1<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" 2 "http://www.w3.org/TR/html4/loose.dtd"> 3<html> <head> 4<meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> 5<title> Postfix manual - header_checks(5) </title> 6</head> <body> <pre> 7HEADER_CHECKS(5) HEADER_CHECKS(5) 8 9<b>NAME</b> 10 <a href="postconf.5.html#header_checks">header_checks</a> - Postfix built-in content inspection 11 12<b>SYNOPSIS</b> 13 <b><a href="postconf.5.html#header_checks">header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/header_checks</b> 14 <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/mime_header_checks</b> 15 <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/nested_header_checks</b> 16 <b><a href="postconf.5.html#body_checks">body_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/body_checks</b> 17 18 <b>postmap -q "</b><i>string</i><b>" <a href="pcre_table.5.html">pcre</a>:/etc/postfix/</b><i>filename</i> 19 <b>postmap -q - <a href="pcre_table.5.html">pcre</a>:/etc/postfix/</b><i>filename</i> <<i>inputfile</i> 20 21<b>DESCRIPTION</b> 22 This document describes access control on the content of 23 message headers and message body lines; it is implemented 24 by the Postfix <a href="cleanup.8.html"><b>cleanup</b>(8)</a> server before mail is queued. 25 See <a href="access.5.html"><b>access</b>(5)</a> for access control on remote SMTP client 26 information. 27 28 Each message header or message body line is compared 29 against a list of patterns. When a match is found the 30 corresponding action is executed, and the matching process 31 is repeated for the next message header or message body 32 line. 33 34 For examples, see the EXAMPLES section at the end of this 35 manual page. 36 37 Postfix header or <a href="postconf.5.html#body_checks">body_checks</a> are designed to stop a flood 38 of mail from worms or viruses; they do not decode attach- 39 ments, and they do not unzip archives. See the documents 40 referenced below in the README FILES section if you need 41 more sophisticated content analysis. 42 43 Postfix supports four built-in content inspection classes: 44 45 <b><a href="postconf.5.html#header_checks">header_checks</a></b> 46 These are applied to initial message headers 47 (except for the headers that are processed with 48 <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>). 49 50 <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>) 51 These are applied to MIME related message headers 52 only. 53 54 This feature is available in Postfix 2.0 and later. 55 56 <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>) 57 These are applied to message headers of attached 58 email messages (except for the headers that are 59 processed with <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>). 60 61 This feature is available in Postfix 2.0 and later. 62 63 <b><a href="postconf.5.html#body_checks">body_checks</a></b> 64 These are applied to all other content, including 65 multi-part message boundaries. 66 67 With Postfix versions before 2.0, all content after 68 the initial message headers is treated as body con- 69 tent. 70 71 Note: message headers are examined one logical header at a 72 time, even when a message header spans multiple lines. 73 Body lines are always examined one line at a time. 74 75<b>COMPATIBILITY</b> 76 With Postfix version 2.2 and earlier specify "<b>postmap -fq</b>" 77 to query a table that contains case sensitive patterns. By 78 default, <a href="regexp_table.5.html">regexp</a>: and <a href="pcre_table.5.html">pcre</a>: patterns are case insensitive. 79 80<b>TABLE FORMAT</b> 81 This document assumes that header and <a href="postconf.5.html#body_checks">body_checks</a> rules 82 are specified in the form of Postfix regular expression 83 lookup tables. Usually the best performance is obtained 84 with <b>pcre</b> (Perl Compatible Regular Expression) tables, but 85 the slower <b>regexp</b> (POSIX regular expressions) support is 86 more widely available. Use the command "<b>postconf -m</b>" to 87 find out what lookup table types your Postfix system sup- 88 ports. 89 90 The general format of Postfix regular expression tables is 91 given below. For a discussion of specific pattern or 92 flags syntax, see <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a> or <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a>, 93 respectively. 94 95 <b>/</b><i>pattern</i><b>/</b><i>flags action</i> 96 When /<i>pattern</i>/ matches the input string, execute 97 the corresponding <i>action</i>. See below for a list of 98 possible actions. 99 100 <b>!/</b><i>pattern</i><b>/</b><i>flags action</i> 101 When /<i>pattern</i>/ does <b>not</b> match the input string, 102 execute the corresponding <i>action</i>. 103 104 <b>if /</b><i>pattern</i><b>/</b><i>flags</i> 105 106 <b>endif</b> Match the input string against the patterns between 107 <b>if</b> and <b>endif</b>, if and only if the same input string 108 also matches /<i>pattern</i>/. The <b>if</b>..