#++ # NAME # header_checks 5 # SUMMARY # Postfix built-in header/body inspection # SYNOPSIS # \fBheader_checks = pcre:/etc/postfix/header_checks\fR # .br # \fBmime_header_checks = pcre:/etc/postfix/mime_header_checks\fR # .br # \fBnested_header_checks = pcre:/etc/postfix/nested_header_checks\fR # .br # \fBbody_checks = pcre:/etc/postfix/body_checks\fR # .sp # \fBpostmap -fq "\fIstring\fB" pcre:/etc/postfix/\fIfilename\fR # .br # \fBpostmap -fq - pcre:/etc/postfix/\fIfilename\fR <\fIinputfile\fR # DESCRIPTION # Postfix provides a simple built-in content inspection mechanism that # examines incoming mail one message header or one message body line # at a time. Each input is compared against a list of patterns, and # when a match is found the corresponding action is executed. # This feature is implemented by the Postfix \fBcleanup\fR(8) server. # # For examples, see the EXAMPLES section at the end of this # manual page. # # Postfix header or body_checks are designed to stop a flood of mail # from worms or viruses; they do not decode attachments, and they do # not unzip archives. See the documents referenced below in the README # FILES section if you need more sophisticated content analysis. # # Postfix supports four built-in content inspection classes: # .IP \fBheader_checks\fR # These are applied to initial message headers (except for # the headers that are processed with \fBmime_header_checks\fR). # .IP "\fBmime_header_checks\fR (default: \fB$header_checks\fR)" # These are applied to MIME related message headers only. # .sp # This feature is available in Postfix 2.0 and later. # .IP "\fBnested_header_checks\fR (default: \fB$header_checks\fR)" # These are applied to message headers of attached email # messages (except for the headers that are processed with # \fBmime_header_checks\fR). # .sp # This feature is available in Postfix 2.0 and later. # .IP \fBbody_checks\fR # These are applied to all other content, including multi-part # message boundaries. # .sp # With Postfix versions before 2.0, all content after the initial # message headers is treated as body content. # .PP # Note: message headers are examined one logical header at a time, # even when a message header spans multiple lines. Body lines are # always examined one line at a time. # TABLE FORMAT # .ad # .fi # This document assumes that header and body_checks rules are specified # in the form of Postfix regular expression lookup tables. Usually the # best performance is obtained with \fBpcre\fR (Perl Compatible Regular # Expression) tables, but the slower \fBregexp\fR (POSIX regular # expressions) support is more widely available. # Use the command \fBpostconf -m\fR to find out what lookup table # types your Postfix system supports. # # The general format of Postfix regular expression tables is # given below. # For a discussion of specific pattern or flags syntax, # see \fBpcre_table\fR(5) or \fBregexp_table\fR(5), respectively. # .IP "\fB/\fIpattern\fB/\fIflags action\fR" # When \fIpattern\fR matches the input string, execute # the corresponding \fIaction\fR. See below for a list # of possible actions. # .IP "\fB!/\fIpattern\fB/\fIflags action\fR" # When \fIpattern\fR does \fBnot\fR match the input string, # execute the corresponding \fIaction\fR. # .IP "\fBif /\fIpattern\fB/\fIflags\fR" # .IP "\fBendif\fR" # Match the input string against the patterns between \fBif\fR # and \fBendif\fR, if and only if the input string also matches # \fIpattern\fR. The \fBif\fR..\fBendif\fR can nest. # .sp # Note: do not prepend whitespace to patterns inside # \fBif\fR..\fBendif\fR. # .IP "\fBif !/\fIpattern\fB/\fIflags\fR" # .IP "\fBendif\fR" # Match the input string against the patterns between \fBif\fR # and \fBendif\fR, if and only if the input string does \fBnot\fR # match \fIpattern\fR. The \fBif\fR..\fBendif\fR can nest. # .IP "blank lines and comments" # Empty lines and whitespace-only lines are ignored, as # are lines whose first non-whitespace character is a `#'. # .IP "multi-line text" # A pattern/action line starts with non-whitespace text. A line that # starts with whitespace continues a logical line. # TABLE SEARCH ORDER # .ad # .fi # For each line of message input, the patterns are applied in the # order as specified in the table. When a pattern is found that matches # the input line, the corresponding action is executed and then the # next input line is inspected. # TEXT SUBSTITUTION # .ad # .fi # Substitution of substrings from the matched expression into the # \fIaction\fR # string is possible using the conventional Perl syntax ($1, $2, etc.). # The macros in the result string may need to be written as ${n} # or $(n) if they aren't followed by whitespace. # # Note: since negated patterns (those preceded by \fB!\fR) return a # result when the expression does not match, substitutions are not # available for negated patterns. # ACTIONS # .ad # .fi # Action names are case insensitive. They are shown in upper case # for consistency with other Postfix documentation. # .IP "\fBDISCARD \fIoptional text...