search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Expand PMF_FN_* macros.
[netbsd-mini2440.git] / external / ibm-public / postfix / dist / html / header_checks.5.html
blobcb17335e1a3a5a123e24a1b9e9a0a0a8ae042be2
1 <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
2 "http://www.w3.org/TR/html4/loose.dtd">
3 <html> <head>
4 <meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
5 <title> Postfix manual - header_checks(5) </title>
6 </head> <body> <pre>
7 HEADER_CHECKS(5) HEADER_CHECKS(5)
8
9 <b>NAME</b>
10 <a href="postconf.5.html#header_checks">header_checks</a> - Postfix built-in content inspection
11
12 <b>SYNOPSIS</b>
13 <b><a href="postconf.5.html#header_checks">header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/header_checks</b>
14 <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/mime_header_checks</b>
15 <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/nested_header_checks</b>
16 <b><a href="postconf.5.html#body_checks">body_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/body_checks</b>
17
18 <b>postmap -q "</b><i>string</i><b>" <a href="pcre_table.5.html">pcre</a>:/etc/postfix/</b><i>filename</i>
19 <b>postmap -q - <a href="pcre_table.5.html">pcre</a>:/etc/postfix/</b><i>filename</i> &lt;<i>inputfile</i>
20
21 <b>DESCRIPTION</b>
22 This document describes access control on the content of
23 message headers and message body lines; it is implemented
24 by the Postfix <a href="cleanup.8.html"><b>cleanup</b>(8)</a> server before mail is queued.
25 See <a href="access.5.html"><b>access</b>(5)</a> for access control on remote SMTP client
26 information.
27
28 Each message header or message body line is compared
29 against a list of patterns. When a match is found the
30 corresponding action is executed, and the matching process
31 is repeated for the next message header or message body
32 line.
33
34 For examples, see the EXAMPLES section at the end of this
35 manual page.
36
37 Postfix header or <a href="postconf.5.html#body_checks">body_checks</a> are designed to stop a flood
38 of mail from worms or viruses; they do not decode attach-
39 ments, and they do not unzip archives. See the documents
40 referenced below in the README FILES section if you need
41 more sophisticated content analysis.
42
43 Postfix supports four built-in content inspection classes:
44
45 <b><a href="postconf.5.html#header_checks">header_checks</a></b>
46 These are applied to initial message headers
47 (except for the headers that are processed with
48 <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>).
49
50 <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>)
51 These are applied to MIME related message headers
52 only.
53
54 This feature is available in Postfix 2.0 and later.
55
56 <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>)
57 These are applied to message headers of attached
58 email messages (except for the headers that are
59 processed with <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>).
60
61 This feature is available in Postfix 2.0 and later.
62
63 <b><a href="postconf.5.html#body_checks">body_checks</a></b>
64 These are applied to all other content, including
65 multi-part message boundaries.
66
67 With Postfix versions before 2.0, all content after
68 the initial message headers is treated as body con-
69 tent.
70
71 Note: message headers are examined one logical header at a
72 time, even when a message header spans multiple lines.
73 Body lines are always examined one line at a time.
74
75 <b>COMPATIBILITY</b>
76 With Postfix version 2.2 and earlier specify "<b>postmap -fq</b>"
77 to query a table that contains case sensitive patterns. By
78 default, <a href="regexp_table.5.html">regexp</a>: and <a href="pcre_table.5.html">pcre</a>: patterns are case insensitive.
79
80 <b>TABLE FORMAT</b>
81 This document assumes that header and <a href="postconf.5.html#body_checks">body_checks</a> rules
82 are specified in the form of Postfix regular expression
83 lookup tables. Usually the best performance is obtained
84 with <b>pcre</b> (Perl Compatible Regular Expression) tables, but
85 the slower <b>regexp</b> (POSIX regular expressions) support is
86 more widely available. Use the command "<b>postconf -m</b>" to
87 find out what lookup table types your Postfix system sup-
88 ports.
89
90 The general format of Postfix regular expression tables is
91 given below. For a discussion of specific pattern or
92 flags syntax, see <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a> or <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a>,
93 respectively.
94
95 <b>/</b><i>pattern</i><b>/</b><i>flags action</i>
96 When /<i>pattern</i>/ matches the input string, execute
97 the corresponding <i>action</i>. See below for a list of
98 possible actions.
99
100 <b>!/</b><i>pattern</i><b>/</b><i>flags action</i>
101 When /<i>pattern</i>/ does <b>not</b> match the input string,
102 execute the corresponding <i>action</i>.