<b>endif</b> can nest. 109 110 Note: do not prepend whitespace to patterns inside 111 <b>if</b>..<b>endif</b>. 112 113 <b>if !/</b><i>pattern</i><b>/</b><i>flags</i> 114 115 <b>endif</b> Match the input string against the patterns between 116 <b>if</b> and <b>endif</b>, if and only if the same input string 117 does <b>not</b> match /<i>pattern</i>/. The <b>if</b>..<b>endif</b> can nest. 118 119 blank lines and comments 120 Empty lines and whitespace-only lines are ignored, 121 as are lines whose first non-whitespace character 122 is a `#'. 123 124 multi-line text 125 A pattern/action line starts with non-whitespace 126 text. A line that starts with whitespace continues 127 a logical line. 128 129<b>TABLE SEARCH ORDER</b> 130 For each line of message input, the patterns are applied 131 in the order as specified in the table. When a pattern is 132 found that matches the input line, the corresponding 133 action is executed and then the next input line is 134 inspected. 135 136<b>TEXT SUBSTITUTION</b> 137 Substitution of substrings from the matched expression 138 into the <i>action</i> string is possible using the conventional 139 Perl syntax (<b>$1</b>, <b>$2</b>, etc.). The macros in the result 140 string may need to be written as <b>${n}</b> or <b>$(n)</b> if they 141 aren't followed by whitespace. 142 143 Note: since negated patterns (those preceded by <b>!</b>) return 144 a result when the expression does not match, substitutions 145 are not available for negated patterns. 146 147<b>ACTIONS</b> 148 Action names are case insensitive. They are shown in upper 149 case for consistency with other Postfix documentation. 150 151 <b>DISCARD</b> <i>optional text...</i> 152 Claim successful delivery and silently discard the 153 message. Log the optional text if specified, oth- 154 erwise log a generic message. 155 156 Note: this action disables further header or 157 <a href="postconf.5.html#body_checks">body_checks</a> inspection of the current message and 158 affects all recipients. To discard only one recip- 159 ient without discarding the entire message, use the 160 <a href="transport.5.html">transport(5)</a> table to direct mail to the <a href="discard.8.html">discard(8)</a> 161 service. 162 163 This feature is available in Postfix 2.0 and later. 164 165 <b>DUNNO</b> Pretend that the input line did not match any pat- 166 tern, and inspect the next input line. This action 167 can be used to shorten the table search. 168 169 For backwards compatibility reasons, Postfix also 170 accepts <b>OK</b> but it is (and always has been) treated 171 as <b>DUNNO</b>. 172 173 This feature is available in Postfix 2.1 and later. 174 175 <b>FILTER</b> <i>transport:destination</i> 176 After the message is queued, send the entire mes- 177 sage through the specified external content filter. 178 The <i>transport</i> name specifies the first field of a 179 mail delivery agent definition in <a href="master.5.html">master.cf</a>; the 180 syntax of the next-hop <i>destination</i> is described in 181 the manual page of the corresponding delivery 182 agent. More information about external content 183 filters is in the Postfix <a href="FILTER_README.html">FILTER_README</a> file. 184 185 Note 1: do not use $<i>number</i> regular expression sub- 186 stitutions for <i>transport</i> or <i>destination</i> unless you 187 know that the information has a trusted origin. 188 189 Note 2: this action overrides the <a href="postconf.5.html">main.cf</a> <b><a href="postconf.5.html#content_filter">con</a>-</b> 190 <b><a href="postconf.5.html#content_filter">tent_filter</a></b> setting, and affects all recipients of 191 the message. In the case that multiple <b>FILTER</b> 192 actions fire, only the last one is executed. 193 194 Note 3: the purpose of the FILTER command is to 195 override message routing. To override the recipi- 196 ent's <i>transport</i> but not the next-hop <i>destination</i>, 197 specify an empty filter <i>destination</i> (Postfix 2.7 198 and later), or specify a <i>transport:destination</i> that 199 delivers through a different Postfix instance 200 (Postfix 2.6 and earlier). Other options are using 201 the recipient-dependent <b><a href="postconf.5.html#transport_maps">transport_maps</a></b> or the sen- 202 der-dependent <b><a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport</a>-</b> 203 <b><a href="postconf.5.html#sender_dependent_default_transport_maps">_maps</a></b> features. 204 205 This feature is available in Postfix 2.0 and later. 206 207 <b>HOLD</b> <i>optional text...</i> 208 Arrange for the message to be placed on the <b>hold</b> 209 queue, and inspect the next input line. The mes- 210 sage remains on <b>hold</b> until someone either deletes 211 it or releases it for delivery. Log the optional 212 text if specified, otherwise log a generic message. 