1
# HEADER_CHECKS(5) HEADER_CHECKS(5)
4
# header_checks - Postfix built-in header/body inspection
7
# header_checks = pcre:/etc/postfix/header_checks
8
# mime_header_checks = pcre:/etc/postfix/mime_header_checks
9
# nested_header_checks = pcre:/etc/postfix/nested_header_checks
10
# body_checks = pcre:/etc/postfix/body_checks
12
# postmap -fq "string" pcre:/etc/postfix/filename
13
# postmap -fq - pcre:/etc/postfix/filename <inputfile
16
# Postfix provides a simple built-in content inspection
17
# mechanism that examines incoming mail one message header
18
# or one message body line at a time. Each input is compared
19
# against a list of patterns, and when a match is found the
20
# corresponding action is executed. This feature is imple-
21
# mented by the Postfix cleanup(8) server.
23
# For examples, see the EXAMPLES section at the end of this
26
# Postfix header or body_checks are designed to stop a flood
27
# of mail from worms or viruses; they do not decode attach-
28
# ments, and they do not unzip archives. See the documents
29
# referenced below in the README FILES section if you need
30
# more sophisticated content analysis.
32
# Postfix supports four built-in content inspection classes:
35
# These are applied to initial message headers
36
# (except for the headers that are processed with
37
# mime_header_checks).
39
# mime_header_checks (default: $header_checks)
40
# These are applied to MIME related message headers
43
# This feature is available in Postfix 2.0 and later.
45
# nested_header_checks (default: $header_checks)
46
# These are applied to message headers of attached
47
# email messages (except for the headers that are
48
# processed with mime_header_checks).
50
# This feature is available in Postfix 2.0 and later.
53
# These are applied to all other content, including
54
# multi-part message boundaries.
56
# With Postfix versions before 2.0, all content after
57
# the initial message headers is treated as body con-
60
# Note: message headers are examined one logical header at a
61
# time, even when a message header spans multiple lines.
62
# Body lines are always examined one line at a time.
65
# This document assumes that header and body_checks rules
66
# are specified in the form of Postfix regular expression
67
# lookup tables. Usually the best performance is obtained
68
# with pcre (Perl Compatible Regular Expression) tables, but
69
# the slower regexp (POSIX regular expressions) support is
70
# more widely available. Use the command postconf -m to
71
# find out what lookup table types your Postfix system sup-
74
# The general format of Postfix regular expression tables is
75
# given below. For a discussion of specific pattern or
76
# flags syntax, see pcre_table(5) or regexp_table(5),
79
# /pattern/flags action
80
# When pattern matches the input string, execute the
81
# corresponding action. See below for a list of pos-
84
# !/pattern/flags action
85
# When pattern does not match the input string, exe-
86
# cute the corresponding action.
90
# endif Match the input string against the patterns between
91
# if and endif, if and only if the input string also
92
# matches pattern. The if..endif can nest.
94
# Note: do not prepend whitespace to patterns inside
99
# endif Match the input string against the patterns between
100
# if and endif, if and only if the input string does
101
# not match pattern. The if..endif can nest.
103
# blank lines and comments
104
# Empty lines and whitespace-only lines are ignored,
105
# as are lines whose first non-whitespace character
109
# A pattern/action line starts with non-whitespace
110
# text. A line that starts with whitespace continues
114
# For each line of message input, the patterns are applied
115
# in the order as specified in the table. When a pattern is
116
# found that matches the input line, the corresponding
117
# action is executed and then the next input line is
121
# Substitution of substrings from the matched expression
122
# into the action string is possible using the conventional
123
# Perl syntax ($1, $2, etc.). The macros in the result
124
# string may need to be written as ${n} or $(n) if they
125
# aren't followed by whitespace.
127
# Note: since negated patterns (those preceded by !) return
128
# a result when the expression does not match, substitutions
129
# are not available for negated patterns.
132
# Action names are case insensitive. They are shown in upper
133
# case for consistency with other Postfix documentation.
135
# DISCARD optional text...
136
# Claim successful delivery and silently discard the
137
# message. Log the optional text if specified, oth-
138
# erwise log a generic message.
140
# Note: this action disables further header or
141
# body_checks inspection of the current message and
142
# affects all recipients.
144
# This feature is available in Postfix 2.0 and later.
146
# DUNNO Pretend that the input line did not match any pat-
147
# tern, and inspect the next input line. This action
148
# can be used to shorten the table search.
150
# For backwards compatibility reasons, Postfix also
151
# accepts OK but it is (and always has been) treated
154
# This feature is available in Postfix 2.1 and later.
156
# FILTER transport:destination
157
# Write a content filter request to the queue file
158
# and inspect the next input line. After the com-
159
# plete message is received it will be sent through
160
# the specified external content filter. More infor-
161
# mation about external content filters is in the
162
# Postfix FILTER_README file.
164
# Note: this action overrides the main.cf con-
165
# tent_filter setting, and affects all recipients of
166
# the message. In the case that multiple FILTER
167
# actions fire, only the last one is executed.
169
# This feature is available in Postfix 2.0 and later.
171
# HOLD optional text...
172
