495 1.1 tron # /etc/postfix/header_checks.pcre: 496 1.1.1.5 christos # /^Content-(Disposition|Type).*name\s*=\s*"?([^;]*(\.|=2E)( 497 1.1 tron # ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe| 498 1.1 tron # hlp|ht[at]| 499 1.1 tron # inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws| 500 1.1 tron # \{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}| 501 1.1 tron # ops|pcd|pif|prf|reg|sc[frt]|sh[bsm]|swf| 502 1.1 tron # vb[esx]?|vxd|ws[cfh]))(\?=)?"?\s*(;|$)/x 503 1.1 tron # REJECT Attachment name "$2" may not end with ".$4" 504 1.1 tron # 505 1.1 tron # Body pattern to stop a specific HTML browser vulnerability 506 1.1 tron # exploit. 507 1.1 tron # 508 1.1 tron # /etc/postfix/main.cf: 509 1.1 tron # body_checks = regexp:/etc/postfix/body_checks 510 1.1 tron # 511 1.1 tron # /etc/postfix/body_checks: 512 1.1 tron # /^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/ 513 1.1 tron # REJECT IFRAME vulnerability exploit 514 1.1 tron # 515 1.1 tron # SEE ALSO 516 1.1 tron # cleanup(8), canonicalize and enqueue Postfix message 517 1.1 tron # pcre_table(5), format of PCRE lookup tables 518 1.1 tron # regexp_table(5), format of POSIX regular expression tables 519 1.1 tron # postconf(1), Postfix configuration utility 520 1.1 tron # postmap(1), Postfix lookup table management 521 1.1 tron # postsuper(1), Postfix janitor 522 1.1 tron # postcat(1), show Postfix queue file contents 523 1.1 tron # RFC 2045, base64 and quoted-printable encoding rules 524 1.1 tron # RFC 2047, message header encoding for non-ASCII text 525 1.1 tron # 526 1.1 tron # README FILES 527 1.1.1.6 christos # Use "postconf readme_directory" or "postconf html_direc- 528 1.1 tron # tory" to locate this information. 529 1.1 tron # DATABASE_README, Postfix lookup table overview 530 1.1 tron # CONTENT_INSPECTION_README, Postfix content inspection overview 531 1.1 tron # BUILTIN_FILTER_README, Postfix built-in content inspection 532 1.1 tron # BACKSCATTER_README, blocking returned forged mail 533 1.1 tron # 534 1.1 tron # LICENSE 535 1.1.1.6 christos # The Secure Mailer license must be distributed with this 536 1.1 tron # software. 537 1.1 tron # 538 1.1 tron # AUTHOR(S) 539 1.1 tron # Wietse Venema 540 1.1 tron # IBM T.J. Watson Research 541 1.1 tron # P.O. Box 704 542 1.1 tron # Yorktown Heights, NY 10598, USA 543 1.1 tron # 544 1.1.1.5 christos # Wietse Venema 545 1.1.1.5 christos # Google, Inc. 546 1.1.1.5 christos # 111 8th Avenue 547 1.1.1.5 christos # New York, NY 10011, USA 548 1.1.1.5 christos # 549 1.1 tron # HEADER_CHECKS(5) 550
Indexes created Mon May 04 00:23:20 UTC 2026