213 214 Mail that is placed on hold can be examined with 215 the <a href="postcat.1.html"><b>postcat</b>(1)</a> command, and can be destroyed or 216 released with the <a href="postsuper.1.html"><b>postsuper</b>(1)</a> command. 217 218 Note: use "<b>postsuper -r</b>" to release mail that was 219 kept on hold for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b> 220 <b><a href="postconf.5.html#maximal_queue_lifetime">mal_queue_lifetime</a></b> or <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b>, or 221 longer. Use "<b>postsuper -H</b>" only for mail that will 222 not expire within a few delivery attempts. 223 224 Note: this action affects all recipients of the 225 message. 226 227 This feature is available in Postfix 2.0 and later. 228 229 <b>IGNORE</b> Delete the current line from the input, and inspect 230 the next input line. 231 232 <b>PREPEND</b> <i>text...</i> 233 Prepend one line with the specified text, and 234 inspect the next input line. 235 236 Notes: 237 238 <b>o</b> The prepended text is output on a separate 239 line, immediately before the input that 240 triggered the <b>PREPEND</b> action. 241 242 <b>o</b> The prepended text is not considered part of 243 the input stream: it is not subject to 244 header/body checks or address rewriting, and 245 it does not affect the way that Postfix adds 246 missing message headers. 247 248 <b>o</b> When prepending text before a message header 249 line, the prepended text must begin with a 250 valid message header label. 251 252 <b>o</b> This action cannot be used to prepend multi- 253 line text. 254 255 This feature is available in Postfix 2.1 and later. 256 257 <b>REDIRECT</b> <i>user@domain</i> 258 Write a message redirection request to the queue 259 file, and inspect the next input line. After the 260 message is queued, it will be sent to the specified 261 address instead of the intended recipient(s). 262 263 Note: this action overrides the <b>FILTER</b> action, and 264 affects all recipients of the message. If multiple 265 <b>REDIRECT</b> actions fire, only the last one is exe- 266 cuted. 267 268 This feature is available in Postfix 2.1 and later. 269 270 <b>REPLACE</b> <i>text...</i> 271 Replace the current line with the specified text, 272 and inspect the next input line. 273 274 This feature is available in Postfix 2.2 and later. 275 The description below applies to Postfix 2.2.2 and 276 later. 277 278 Notes: 279 280 <b>o</b> When replacing a message header line, the 281 replacement text must begin with a valid 282 header label. 283 284 <b>o</b> The replaced text remains part of the input 285 stream. Unlike the result from the <b>PREPEND</b> 286 action, a replaced message header may be 287 subject to address rewriting and may affect 288 the way that Postfix adds missing message 289 headers. 290 291 <b>REJECT</b> <i>optional text...</i> 292 Reject the entire message. Reply with <i>optional</i> 293 <i>text...</i> when the optional text is specified, other- 294 wise reply with a generic error message. 295 296 Note: this action disables further header or 297 <a href="postconf.5.html#body_checks">body_checks</a> inspection of the current message and 298 affects all recipients. 299 300 Postfix version 2.3 and later support enhanced sta- 301 tus codes. When no code is specified at the begin- 302 ning of <i>optional text...</i>, Postfix inserts a default 303 enhanced status code of "5.7.1". 304 305 <b>WARN</b> <i>optional text...</i> 306 Log a warning with the <i>optional text...</i> (or log a 307 generic message), and inspect the next input line. 308 This action is useful for debugging and for testing 309 a pattern before applying more drastic actions. 310 311<b>BUGS</b> 312 Empty lines never match, because some map types mis-behave 313 when given a zero-length search string. This limitation 314 may be removed for regular expression tables in a future 315 release. 316 317 Many people overlook the main limitations of header and 318 <a href="postconf.5.html#body_checks">body_checks</a> rules. 319 320 <b>o</b> These rules operate on one logical message header 321 or one body line at a time. A decision made for one 322 line is not carried over to the next line. 323 324 <b>o</b> If text in the message body is encoded (<a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a>) 325 then the rules need to be specified for the encoded 326 form. 327 328 <b>o</b> Likewise, when message headers are encoded (<a href="http://tools.ietf.org/html/rfc2047">RFC</a> 329 <a href="http://tools.ietf.org/html/rfc2047">2047</a>) then the rules need to be specified for the 330 encoded form. 331 332 Message headers added by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon itself are 333 excluded from inspection. Examples of such message headers 334 are <b>From:</b>, <b>To:</b>, <b>Message-ID:</b>, <b>Date:</b>. 335 336 Message headers deleted by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon will be 337 examined before they are deleted. Examples are: <b>Bcc:, Con-</b> 338 <b>tent-Length:</b>, <b>Return-Path:</b>. 