diff options
Diffstat (limited to 'conf/header_checks')
-rw-r--r-- | conf/header_checks | 549 |
1 files changed, 549 insertions, 0 deletions
diff --git a/conf/header_checks b/conf/header_checks new file mode 100644 index 0000000..bcd96a9 --- /dev/null +++ b/conf/header_checks @@ -0,0 +1,549 @@ +# HEADER_CHECKS(5) HEADER_CHECKS(5) +# +# NAME +# header_checks - Postfix built-in content inspection +# +# SYNOPSIS +# header_checks = pcre:/etc/postfix/header_checks +# mime_header_checks = pcre:/etc/postfix/mime_header_checks +# nested_header_checks = pcre:/etc/postfix/nested_header_checks +# body_checks = pcre:/etc/postfix/body_checks +# +# milter_header_checks = pcre:/etc/postfix/milter_header_checks +# +# smtp_header_checks = pcre:/etc/postfix/smtp_header_checks +# smtp_mime_header_checks = pcre:/etc/postfix/smtp_mime_header_checks +# smtp_nested_header_checks = pcre:/etc/postfix/smtp_nested_header_checks +# smtp_body_checks = pcre:/etc/postfix/smtp_body_checks +# +# postmap -q "string" pcre:/etc/postfix/filename +# postmap -q - pcre:/etc/postfix/filename <inputfile +# +# DESCRIPTION +# This document describes access control on the content of +# message headers and message body lines; it is implemented +# by the Postfix cleanup(8) server before mail is queued. +# See access(5) for access control on remote SMTP client +# information. +# +# Each message header or message body line is compared +# against a list of patterns. When a match is found the +# corresponding action is executed, and the matching process +# is repeated for the next message header or message body +# line. +# +# Note: message headers are examined one logical header at a +# time, even when a message header spans multiple lines. +# Body lines are always examined one line at a time. +# +# For examples, see the EXAMPLES section at the end of this +# manual page. +# +# Postfix header or body_checks are designed to stop a flood +# of mail from worms or viruses; they do not decode attach- +# ments, and they do not unzip archives. See the documents +# referenced below in the README FILES section if you need +# more sophisticated content analysis. +# +# FILTERS WHILE RECEIVING MAIL +# Postfix implements the following four built-in content +# inspection classes while receiving mail: +# +# header_checks (default: empty) +# These are applied to initial message headers +# (except for the headers that are processed with +# mime_header_checks). +# +# mime_header_checks (default: $header_checks) +# These are applied to MIME related message headers +# only. +# +# This feature is available in Postfix 2.0 and later. +# +# nested_header_checks (default: $header_checks) +# These are applied to message headers of attached +# email messages (except for the headers that are +# processed with mime_header_checks). +# +# This feature is available in Postfix 2.0 and later. +# +# body_checks +# These are applied to all other content, including +# multi-part message boundaries. +# +# With Postfix versions before 2.0, all content after +# the initial message headers is treated as body con- +# tent. +# +# FILTERS AFTER RECEIVING MAIL +# Postfix supports a subset of the built-in content inspec- +# tion classes after the message is received: +# +# milter_header_checks (default: empty) +# These are applied to headers that are added with +# Milter applications. +# +# This feature is available in Postfix 2.7 and later. +# +# FILTERS WHILE DELIVERING MAIL +# Postfix supports all four content inspection classes while +# delivering mail via SMTP. +# +# smtp_header_checks (default: empty) +# +# smtp_mime_header_checks (default: empty) +# +# smtp_nested_header_checks (default: empty) +# +# smtp_body_checks (default: empty) +# These features are available in Postfix 2.5 and +# later. +# +# COMPATIBILITY +# With Postfix version 2.2 and earlier specify "postmap -fq" +# to query a table that contains case sensitive patterns. By +# default, regexp: and pcre: patterns are case insensitive. +# +# TABLE FORMAT +# This document assumes that header and body_checks rules +# are specified in the form of Postfix regular expression +# lookup tables. Usually the best performance is obtained +# with pcre (Perl Compatible Regular Expression) tables. The +# regexp (POSIX regular expressions) tables are usually +# slower, but more widely available. Use the command "post- +# conf -m" to find out what lookup table types your Postfix +# system supports. +# +# The general format of Postfix regular expression tables is +# given below. For a discussion of specific pattern or +# flags syntax, see pcre_table(5) or regexp_table(5), +# respectively. +# +# /pattern/flags action +# When /pattern/ matches the input string, execute +# the corresponding action. See below for a list of +# possible actions. +# +# !