diff options
Diffstat (limited to '')
-rw-r--r-- | html/header_checks.5.html | 490 |
1 files changed, 490 insertions, 0 deletions
diff --git a/html/header_checks.5.html b/html/header_checks.5.html new file mode 100644 index 0000000..6bb114a --- /dev/null +++ b/html/header_checks.5.html @@ -0,0 +1,490 @@ +<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" + "http://www.w3.org/TR/html4/loose.dtd"> +<html> <head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +<link rel='stylesheet' type='text/css' href='postfix-doc.css'> +<title> Postfix manual - header_checks(5) </title> +</head> <body> <pre> +HEADER_CHECKS(5) HEADER_CHECKS(5) + +<b>NAME</b> + <a href="postconf.5.html#header_checks">header_checks</a> - Postfix built-in content inspection + +<b>SYNOPSIS</b> + <b><a href="postconf.5.html#header_checks">header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/header_checks</b> + <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/mime_header_checks</b> + <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/nested_header_checks</b> + <b><a href="postconf.5.html#body_checks">body_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/body_checks</b> + + <b><a href="postconf.5.html#milter_header_checks">milter_header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/<a href="postconf.5.html#milter_header_checks">milter_header_checks</a></b> + + <b><a href="postconf.5.html#smtp_header_checks">smtp_header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/smtp_header_checks</b> + <b><a href="postconf.5.html#smtp_mime_header_checks">smtp_mime_header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/smtp_mime_header_checks</b> + <b><a href="postconf.5.html#smtp_nested_header_checks">smtp_nested_header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/smtp_nested_header_checks</b> + <b><a href="postconf.5.html#smtp_body_checks">smtp_body_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/smtp_body_checks</b> + + <b>postmap -q "</b><i>string</i><b>" <a href="pcre_table.5.html">pcre</a>:/etc/postfix/</b><i>filename</i> + <b>postmap -q - <a href="pcre_table.5.html">pcre</a>:/etc/postfix/</b><i>filename</i> <<i>inputfile</i> + +<b>DESCRIPTION</b> + This document describes access control on the content of message head- + ers and message body lines; it is implemented by the Postfix <a href="cleanup.8.html"><b>cleanup</b>(8)</a> + server before mail is queued. See <a href="access.5.html"><b>access</b>(5)</a> for access control on + remote SMTP client information. + + Each message header or message body line is compared against a list of + patterns. When a match is found the corresponding action is executed, + and the matching process is repeated for the next message header or + message body line. + + Note: message headers are examined one logical header at a time, even + when a message header spans multiple lines. Body lines are always exam- + ined one line at a time. + + For examples, see the EXAMPLES section at the end of this manual page. + + Postfix header or <a href="postconf.5.html#body_checks">body_checks</a> are designed to stop a flood of mail from + worms or viruses; they do not decode attachments, and they do not unzip + archives. See the documents referenced below in the README FILES sec- + tion if you need more sophisticated content analysis. + +<b>FILTERS WHILE RECEIVING MAIL</b> + Postfix implements the following four built-in content inspection + classes while receiving mail: + + <b><a href="postconf.5.html#header_checks">header_checks</a></b> (default: empty) + These are applied to initial message headers (except for the + headers that are processed with <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>). + + <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>) + These are applied to MIME related message headers only. + + This feature is available in Postfix 2.0 and later. + + <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>) + These are applied to message headers of attached email messages + (except for the headers that are processed with + <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>). + + This feature is available in Postfix 2.0 and later. + + <b><a href="postconf.5.html#body_checks">body_checks</a></b> + These are applied to all other content, including multi-part + message boundaries. + + With Postfix versions before 2.0, all content after the initial + message headers is treated as body content. + +<b>FILTERS AFTER RECEIVING MAIL</b> + Postfix supports a subset of the built-in content inspection classes + after the message is received: + + <b><a href="postconf.5.html#milter_header_checks">milter_header_checks</a></b> (default: empty) + These