\fR" # Claim successful delivery and silently discard the message. # Log the optional text if specified, otherwise log a generic # message. # .sp # Note: this action disables further header or body_checks inspection # of the current message and affects all recipients. # .sp # This feature is available in Postfix 2.0 and later. # .IP \fBDUNNO\fR # Pretend that the input line did not match any pattern, and inspect the # next input line. This action can be used to shorten the table search. # .sp # For backwards compatibility reasons, Postfix also accepts # \fBOK\fR but it is (and always has been) treated as \fBDUNNO\fR. # .sp # This feature is available in Postfix 2.1 and later. # .IP "\fBFILTER \fItransport:destination\fR" # Write a content filter request to the queue file and # inspect the next input line. # After the complete message is received it will be sent through # the specified external content filter. More information about # external content filters is in the Postfix FILTER_README file. # .sp # Note: this action overrides the \fBmain.cf content_filter\fR setting, # and affects all recipients of the message. In the case that multiple # \fBFILTER\fR actions fire, only the last one is executed. # .sp # This feature is available in Postfix 2.0 and later. # .IP "\fBHOLD \fIoptional text...\fR" # Arrange for the message to be placed on the \fBhold\fR queue, # and inspect the next input line. The message remains on \fBhold\fR # until someone either deletes it or releases it for delivery. # Log the optional text if specified, otherwise log a generic # message. # # Mail that is placed on hold can be examined with the # \fBpostcat\fR(1) command, and can be destroyed or released with # the \fBpostsuper\fR(1) command. # .sp # Note: this action affects all recipients of the message. # .sp # This feature is available in Postfix 2.0 and later. # .IP \fBIGNORE\fR # Delete the current line from the input and inspect # the next input line. # .IP "\fBPREPEND \fItext...\fR" # Prepend one line with the specified text and inspect the next # input line. # .sp # Note: the prepended text is output immediately before the # input that triggered the \fBPREPEND\fR action. A body action # cannot prepend a message header. # .sp # Note: this action cannot be used to prepend multi-line text. # .sp # This feature is available in Postfix 2.1 and later. # .IP "\fBREDIRECT \fIuser@domain\fR" # Write a message redirection request to the queue file and # inspect the next input line. After the message is queued, # it will be sent to the specified address instead of the # intended recipient(s). # .sp # Note: this action overrides the \fBFILTER\fR action, and affects # all recipients of the message. If multiple \fBREDIRECT\fR actions # fire, only the last one is executed. # .sp # This feature is available in Postfix 2.1 and later. # .IP "\fBREJECT \fIoptional text...\fR # Reject the entire message. Reply with \fIoptional text...\fR when # the optional text is specified, otherwise reply with a generic error # message. # .sp # Note: this action disables further header or body_checks inspection # of the current message and affects all recipients. # .IP "\fBWARN \fIoptional text...\fR # Log a warning with the \fIoptional text...\fR (or log a # generic message) and inspect the next input line. This # action is useful for debugging and for testing a pattern # before applying more drastic actions. # BUGS # Many people overlook the main limitations of header and body_checks # rules. These rules operate on one logical message header or one body # line at a time, and a decision made for one line is not carried over # to the next line. If text in the message body is encoded # (RFC 2045) then the rules have to specified for the encoded # form. Likewise, when message headers are encoded (RFC # 2047) then the rules need to be specified for the encoded # form. # # Message headers added by the \fBcleanup\fR(8) daemon itself # are excluded from inspection. Examples of such message headers # are \fBFrom:\fR, \fBTo:\fR, \fBMessage-ID:\fR, \fBDate:\fR. # # Message headers deleted by the \fBcleanup\fR(8) daemon will # be examined before they are deleted. Examples are: \fBBcc:\fr, # \fBContent-Length:\fR, \fBReturn-Path:\fR. # CONFIGURATION PARAMETERS # .ad # .fi # .IP \fBbody_checks\fR # Lookup tables with content filter rules for message body lines. # These filters see one physical line at a time, in chunks of # at most \fB$line_length_limit\fR bytes. # .IP \fBbody_checks_size_limit\fP # The amount of content per message body segment (attachment) that is # subjected to \fB$body_checks\fR filtering. # .IP \fBheader_checks\fR # .IP "\fBmime_header_checks\fR (default: \fB$header_checks\fR)" # .IP "\fBnested_header_checks\fR (default: \fB$header_checks\fR)" # Lookup tables with content filter rules for message header lines: # respectively, these are applied to the initial message headers # (not including MIME headers), to the MIME headers anywhere in # the message, and to the initial headers of attached messages. # .sp # Note: these filters see one logical message header at a time, even # when a message header spans multiple lines. Message headers that # are longer than \fB$header_size_limit\fR characters are truncated. # .IP \fBdisable_mime_input_processing\fR # While receiving mail, give no special treatment to MIME related # message headers; all text after the initial message headers is # considered to be part of the message body. This means that # \fBheader_checks\fR is applied to all the initial message headers, # and that \fBbody_checks\fR is applied to the remainder of the # message. # .sp # Note: when used in this manner, \fBbody_checks\fR will process # a multi-line message header one line at a time. # EXAMPLES # .ad # .fi # Header pattern to block attachments with bad file name extensions. # # .na # .nf # /etc/postfix/main.cf: # .ti +4 # header_checks = regexp:/etc/postfix/header_checks # # /etc/postfix/header_checks: # .ti +4 # /^content-(type|disposition):.*name[[:space:]]*=.*\\.(exe|vbs)/ # .ti +8 # REJECT Bad attachment file name extension: $2 # # .ad # .fi # Body pattern to stop a specific HTML browser vulnerability exploit. # # .na # .nf # /etc/postfix/main.cf: # .ti +4 # body_checks = regexp:/etc/postfix/body_checks # # /etc/postfix/body_checks: # .ti +4 # /^