/pattern/flags action +# When /pattern/ does not match the input string, +# execute the corresponding action. +# +# if /pattern/flags +# +# endif If the input string matches /pattern/, then match +# that input string against the patterns between if +# and endif. The if..endif can nest. +# +# Note: do not prepend whitespace to patterns inside +# if..endif. +# +# if !/pattern/flags +# +# endif If the input string does not match /pattern/, then +# match that input string against the patterns +# between if and endif. The if..endif can nest. +# +# blank lines and comments +# Empty lines and whitespace-only lines are ignored, +# as are lines whose first non-whitespace character +# is a `#'. +# +# multi-line text +# A pattern/action line starts with non-whitespace +# text. A line that starts with whitespace continues +# a logical line. +# +# TABLE SEARCH ORDER +# For each line of message input, the patterns are applied +# in the order as specified in the table. When a pattern is +# found that matches the input line, the corresponding +# action is executed and then the next input line is +# inspected. +# +# TEXT SUBSTITUTION +# Substitution of substrings from the matched expression +# into the action string is possible using the conventional +# Perl syntax ($1, $2, etc.). The macros in the result +# string may need to be written as ${n} or $(n) if they +# aren't followed by whitespace. +# +# Note: since negated patterns (those preceded by !) return +# a result when the expression does not match, substitutions +# are not available for negated patterns. +# +# ACTIONS +# Action names are case insensitive. They are shown in upper +# case for consistency with other Postfix documentation. +# +# BCC user@domain +# Add the specified address as a BCC recipient, and +# inspect the next input line. The address must have +# a local part and domain part. The number of BCC +# addresses that can be added is limited only by the +# amount of available storage space. +# +# Note 1: the BCC address is added as if it was spec- +# ified with NOTIFY=NONE. The sender will not be +# notified when the BCC address is undeliverable, as +# long as all down-stream software implements RFC +# 3461. +# +# Note 2: this ignores duplicate addresses (with the +# same delivery status notification options). +# +# This feature is available in Postfix 3.0 and later. +# +# This feature is not supported with smtp header/body +# checks. +# +# DISCARD optional text... +# Claim successful delivery and silently discard the +# message. Do not inspect the remainder of the input +# message. Log the optional text if specified, oth- +# erwise log a generic message. +# +# Note: this action disables further header or +# body_checks inspection of the current message and +# affects all recipients. To discard only one recip- +# ient without discarding the entire message, use the +# transport(5) table to direct mail to the discard(8) +# service. +# +# This feature is available in Postfix 2.0 and later. +# +# This feature is not supported with smtp header/body +# checks. +# +# DUNNO Pretend that the input line did not match any pat- +# tern, and inspect the next input line. This action +# can be used to shorten the table search. +# +# For backwards compatibility reasons, Postfix also +# accepts OK but it is (and always has been) treated +# as DUNNO. +# +# This feature is available in Postfix 2.1 and later. +# +# FILTER transport:destination +# Override the content_filter parameter setting, and +# inspect the next input line. After the message is +# queued, send the entire message through the speci- +# fied external content filter. The transport name +# specifies the first field of a mail delivery agent +# definition in master.cf; the syntax of the next-hop +# destination is described in the manual page of the +# corresponding delivery agent. More information +# about external content filters is in the Postfix +# FILTER_README file. +# +# Note 1: do not use $number regular expression sub- +# stitutions for transport or destination unless you +# know that the information has a trusted origin. +# +# Note 2: this action overrides the main.cf con- +# tent_filter setting, and affects all recipients of +# the message. In the case that multiple FILTER +# actions fire, only the last one is executed. +# +# Note 3: the purpose of the FILTER command is to +# override message routing. To override the recipi- +# ent's transport but not the next-hop destination, +# specify an empty filter destination (Postfix 2.7 +# and later), or specify a transport:destination that +# delivers through a different Postfix instance +# (Postfix 2.6 and earlier). Other options are using +# the recipient-dependent transport_maps or the sen- +# der-dependent sender_dependent_default_transport- +# _maps features. +# +# This