are applied to headers that are added with Milter applica- + tions. + + This feature is available in Postfix 2.7 and later. + +<b>FILTERS WHILE DELIVERING MAIL</b> + Postfix supports all four content inspection classes while delivering + mail via SMTP. + + <b><a href="postconf.5.html#smtp_header_checks">smtp_header_checks</a></b> (default: empty) + + <b><a href="postconf.5.html#smtp_mime_header_checks">smtp_mime_header_checks</a></b> (default: empty) + + <b><a href="postconf.5.html#smtp_nested_header_checks">smtp_nested_header_checks</a></b> (default: empty) + + <b><a href="postconf.5.html#smtp_body_checks">smtp_body_checks</a></b> (default: empty) + These features are available in Postfix 2.5 and later. + +<b>COMPATIBILITY</b> + With Postfix version 2.2 and earlier specify "<b>postmap -fq</b>" to query a + table that contains case sensitive patterns. By default, <a href="regexp_table.5.html">regexp</a>: and + <a href="pcre_table.5.html">pcre</a>: patterns are case insensitive. + +<b>TABLE FORMAT</b> + This document assumes that header and <a href="postconf.5.html#body_checks">body_checks</a> rules are specified + in the form of Postfix regular expression lookup tables. Usually the + best performance is obtained with <b>pcre</b> (Perl Compatible Regular Expres- + sion) tables. The <b>regexp</b> (POSIX regular expressions) tables are usually + slower, but more widely available. Use the command "<b>postconf -m</b>" to + find out what lookup table types your Postfix system supports. + + The general format of Postfix regular expression tables is given below. + For a discussion of specific pattern or flags syntax, see <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a> + or <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a>, respectively. + + <b>/</b><i>pattern</i><b>/</b><i>flags action</i> + When /<i>pattern</i>/ matches the input string, execute the correspond- + ing <i>action</i>. See below for a list of possible actions. + + <b>!/</b><i>pattern</i><b>/</b><i>flags action</i> + When /<i>pattern</i>/ does <b>not</b> match the input string, execute the cor- + responding <i>action</i>. + + <b>if /</b><i>pattern</i><b>/</b><i>flags</i> + + <b>endif</b> If the input string matches /<i>pattern</i>/, then match that input + string against the patterns between <b>if</b> and <b>endif</b>. The <b>if</b>..<b>endif</b> + can nest. + + Note: do not prepend whitespace to patterns inside <b>if</b>..<b>endif</b>. + + <b>if !/</b><i>pattern</i><b>/</b><i>flags</i> + + <b>endif</b> If the input string does not match /<i>pattern</i>/, then match that + input string against the patterns between <b>if</b> and <b>endif</b>. The + <b>if</b>..<b>endif</b> can nest. + + blank lines and comments + Empty lines and whitespace-only lines are ignored, as are lines + whose first non-whitespace character is a `#'. + + multi-line text + A pattern/action line starts with non-whitespace text. A line + that starts with whitespace continues a logical line. + +<b>TABLE SEARCH ORDER</b> + For each line of message input, the patterns are applied in the order + as specified in the table. When a pattern is found that matches the + input line, the corresponding action is executed and then the next + input line is inspected. + +<b>TEXT SUBSTITUTION</b> + Substitution of substrings from the matched expression into the <i>action</i> + string is possible using the conventional Perl syntax (<b>$1</b>, <b>$2</b>, etc.). + The macros in the result string may need to be written as <b>${n}</b> or <b>$(n)</b> + if they aren't followed by whitespace. + + Note: since negated patterns (those preceded by <b>!</b>) return a result when + the expression does not match, substitutions are not available for + negated patterns. + +<b>ACTIONS</b> + Action names are case insensitive. They are shown in upper case for + consistency with other Postfix documentation. + + <b>BCC</b> <i>user@domain</i> + Add the specified address as a BCC recipient, and inspect the + next input line. The address must have a local part and domain + part. The number of BCC addresses that can be added is limited + only by the amount of available storage space. + + Note 1: the BCC address is added as if it was specified with + NOTIFY=NONE. The sender will not be notified when the BCC + address is undeliverable, as long as all down-stream software + implements <a href="https://tools.ietf.org/html/rfc3461">RFC 3461</a>. + + Note 2: this ignores duplicate addresses (with the same delivery + status notification options). + + This feature is available in Postfix 3.0 and later. + + This feature is not supported with smtp header/body checks. + + <b>DISCARD</b> <i>optional text...