# Arrange for the message to be placed on the hold
173
# queue, and inspect the next input line. The mes-
174
# sage remains on hold until someone either deletes
175
# it or releases it for delivery. Log the optional
176
# text if specified, otherwise log a generic message.
178
# Mail that is placed on hold can be examined with
179
# the postcat(1) command, and can be destroyed or
180
# released with the postsuper(1) command.
182
# Note: this action affects all recipients of the
185
# This feature is available in Postfix 2.0 and later.
187
# IGNORE Delete the current line from the input and inspect
188
# the next input line.
191
# Prepend one line with the specified text and
192
# inspect the next input line.
194
# Note: the prepended text is output immediately
195
# before the input that triggered the PREPEND action.
196
# A body action cannot prepend a message header.
198
# Note: this action cannot be used to prepend multi-
201
# This feature is available in Postfix 2.1 and later.
203
# REDIRECT user@domain
204
# Write a message redirection request to the queue
205
# file and inspect the next input line. After the
206
# message is queued, it will be sent to the specified
207
# address instead of the intended recipient(s).
209
# Note: this action overrides the FILTER action, and
210
# affects all recipients of the message. If multiple
211
# REDIRECT actions fire, only the last one is exe-
214
# This feature is available in Postfix 2.1 and later.
216
# REJECT optional text...
217
# Reject the entire message. Reply with optional
218
# text... when the optional text is specified, other-
219
# wise reply with a generic error message.
221
# Note: this action disables further header or
222
# body_checks inspection of the current message and
223
# affects all recipients.
225
# WARN optional text...
226
# Log a warning with the optional text... (or log a
227
# generic message) and inspect the next input line.
228
# This action is useful for debugging and for testing
229
# a pattern before applying more drastic actions.
232
# Many people overlook the main limitations of header and
233
# body_checks rules. These rules operate on one logical
234
# message header or one body line at a time, and a decision
235
# made for one line is not carried over to the next line.
236
# If text in the message body is encoded (RFC 2045) then the
237
# rules have to specified for the encoded form. Likewise,
238
# when message headers are encoded (RFC 2047) then the rules
239
# need to be specified for the encoded form.
241
# Message headers added by the cleanup(8) daemon itself are
242
# excluded from inspection. Examples of such message headers
243
# are From:, To:, Message-ID:, Date:.
245
# Message headers deleted by the cleanup(8) daemon will be
246
# examined before they are deleted. Examples are: Bcc:, Con-
247
# tent-Length:, Return-Path:.
249
# CONFIGURATION PARAMETERS
251
# Lookup tables with content filter rules for message
252
# body lines. These filters see one physical line at
253
# a time, in chunks of at most $line_length_limit
256
# body_checks_size_limit
257
# The amount of content per message body segment
258
# (attachment) that is subjected to $body_checks fil-
263
# mime_header_checks (default: $header_checks)
265
# nested_header_checks (default: $header_checks)
266
# Lookup tables with content filter rules for message
267
# header lines: respectively, these are applied to
268
# the initial message headers (not including MIME
269
# headers), to the MIME headers anywhere in the mes-
270
# sage, and to the initial headers of attached mes-
273
# Note: these filters see one logical message header
274
# at a time, even when a message header spans multi-
275
# ple lines. Message headers that are longer than
276
# $header_size_limit characters are truncated.
278
# disable_mime_input_processing
279
# While receiving mail, give no special treatment to
280
# MIME related message headers; all text after the
281
# initial message headers is considered to be part of
282
# the message body. This means that header_checks is
283
# applied to all the initial message headers, and
284
# that body_checks is applied to the remainder of the
287
# Note: when used in this manner, body_checks will
288
# process a multi-line message header one line at a
292
# Header pattern to block attachments with bad file name
295
# /etc/postfix/main.cf:
296
# header_checks = regexp:/etc/postfix/header_checks
298
# /etc/postfix/header_checks:
299
# /^content-(type|disposition):.*name[[:space:]]*=.*\.(exe|vbs)/
300
# REJECT Bad attachment file name extension: $2
302
# Body pattern to stop a specific HTML browser vulnerability
305
# /etc/postfix/main.cf:
306
# body_checks = regexp:/etc/postfix/body_checks
308
# /etc/postfix/body_checks:
309
# /^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/
310
# REJECT IFRAME vulnerability exploit
313
# cleanup(8), canonicalize and enqueue Postfix message
314
# pcre_table(5), format of PCRE lookup tables
315
# regexp_table(5), format of POSIX regular expression tables
316
# postconf(1), Postfix configuration utility
317
# postmap(1), Postfix lookup table management
318
# postsuper(1), Postfix janitor
319
# postcat(1), show Postfix queue file contents
320
# RFC 2045, base64 and quoted-printable encoding rules
321
# RFC 2047, message header encoding for non-ASCII text
324
# Use "postconf readme_directory" or "postconf html_direc-
325
# tory" to locate this information.
326
# DATABASE_README, Postfix lookup table overview
327
# CONTENT_INSPECTION_README, Postfix content inspection overview
328
# BUILTIN_FILTER_README, Postfix built-in content inspection
329
# BACKSCATTER_README, blocking returned forged mail
332
# The Secure Mailer license must be distributed with this
337
# IBM T.J. Watson Research
339
# Yorktown Heights, NY 10598, USA