339 340<b>CONFIGURATION PARAMETERS</b> 341 <b><a href="postconf.5.html#body_checks">body_checks</a></b> 342 Lookup tables with content filter rules for message 343 body lines. These filters see one physical line at 344 a time, in chunks of at most <b>$<a href="postconf.5.html#line_length_limit">line_length_limit</a></b> 345 bytes. 346 347 <b><a href="postconf.5.html#body_checks_size_limit">body_checks_size_limit</a></b> 348 The amount of content per message body segment 349 (attachment) that is subjected to <b>$<a href="postconf.5.html#body_checks">body_checks</a></b> fil- 350 tering. 351 352 <b><a href="postconf.5.html#header_checks">header_checks</a></b> 353 354 <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>) 355 356 <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>) 357 Lookup tables with content filter rules for message 358 header lines: respectively, these are applied to 359 the initial message headers (not including MIME 360 headers), to the MIME headers anywhere in the mes- 361 sage, and to the initial headers of attached mes- 362 sages. 363 364 Note: these filters see one logical message header 365 at a time, even when a message header spans multi- 366 ple lines. Message headers that are longer than 367 <b>$<a href="postconf.5.html#header_size_limit">header_size_limit</a></b> characters are truncated. 368 369 <b><a href="postconf.5.html#disable_mime_input_processing">disable_mime_input_processing</a></b> 370 While receiving mail, give no special treatment to 371 MIME related message headers; all text after the 372 initial message headers is considered to be part of 373 the message body. This means that <b><a href="postconf.5.html#header_checks">header_checks</a></b> is 374 applied to all the initial message headers, and 375 that <b><a href="postconf.5.html#body_checks">body_checks</a></b> is applied to the remainder of the 376 message. 377 378 Note: when used in this manner, <b><a href="postconf.5.html#body_checks">body_checks</a></b> will 379 process a multi-line message header one line at a 380 time. 381 382<b>EXAMPLES</b> 383 Header pattern to block attachments with bad file name 384 extensions. For convenience, the PCRE /x flag is speci- 385 fied, so that there is no need to collapse the pattern 386 into a single line of text. The purpose of the 387 [[:xdigit:]] sub-expressions is to recognize Windows CLSID 388 strings. 389 390 /etc/postfix/<a href="postconf.5.html">main.cf</a>: 391 <a href="postconf.5.html#header_checks">header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/header_checks.pcre 392 393 /etc/postfix/header_checks.<a href="pcre_table.5.html">pcre</a>: 394 /^Content-(Disposition|Type).*name\s*=\s*"?(.*(\.|=2E)( 395 ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe| 396 hlp|ht[at]| 397 inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws| 398 \{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}| 399 ops|pcd|pif|prf|reg|sc[frt]|sh[bsm]|swf| 400 vb[esx]?|vxd|ws[cfh]))(\?=)?"?\s*(;|$)/x 401 REJECT Attachment name "$2" may not end with ".$4" 402 403 Body pattern to stop a specific HTML browser vulnerability 404 exploit. 405 406 /etc/postfix/<a href="postconf.5.html">main.cf</a>: 407 <a href="postconf.5.html#body_checks">body_checks</a> = <a href="regexp_table.5.html">regexp</a>:/etc/postfix/body_checks 408 409 /etc/postfix/body_checks: 410 /^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/ 411 REJECT IFRAME vulnerability exploit 412 413<b>SEE ALSO</b> 414 <a href="cleanup.8.html">cleanup(8)</a>, canonicalize and enqueue Postfix message 415 <a href="pcre_table.5.html">pcre_table(5)</a>, format of PCRE lookup tables 416 <a href="regexp_table.5.html">regexp_table(5)</a>, format of POSIX regular expression tables 417 <a href="postconf.1.html">postconf(1)</a>, Postfix configuration utility 418 <a href="postmap.1.html">postmap(1)</a>, Postfix lookup table management 419 <a href="postsuper.1.html">postsuper(1)</a>, Postfix janitor 420 <a href="postcat.1.html">postcat(1)</a>, show Postfix queue file contents 421 <a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a>, base64 and quoted-printable encoding rules 422 <a href="http://tools.ietf.org/html/rfc2047">RFC 2047</a>, message header encoding for non-ASCII text 423 424<b>README FILES</b> 425 <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview 426 <a href="CONTENT_INSPECTION_README.html">CONTENT_INSPECTION_README</a>, Postfix content inspection overview 427 <a href="BUILTIN_FILTER_README.html">BUILTIN_FILTER_README</a>, Postfix built-in content inspection 428 <a href="BACKSCATTER_README.html">BACKSCATTER_README</a>, blocking returned forged mail 429 430<b>LICENSE</b> 431 The Secure Mailer license must be distributed with this 432 software. 433 434<b>AUTHOR(S)</b> 435 Wietse Venema 436 IBM T.J. Watson Research 437 P.O. Box 704 438 Yorktown Heights, NY 10598, USA 439 440 HEADER_CHECKS(5) 441</pre> </body> </html> 442