</i> + Claim successful delivery and silently discard the message. Do + not inspect the remainder of the input message. Log the + optional text if specified, otherwise log a generic message. + + Note: this action disables further header or <a href="postconf.5.html#body_checks">body_checks</a> inspec- + tion of the current message and affects all recipients. To dis- + card only one recipient without discarding the entire message, + use the <a href="transport.5.html">transport(5)</a> table to direct mail to the <a href="discard.8.html">discard(8)</a> ser- + vice. + + This feature is available in Postfix 2.0 and later. + + This feature is not supported with smtp header/body checks. + + <b>DUNNO</b> Pretend that the input line did not match any pattern, and + inspect the next input line. This action can be used to shorten + the table search. + + For backwards compatibility reasons, Postfix also accepts <b>OK</b> but + it is (and always has been) treated as <b>DUNNO</b>. + + This feature is available in Postfix 2.1 and later. + + <b>FILTER</b> <i>transport:destination</i> + Override the <a href="postconf.5.html#content_filter">content_filter</a> parameter setting, and inspect the + next input line. After the message is queued, send the entire + message through the specified external content filter. The + <i>transport</i> name specifies the first field of a mail delivery + agent definition in <a href="master.5.html">master.cf</a>; the syntax of the next-hop <i>desti-</i> + <i>nation</i> is described in the manual page of the corresponding + delivery agent. More information about external content filters + is in the Postfix <a href="FILTER_README.html">FILTER_README</a> file. + + Note 1: do not use $<i>number</i> regular expression substitutions for + <i>transport</i> or <i>destination</i> unless you know that the information + has a trusted origin. + + Note 2: this action overrides the <a href="postconf.5.html">main.cf</a> <b><a href="postconf.5.html#content_filter">content_filter</a></b> set- + ting, and affects all recipients of the message. In the case + that multiple <b>FILTER</b> actions fire, only the last one is exe- + cuted. + + Note 3: the purpose of the FILTER command is to override message + routing. To override the recipient's <i>transport</i> but not the + next-hop <i>destination</i>, specify an empty filter <i>destination</i> (Post- + fix 2.7 and later), or specify a <i>transport:destination</i> that + delivers through a different Postfix instance (Postfix 2.6 and + earlier). Other options are using the recipient-dependent <b><a href="postconf.5.html#transport_maps">trans</a>-</b> + <b><a href="postconf.5.html#transport_maps">port_maps</a></b> or the sender-dependent <b><a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default-</b> + <b>_transport_maps</a></b> features. + + This feature is available in Postfix 2.0 and later. + + This feature is not supported with smtp header/body checks. + + <b>HOLD</b> <i>optional text...</i> + Arrange for the message to be placed on the <b>hold</b> queue, and + inspect the next input line. The message remains on <b>hold</b> until + someone either deletes it or releases it for delivery. Log the + optional text if specified, otherwise log a generic message. + + Mail that is placed on hold can be examined with the <a href="postcat.1.html"><b>postcat</b>(1)</a> + command, and can be destroyed or released with the <a href="postsuper.1.html"><b>postsuper</b>(1)</a> + command. + + Note: use "<b>postsuper -r</b>" to release mail that was kept on hold + for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a></b> or + <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b>, or longer. Use "<b>postsuper -H</b>" only for + mail that will not expire within a few delivery attempts. + + Note: this action affects all recipients of the message. + + This feature is available in Postfix 2.0 and later. + + This feature is not supported with smtp header/body checks. + + <b>IGNORE</b> Delete the current line from the input, and inspect the next + input line. See <b>STRIP</b> for an alternative that logs the action. + + <b>INFO</b> <i>optional text...</i> + Log an "info:" record with the <i>optional text...</i> (or log a + generic text), and inspect the next input line. This action is + useful for routine logging or for debugging. + + This feature is available in Postfix 2.8 and later. + + <b>PASS</b> <i>optional text...</i> + Log a "pass:" record with the <i>optional text...</i> (or log a generic + text), and turn off header, body, and Milter inspection for the + remainder of this message. + + Note: this feature relies on trust in information that is easy + to forge. + + This feature is available in Postfix 3.2 and later. + + This feature is not supported with smtp header/body checks. + + <b>PREPEND</b> <i>text...