103
104 <b>if /</b><i>pattern</i><b>/</b><i>flags</i>
105
106 <b>endif</b> Match the input string against the patterns between
107 <b>if</b> and <b>endif</b>, if and only if the same input string
108 also matches /<i>pattern</i>/. The <b>if</b>..<b>endif</b> can nest.
109
110 Note: do not prepend whitespace to patterns inside
111 <b>if</b>..<b>endif</b>.
112
113 <b>if !/</b><i>pattern</i><b>/</b><i>flags</i>
114
115 <b>endif</b> Match the input string against the patterns between
116 <b>if</b> and <b>endif</b>, if and only if the same input string
117 does <b>not</b> match /<i>pattern</i>/. The <b>if</b>..<b>endif</b> can nest.
118
119 blank lines and comments
120 Empty lines and whitespace-only lines are ignored,
121 as are lines whose first non-whitespace character
122 is a `#'.
123
124 multi-line text
125 A pattern/action line starts with non-whitespace
126 text. A line that starts with whitespace continues
127 a logical line.
128
129 <b>TABLE SEARCH ORDER</b>
130 For each line of message input, the patterns are applied
131 in the order as specified in the table. When a pattern is
132 found that matches the input line, the corresponding
133 action is executed and then the next input line is
134 inspected.
135
136 <b>TEXT SUBSTITUTION</b>
137 Substitution of substrings from the matched expression
138 into the <i>action</i> string is possible using the conventional
139 Perl syntax (<b>$1</b>, <b>$2</b>, etc.). The macros in the result
140 string may need to be written as <b>${n}</b> or <b>$(n)</b> if they
141 aren't followed by whitespace.
142
143 Note: since negated patterns (those preceded by <b>!</b>) return
144 a result when the expression does not match, substitutions
145 are not available for negated patterns.
146
147 <b>ACTIONS</b>
148 Action names are case insensitive. They are shown in upper
149 case for consistency with other Postfix documentation.
150
151 <b>DISCARD</b> <i>optional text...</i>
152 Claim successful delivery and silently discard the
153 message. Log the optional text if specified, oth-
154 erwise log a generic message.
155
156 Note: this action disables further header or
157 <a href="postconf.5.html#body_checks">body_checks</a> inspection of the current message and
158 affects all recipients. To discard only one recip-
159 ient without discarding the entire message, use the
160 <a href="transport.5.html">transport(5)</a> table to direct mail to the <a href="discard.8.html">discard(8)</a>
161 service.
162
163 This feature is available in Postfix 2.0 and later.
164
165 <b>DUNNO</b> Pretend that the input line did not match any pat-
166 tern, and inspect the next input line. This action
167 can be used to shorten the table search.
168
169 For backwards compatibility reasons, Postfix also
170 accepts <b>OK</b> but it is (and always has been) treated
171 as <b>DUNNO</b>.
172
173 This feature is available in Postfix 2.1 and later.
174
175 <b>FILTER</b> <i>transport:destination</i>
176 Write a content filter request to the queue file,
177 and inspect the next input line. After the com-
178 plete message is received it will be sent through
179 the specified external content filter. More infor-
180 mation about external content filters is in the
181 Postfix <a href="FILTER_README.html">FILTER_README</a> file.
182
183 Note: this action overrides the <b><a href="postconf.5.html#content_filter">content_filter</a></b> set-
184 ting, and affects all recipients of the message. In
185 the case that multiple <b>FILTER</b> actions fire, only
186 the last one is executed.
187
188 This feature is available in Postfix 2.0 and later.
189
190 <b>HOLD</b> <i>optional text...</i>
191 Arrange for the message to be placed on the <b>hold</b>
192 queue, and inspect the next input line. The mes-
193 sage remains on <b>hold</b> until someone either deletes
194 it or releases it for delivery. Log the optional
195 text if specified, otherwise log a generic message.
196
197 Mail that is placed on hold can be examined with
198 the <a href="postcat.1.html"><b>postcat</b>(1)</a> command, and can be destroyed or
199 released with the <a href="postsuper.1.html"><b>postsuper</b>(1)</a> command.
200
201 Note: use "<b>postsuper -r</b>" to release mail that was
202 kept on hold for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b>
203 <b><a href="postconf.5.html#maximal_queue_lifetime">mal_queue_lifetime</a></b> or <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b>, or
204 longer. Use "<b>postsuper -H</b>" only for mail that will
205 not expire within a few delivery attempts.
206
207 Note: this action affects all recipients of the
208 message.