feature is available in Postfix 2.0 and later. +# +# This feature is not supported with smtp header/body +# checks. +# +# HOLD optional text... +# Arrange for the message to be placed on the hold +# queue, and inspect the next input line. The mes- +# sage remains on hold until someone either deletes +# it or releases it for delivery. Log the optional +# text if specified, otherwise log a generic message. +# +# Mail that is placed on hold can be examined with +# the postcat(1) command, and can be destroyed or +# released with the postsuper(1) command. +# +# Note: use "postsuper -r" to release mail that was +# kept on hold for a significant fraction of $maxi- +# mal_queue_lifetime or $bounce_queue_lifetime, or +# longer. Use "postsuper -H" only for mail that will +# not expire within a few delivery attempts. +# +# Note: this action affects all recipients of the +# message. +# +# This feature is available in Postfix 2.0 and later. +# +# This feature is not supported with smtp header/body +# checks. +# +# IGNORE Delete the current line from the input, and inspect +# the next input line. See STRIP for an alternative +# that logs the action. +# +# INFO optional text... +# Log an "info:" record with the optional text... (or +# log a generic text), and inspect the next input +# line. This action is useful for routine logging or +# for debugging. +# +# This feature is available in Postfix 2.8 and later. +# +# PASS optional text... +# Log a "pass:" record with the optional text... (or +# log a generic text), and turn off header, body, and +# Milter inspection for the remainder of this mes- +# sage. +# +# Note: this feature relies on trust in information +# that is easy to forge. +# +# This feature is available in Postfix 3.2 and later. +# +# This feature is not supported with smtp header/body +# checks. +# +# PREPEND text... +# Prepend one line with the specified text, and +# inspect the next input line. +# +# Notes: +# +# o The prepended text is output on a separate +# line, immediately before the input that +# triggered the PREPEND action. +# +# o The prepended text is not considered part of +# the input stream: it is not subject to +# header/body checks or address rewriting, and +# it does not affect the way that Postfix adds +# missing message headers. +# +# o When prepending text before a message header +# line, the prepended text must begin with a +# valid message header label. +# +# o This action cannot be used to prepend +# multi-line text. +# +# This feature is available in Postfix 2.1 and later. +# +# This feature is not supported with mil- +# ter_header_checks. +# +# REDIRECT user@domain +# Write a message redirection request to the queue +# file, and inspect the next input line. After the +# message is queued, it will be sent to the specified +# address instead of the intended recipient(s). +# +# Note: this action overrides the FILTER action, and +# affects all recipients of the message. If multiple +# REDIRECT actions fire, only the last one is exe- +# cuted. +# +# This feature is available in Postfix 2.1 and later. +# +# This feature is not supported with smtp header/body +# checks. +# +# REPLACE text... +# Replace the current line with the specified text, +# and inspect the next input line. +# +# This feature is available in Postfix 2.2 and later. +# The description below applies to Postfix 2.2.2 and +# later. +# +# Notes: +# +# o When replacing a message header line, the +# replacement text must begin with a valid +# header label. +# +# o The replaced text remains part of the input +# stream. Unlike the result from the PREPEND +# action, a replaced message header may be +# subject to address rewriting and may affect +# the way that Postfix adds missing message +# headers. +# +# REJECT optional text... +# Reject the entire message. Do not inspect the +# remainder of the input message. Reply with +# optional text... when the optional text is speci- +# fied, otherwise reply with a generic error message. +# +# Note: this action disables further header or +# body_checks inspection of the current message and +# affects all recipients. +# +# Postfix version 2.3 and later support enhanced sta- +# tus codes. When no code is specified at the begin- +# ning of optional text..., Postfix inserts a default +# enhanced status code of "5.7.1". +# +# This feature is not supported with smtp header/body +# checks. +# +# STRIP optional text... +# Log a "strip:" record with the optional text... (or +# log a generic text), delete the input line from the +# input, and inspect the next input line. See IGNORE +# for a silent alternative. +# +# This feature is available in Postfix 3.2 and later. +# +# WARN optional text... +# Log a "warning:" record with the optional text... +# (or log a generic text), and inspect the next input +# line. This action is useful for debugging and for +# testing a pattern before applying more drastic +# actions. +# +# BUGS +# Empty lines never match, because some map types mis-behave +# when given a zero-length search string. This limitation +# may be removed for regular expression tables in a future +# release. +# +# Many people overlook the main limitations of header and +# body_checks rules. +# +# o These rules operate on one logical message header +# or one body line at a time. A decision made for one +# line is not carried over to the next line. +# +# o If text in the message body is encoded (RFC 2045) +# then the rules need to be specified for the encoded +# form. +# +# o Likewise, when message headers are encoded (RFC +# 2047) then the rules need to be specified for the +# encoded form. +# +# Message headers added by the cleanup(8) daemon itself are +# excluded from inspection. Examples of such message headers +# are From:, To:, Message-ID:, Date:. +# +# Message headers deleted by the cleanup(8) daemon will be +# examined before they are deleted. Examples are: Bcc:, Con- +# tent-Length:, Return-Path:. +# +# CONFIGURATION PARAMETERS +# body_checks +# Lookup tables with content filter rules for message +# body lines. These filters see one physical line at +# a time, in chunks of at most $line_length_limit +# bytes. +# +# body_checks_size_limit +# The amount of content per message body segment +# (attachment) that is subjected to $body_checks fil- +# tering. +# +# header_checks +# +# mime_header_checks (default: $header_checks) +# +# nested_header_checks (default: $header_checks) +# Lookup tables with content filter rules for message +# header lines: respectively, these are applied to +# the initial message headers (not including MIME +# headers), to the MIME headers anywhere in the mes- +# sage, and to the initial headers of attached mes- +# sages. +# +# Note: these filters see one logical message header +# at a time, even when a message header spans multi- +# ple lines. Message headers that are longer than +# $header_size_limit characters are truncated. +# +# disable_mime_input_processing +# While receiving mail, give no special treatment to +# MIME related message headers; all text after the +# initial message headers is considered to be part of +# the message body. This means that header_checks is +# applied to all the initial message headers, and +# that body_checks is applied to the remainder of the +# message. +# +# Note: when used in this manner, body_checks will +# process a multi-line message header one line at a +# time. +# +# EXAMPLES +# Header pattern to block attachments with bad file name +# extensions. For convenience, the PCRE /x flag is speci- +# fied, so that there is no need to collapse the pattern +# into a single line of text. The purpose of the +# [[:xdigit:]] sub-expressions is to recognize Windows CLSID +# strings. +# +# /etc/postfix/main.cf: +# header_checks = pcre:/etc/postfix/header_checks.pcre +# +# /etc/postfix/header_checks.pcre: +# /^Content-(Disposition|Type).*name\s*=\s*"?([^;]*(\.|=2E)( +# ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe| +# hlp|ht[at]| +# inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws| +# \{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}| +# ops|pcd|pif|prf|reg|sc[frt]|sh[bsm]|swf| +# vb[esx]?|vxd|ws[cfh]))(\?=)?"?\s*(;|$)/x +# REJECT Attachment name "$2" may not end with ".$4" +# +# Body pattern to stop a specific HTML browser vulnerability +# exploit. +# +# /etc/postfix/main.cf: +# body_checks = regexp:/etc/postfix/body_checks +# +# /etc/postfix/body_checks: +# /^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/ +# REJECT IFRAME vulnerability exploit +# +# SEE ALSO +# cleanup(8), canonicalize and enqueue Postfix message +# pcre_table(5), format of PCRE lookup tables +# regexp_table(5), format of POSIX regular expression tables +# postconf(1), Postfix configuration utility +# postmap(1), Postfix lookup table management +# postsuper(1), Postfix janitor +# postcat(1), show Postfix queue file contents +# RFC 2045, base64 and quoted-printable encoding rules +# RFC 2047, message header encoding for non-ASCII text +# +# README FILES +# Use "postconf readme_directory" or "postconf html_direc- +# tory" to locate this information. +# DATABASE_README, Postfix lookup table overview +# CONTENT_INSPECTION_README, Postfix content inspection overview +# BUILTIN_FILTER_README, Postfix built-in content inspection +# BACKSCATTER_README, blocking returned forged mail +# +# LICENSE +# The Secure Mailer license must be distributed with this +# software. +# +# AUTHOR(S) +# Wietse Venema +# IBM T.J. Watson Research +# P.O. Box 704 +# Yorktown Heights, NY 10598, USA +# +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA +# +# HEADER_CHECKS(5) |