</i> + Prepend one line with the specified text, and inspect the next + input line. + + Notes: + + <b>o</b> The prepended text is output on a separate line, immedi- + ately before the input that triggered the <b>PREPEND</b> action. + + <b>o</b> The prepended text is not considered part of the input + stream: it is not subject to header/body checks or + address rewriting, and it does not affect the way that + Postfix adds missing message headers. + + <b>o</b> When prepending text before a message header line, the + prepended text must begin with a valid message header + label. + + <b>o</b> This action cannot be used to prepend multi-line text. + + This feature is available in Postfix 2.1 and later. + + This feature is not supported with <a href="postconf.5.html#milter_header_checks">milter_header_checks</a>. + + <b>REDIRECT</b> <i>user@domain</i> + Write a message redirection request to the queue file, and + inspect the next input line. After the message is queued, it + will be sent to the specified address instead of the intended + recipient(s). + + Note: this action overrides the <b>FILTER</b> action, and affects all + recipients of the message. If multiple <b>REDIRECT</b> actions fire, + only the last one is executed. + + This feature is available in Postfix 2.1 and later. + + This feature is not supported with smtp header/body checks. + + <b>REPLACE</b> <i>text...</i> + Replace the current line with the specified text, and inspect + the next input line. + + This feature is available in Postfix 2.2 and later. The descrip- + tion below applies to Postfix 2.2.2 and later. + + Notes: + + <b>o</b> When replacing a message header line, the replacement + text must begin with a valid header label. + + <b>o</b> The replaced text remains part of the input stream. + Unlike the result from the <b>PREPEND</b> action, a replaced + message header may be subject to address rewriting and + may affect the way that Postfix adds missing message + headers. + + <b>REJECT</b> <i>optional text...</i> + Reject the entire message. Do not inspect the remainder of the + input message. Reply with <i>optional text...</i> when the optional + text is specified, otherwise reply with a generic error message. + + Note: this action disables further header or <a href="postconf.5.html#body_checks">body_checks</a> inspec- + tion of the current message and affects all recipients. + + Postfix version 2.3 and later support enhanced status codes. + When no code is specified at the beginning of <i>optional text...</i>, + Postfix inserts a default enhanced status code of "5.7.1". + + This feature is not supported with smtp header/body checks. + + <b>STRIP</b> <i>optional text...</i> + Log a "strip:" record with the <i>optional text...</i> (or log a + generic text), delete the input line from the input, and inspect + the next input line. See <b>IGNORE</b> for a silent alternative. + + This feature is available in Postfix 3.2 and later. + + <b>WARN</b> <i>optional text...</i> + Log a "warning:" record with the <i>optional text...</i> (or log a + generic text), and inspect the next input line. This action is + useful for debugging and for testing a pattern before applying + more drastic actions. + +<b>BUGS</b> + Empty lines never match, because some map types mis-behave when given a + zero-length search string. This limitation may be removed for regular + expression tables in a future release. + + Many people overlook the main limitations of header and <a href="postconf.5.html#body_checks">body_checks</a> + rules. + + <b>o</b> These rules operate on one logical message header or one body + line at a time. A decision made for one line is not carried over + to the next line. + + <b>o</b> If text in the message body is encoded (<a href="https://tools.ietf.org/html/rfc2045">RFC 2045</a>) then the rules + need to be specified for the encoded form. + + <b>o</b> Likewise, when message headers are encoded (<a href="https://tools.ietf.org/html/rfc2047">RFC 2047</a>) then the + rules need to be specified for the encoded form. + + Message headers added by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon itself are excluded from + inspection. Examples of such message headers are <b>From:</b>, <b>To:</b>, <b>Mes-</b> + <b>sage-ID:</b>, <b>Date:</b>. + + Message headers deleted by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon will be examined + before they are deleted. Examples are: <b>Bcc:</b>, <b>Content-Length:</b>, + <b>Return-Path:</b>. + +<b>CONFIGURATION PARAMETERS</b> + <b><a