209
210 This feature is available in Postfix 2.0 and later.
211
212 <b>IGNORE</b> Delete the current line from the input, and inspect
213 the next input line.
214
215 <b>PREPEND</b> <i>text...</i>
216 Prepend one line with the specified text, and
217 inspect the next input line.
218
219 Notes:
220
221 <b>o</b> The prepended text is output on a separate
222 line, immediately before the input that
223 triggered the <b>PREPEND</b> action.
224
225 <b>o</b> The prepended text is not considered part of
226 the input stream: it is not subject to
227 header/body checks or address rewriting, and
228 it does not affect the way that Postfix adds
229 missing message headers.
230
231 <b>o</b> When prepending text before a message header
232 line, the prepended text must begin with a
233 valid message header label.
234
235 <b>o</b> This action cannot be used to prepend multi-
236 line text.
237
238 This feature is available in Postfix 2.1 and later.
239
240 <b>REDIRECT</b> <i>user@domain</i>
241 Write a message redirection request to the queue
242 file, and inspect the next input line. After the
243 message is queued, it will be sent to the specified
244 address instead of the intended recipient(s).
245
246 Note: this action overrides the <b>FILTER</b> action, and
247 affects all recipients of the message. If multiple
248 <b>REDIRECT</b> actions fire, only the last one is exe-
249 cuted.
250
251 This feature is available in Postfix 2.1 and later.
252
253 <b>REPLACE</b> <i>text...</i>
254 Replace the current line with the specified text,
255 and inspect the next input line.
256
257 This feature is available in Postfix 2.2 and later.
258 The description below applies to Postfix 2.2.2 and
259 later.
260
261 Notes:
262
263 <b>o</b> When replacing a message header line, the
264 replacement text must begin with a valid
265 header label.
266
267 <b>o</b> The replaced text remains part of the input
268 stream. Unlike the result from the <b>PREPEND</b>
269 action, a replaced message header may be
270 subject to address rewriting and may affect
271 the way that Postfix adds missing message
272 headers.
273
274 <b>REJECT</b> <i>optional text...</i>
275 Reject the entire message. Reply with <i>optional</i>
276 <i>text...</i> when the optional text is specified, other-
277 wise reply with a generic error message.
278
279 Note: this action disables further header or
280 <a href="postconf.5.html#body_checks">body_checks</a> inspection of the current message and
281 affects all recipients.
282
283 Postfix version 2.3 and later support enhanced sta-
284 tus codes. When no code is specified at the begin-
285 ning of <i>optional text...</i>, Postfix inserts a default
286 enhanced status code of "5.7.1".
287
288 <b>WARN</b> <i>optional text...</i>
289 Log a warning with the <i>optional text...</i> (or log a
290 generic message), and inspect the next input line.
291 This action is useful for debugging and for testing
292 a pattern before applying more drastic actions.
293
294 <b>BUGS</b>
295 Empty lines never match, because some map types mis-behave
296 when given a zero-length search string. This limitation
297 may be removed for regular expression tables in a future
298 release.
299
300 Many people overlook the main limitations of header and
301 <a href="postconf.5.html#body_checks">body_checks</a> rules.
302
303 <b>o</b> These rules operate on one logical message header
304 or one body line at a time. A decision made for one
305 line is not carried over to the next line.
306
307 <b>o</b> If text in the message body is encoded (<a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a>)
308 then the rules need to be specified for the encoded
309 form.
310
311 <b>o</b> Likewise, when message headers are encoded (<a href="http://tools.ietf.org/html/rfc2047">RFC</a>
312 <a href="http://tools.ietf.org/html/rfc2047">2047</a>) then the rules need to be specified for the
313 encoded form.
314
315 Message headers added by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon itself are
316 excluded from inspection. Examples of such message headers
317 are <b>From:</b>, <b>To:</b>, <b>Message-ID:</b>, <b>Date:</b>.
318
319 Message headers deleted by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon will be
320 examined before they are deleted. Examples are: <b>Bcc:, Con-</b>
321 <b>tent-Length:</b>, <b>Return-Path:</b>.
322
323 <b>CONFIGURATION PARAMETERS</b>
324 <b><a href="postconf.5.html#body_checks">body_checks</a></b>
325 Lookup tables with content filter rules for message
326 body lines. These filters see one physical line at
327 a time, in chunks of at most <b>$<a href="postconf.5.html#line_length_limit">line_length_limit</a></b>
328 bytes.
329
330 <b><a href="postconf.5.html#body_checks_size_limit">body_checks_size_limit</a></b>
331 The amount of content per message body segment
332 (attachment) that is subjected to <b>$<a href="postconf.5.html#body_checks">body_checks</a></b> fil-
333 tering.
334
335 <b><a href="postconf.5.html#header_checks">header_checks</a></b>
336
337 <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>)
338
339 <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>)
340 Lookup tables with content filter rules for message
341 header lines: respectively, these are applied to
342 the initial message headers (not including MIME
343 headers), to the MIME headers anywhere in the mes-
344 sage, and to the initial headers of attached mes-
345 sages.
346
347 Note: these filters see one logical message header
348 at a time, even when a message header spans multi-
349 ple lines. Message headers that are longer than
350 <b>$<a href="postconf.5.html#header_size_limit">header_size_limit</a></b> characters are truncated.
351
352 <b><a href="postconf.5.html#disable_mime_input_processing">disable_mime_input_processing</a></b>
353 While receiving mail, give no special treatment to
354 MIME related message headers; all text after the
355 initial message headers is considered to be part of
356 the message body. This means that <b><a href="postconf.5.html#header_checks">header_checks</a></b> is
357 applied to all the initial message headers, and
358 that <b><a href="postconf.5.html#body_checks">body_checks</a></b> is applied to the remainder of the
359 message.
360
361 Note: when used in this manner, <b><a href="postconf.5.html#body_checks">body_checks</a></b> will
362 process a multi-line message header one line at a
363 time.
364
365 <b>EXAMPLES</b>
366 Header pattern to block attachments with bad file name
367 extensions. For convenience, the PCRE /x flag is speci-
368 fied, so that there is no need to collapse the pattern
369 into a single line of text. The purpose of the
370 [[:xdigit:]] sub-expressions is to recognize Windows CLSID
371 strings.
372
373 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
374 <a href="postconf.5.html#header_checks">header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/header_checks.pcre
375
376 /etc/postfix/header_checks.<a href="pcre_table.5.html">pcre</a>:
377 /^Content-(Disposition|Type).*name\s*=\s*"?(.*(\.|=2E)(
378 ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|
379 hlp|ht[at]|
380 inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws|
381 \{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}|
382 ops|pcd|pif|prf|reg|sc[frt]|sh[bsm]|swf|
383 vb[esx]?|vxd|ws[cfh]))(\?=)?"?\s*(;|$)/x
384 REJECT Attachment name "$2" may not end with ".$4"
385
386 Body pattern to stop a specific HTML browser vulnerability
387 exploit.
388
389 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
390 <a href="postconf.5.html#body_checks">body_checks</a> = <a href="regexp_table.5.html">regexp</a>:/etc/postfix/body_checks
391
392 /etc/postfix/body_checks:
393 /^&lt;iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0&gt;$/
394 REJECT IFRAME vulnerability exploit
395
396 <b>SEE ALSO</b>
397 <a href="cleanup.8.html">cleanup(8)</a>, canonicalize and enqueue Postfix message
398 <a href="pcre_table.5.html">pcre_table(5)</a>, format of PCRE lookup tables
399 <a href="regexp_table.5.html">regexp_table(5)</a>, format of POSIX regular expression tables
400 <a href="postconf.1.html">postconf(1)</a>, Postfix configuration utility
401 <a href="postmap.1.html">postmap(1)</a>, Postfix lookup table management
402 <a href="postsuper.1.html">postsuper(1)</a>, Postfix janitor
403 <a href="postcat.1.html">postcat(1)</a>, show Postfix queue file contents
404 <a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a>, base64 and quoted-printable encoding rules
405 <a href="http://tools.ietf.org/html/rfc2047">RFC 2047</a>, message header encoding for non-ASCII text
406
407 <b>README FILES</b>
408 <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
409 <a href="CONTENT_INSPECTION_README.html">CONTENT_INSPECTION_README</a>, Postfix content inspection overview
410 <a href="BUILTIN_FILTER_README.html">BUILTIN_FILTER_README</a>, Postfix built-in content inspection
411 <a href="BACKSCATTER_README.html">BACKSCATTER_README</a>, blocking returned forged mail
412
413 <b>LICENSE</b>
414 The Secure Mailer license must be distributed with this
415 software.
416
417 <b>AUTHOR(S)</b>
418 Wietse Venema
419 IBM T.J. Watson Research
420 P.O. Box 704
421 Yorktown Heights, NY 10598, USA
422
423 HEADER_CHECKS(5)
424 </pre> </body> </html>
NetBSD on the FriendlyARM MINI2440