href="postconf.5.html#body_checks">body_checks</a></b> + Lookup tables with content filter rules for message body lines. + These filters see one physical line at a time, in chunks of at + most <b>$<a href="postconf.5.html#line_length_limit">line_length_limit</a></b> bytes. + + <b><a href="postconf.5.html#body_checks_size_limit">body_checks_size_limit</a></b> + The amount of content per message body segment (attachment) that + is subjected to <b>$<a href="postconf.5.html#body_checks">body_checks</a></b> filtering. + + <b><a href="postconf.5.html#header_checks">header_checks</a></b> + + <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>) + + <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>) + Lookup tables with content filter rules for message header + lines: respectively, these are applied to the initial message + headers (not including MIME headers), to the MIME headers any- + where in the message, and to the initial headers of attached + messages. + + Note: these filters see one logical message header at a time, + even when a message header spans multiple lines. Message headers + that are longer than <b>$<a href="postconf.5.html#header_size_limit">header_size_limit</a></b> characters are trun- + cated. + + <b><a href="postconf.5.html#disable_mime_input_processing">disable_mime_input_processing</a></b> + While receiving mail, give no special treatment to MIME related + message headers; all text after the initial message headers is + considered to be part of the message body. This means that + <b><a href="postconf.5.html#header_checks">header_checks</a></b> is applied to all the initial message headers, and + that <b><a href="postconf.5.html#body_checks">body_checks</a></b> is applied to the remainder of the message. + + Note: when used in this manner, <b><a href="postconf.5.html#body_checks">body_checks</a></b> will process a + multi-line message header one line at a time. + +<b>EXAMPLES</b> + Header pattern to block attachments with bad file name extensions. For + convenience, the PCRE /x flag is specified, so that there is no need to + collapse the pattern into a single line of text. The purpose of the + [[:xdigit:]] sub-expressions is to recognize Windows CLSID strings. + + /etc/postfix/<a href="postconf.5.html">main.cf</a>: + <a href="postconf.5.html#header_checks">header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/header_checks.pcre + + /etc/postfix/header_checks.<a href="pcre_table.5.html">pcre</a>: + /^Content-(Disposition|Type).*name\s*=\s*"?([^;]*(\.|=2E)( + ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe| + hlp|ht[at]| + inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws| + \{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}| + ops|pcd|pif|prf|reg|sc[frt]|sh[bsm]|swf| + vb[esx]?|vxd|ws[cfh]))(\?=)?"?\s*(;|$)/x + REJECT Attachment name "$2" may not end with ".$4" + + Body pattern to stop a specific HTML browser vulnerability exploit. + + /etc/postfix/<a href="postconf.5.html">main.cf</a>: + <a href="postconf.5.html#body_checks">body_checks</a> = <a href="regexp_table.5.html">regexp</a>:/etc/postfix/body_checks + + /etc/postfix/body_checks: + /^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/ + REJECT IFRAME vulnerability exploit + +<b>SEE ALSO</b> + <a href="cleanup.8.html">cleanup(8)</a>, canonicalize and enqueue Postfix message + <a href="pcre_table.5.html">pcre_table(5)</a>, format of PCRE lookup tables + <a href="regexp_table.5.html">regexp_table(5)</a>, format of POSIX regular expression tables + <a href="postconf.1.html">postconf(1)</a>, Postfix configuration utility + <a href="postmap.1.html">postmap(1)</a>, Postfix lookup table management + <a href="postsuper.1.html">postsuper(1)</a>, Postfix janitor + <a href="postcat.1.html">postcat(1)</a>, show Postfix queue file contents + <a href="https://tools.ietf.org/html/rfc2045">RFC 2045</a>, base64 and quoted-printable encoding rules + <a href="https://tools.ietf.org/html/rfc2047">RFC 2047</a>, message header encoding for non-ASCII text + +<b>README FILES</b> + <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview + <a href="CONTENT_INSPECTION_README.html">CONTENT_INSPECTION_README</a>, Postfix content inspection overview + <a href="BUILTIN_FILTER_README.html">BUILTIN_FILTER_README</a>, Postfix built-in content inspection + <a href="BACKSCATTER_README.html">BACKSCATTER_README</a>, blocking returned forged mail + +<b>LICENSE</b> + The Secure Mailer license must be distributed with this software. + +<b>AUTHOR(S)</b> + Wietse Venema + IBM T.J. Watson Research + P.O. Box 704 + Yorktown Heights, NY 10598, USA + + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + + HEADER_CHECKS(5) +</pre> </body> </html> |