1<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" 2 "http://www.w3.org/TR/html4/loose.dtd"> 3<html> <head> 4<meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> 5<title> Postfix manual - header_checks(5) </title> 6</head> <body> <pre> 7HEADER_CHECKS(5) HEADER_CHECKS(5) 8 9<b>NAME</b> 10 <a href="postconf.5.html#header_checks">header_checks</a> - Postfix built-in content inspection 11 12<b>SYNOPSIS</b> 13 <b><a href="postconf.5.html#header_checks">header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/header_checks</b> 14 <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/mime_header_checks</b> 15 <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/nested_header_checks</b> 16 <b><a href="postconf.5.html#body_checks">body_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/body_checks</b> 17 18 <b><a href="postconf.5.html#milter_header_checks">milter_header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/<a href="postconf.5.html#milter_header_checks">milter_header_checks</a></b> 19 20 <b><a href="postconf.5.html#smtp_header_checks">smtp_header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/smtp_header_checks</b> 21 <b><a href="postconf.5.html#smtp_mime_header_checks">smtp_mime_header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/smtp_mime_header_checks</b> 22 <b><a href="postconf.5.html#smtp_nested_header_checks">smtp_nested_header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/smtp_nested_header_checks</b> 23 <b><a href="postconf.5.html#smtp_body_checks">smtp_body_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/smtp_body_checks</b> 24 25 <b>postmap -q "</b><i>string</i><b>" <a href="pcre_table.5.html">pcre</a>:/etc/postfix/</b><i>filename</i> 26 <b>postmap -q - <a href="pcre_table.5.html">pcre</a>:/etc/postfix/</b><i>filename</i> <<i>inputfile</i> 27 28<b>DESCRIPTION</b> 29 This document describes access control on the content of message head- 30 ers and message body lines; it is implemented by the Postfix <a href="cleanup.8.html"><b>cleanup</b>(8)</a> 31 server before mail is queued. See <a href="access.5.html"><b>access</b>(5)</a> for access control on 32 remote SMTP client information. 33 34 Each message header or message body line is compared against a list of 35 patterns. When a match is found the corresponding action is executed, 36 and the matching process is repeated for the next message header or 37 message body line. 38 39 Note: message headers are examined one logical header at a time, even 40 when a message header spans multiple lines. Body lines are always exam- 41 ined one line at a time. 42 43 For examples, see the EXAMPLES section at the end of this manual page. 44 45 Postfix header or <a href="postconf.5.html#body_checks">body_checks</a> are designed to stop a flood of mail from 46 worms or viruses; they do not decode attachments, and they do not unzip 47 archives. See the documents referenced below in the README FILES sec- 48 tion if you need more sophisticated content analysis. 49 50<b>FILTERS WHILE RECEIVING MAIL</b> 51 Postfix implements the following four built-in content inspection 52 classes while receiving mail: 53 54 <b><a href="postconf.5.html#header_checks">header_checks</a></b> (default: empty) 55 These are applied to initial message headers (except for the 56 headers that are processed with <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>). 57 58 <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>) 59 These are applied to MIME related message headers only. 60 61 This feature is available in Postfix 2.0 and later. 62 63 <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>) 64 These are applied to message headers of attached email messages 65 (except for the headers that are processed with 66 <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>). 67 68 This feature is available in Postfix 2.0 and later. 69 70 <b><a href="postconf.5.html#body_checks">body_checks</a></b> 71 These are applied to all other content, including multi-part 72 message boundaries. 73 74 With Postfix versions before 2.0, all content after the initial 75 message headers is treated as body content. 76 77<b>FILTERS AFTER RECEIVING MAIL</b> 78 Postfix supports a subset of the built-in content inspection classes 79 after the message is received: 80 81 <b><a href="postconf.5.html#milter_header_checks">milter_header_checks</a></b> (default: empty) 82 These are applied to headers that are added with Milter applica- 83 tions. 84 85 This feature is available in Postfix 2.7 and later. 86 87<b>FILTERS WHILE DELIVERING MAIL</b> 88 Postfix supports all four content inspection classes while delivering 89 mail via SMTP. 90 91 <b><a href="postconf.5.html#smtp_header_checks">smtp_header_checks</a></b> (default: empty) 92 93 <b><a href="postconf.5.html#smtp_mime_header_checks">smtp_mime_header_checks</a></b> (default: empty) 94 95 <b><a href="postconf.5.html#smtp_nested_header_checks">smtp_nested_header_checks</a></b> (default: empty) 96 97 <b><a href="postconf.5.html#smtp_body_checks">smtp_body_checks</a></b> (default: empty) 98 These features are available in Postfix 2.5 and later. 99 100<b>COMPATIBILITY</b> 101 With Postfix version 2.2 and earlier specify "<b>postmap -fq</b>" to query a 102 table that contains case sensitive patterns. By default, <a href="regexp_table.5.html">regexp</a>: and 103 <a href="pcre_table.5.html">pcre</a>: patterns are case insensitive. 104 105<b>TABLE FORMAT</b> 106 This document assumes that header and <a href="postconf.5.html#body_checks">body_checks</a> rules are specified 107 in the form of Postfix regular expression lookup tables. Usually the 108 best performance is obtained with <b>pcre</b> (Perl Compatible Regular Expres- 109 sion) tables. The <b>regexp</b> (POSIX regular expressions) tables are usually 110 slower, but more widely available. Use the command "<b>postconf -m</b>" to 111 find out what lookup table types your Postfix system supports. 112 113 The general format of Postfix regular expression tables is given below. 114 For a discussion of specific pattern or flags syntax, see <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a> 115 or <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a>, respectively. 116 117 <b>/</b><i>pattern</i><b>/</b><i>flags action</i> 118 When /<i>pattern</i>/ matches the input string, execute the correspond- 119 ing <i>action</i>. See below for a list of possible actions. 120 121 <b>!/</b><i>pattern</i><b>/</b><i>flags action</i> 122 When /<i>pattern</i>/ does <b>not</b> match the input string, execute the cor- 123 responding <i>action</i>. 124 125 <b>if /</b><i>pattern</i><b>/</b><i>flags</i> 126 127 <b>endif</b> If the input string matches /<i>pattern</i>/, then match that input 128 string against the patterns between <b>if</b> and <b>endif</b>. The <b>if</b>..<b>endif</b> 129 can nest. 130 131 Note: do not prepend whitespace to patterns inside <b>if</b>..<b>endif</b>. 132 133 <b>if !/</b><i>pattern</i><b>/</b><i>flags</i> 134 135 <b>endif</b> If the input string does not match /<i>pattern</i>/, then match that 136 input string against the patterns between <b>if</b> and <b>endif</b>. The 137 <b>if</b>..<b>endif</b> can nest. 138 139 blank lines and comments 140 Empty lines and whitespace-only lines are ignored, as are lines 141 whose first non-whitespace character is a `#'. 142 143 multi-line text 144 A pattern/action line starts with non-whitespace text. A line 145 that starts with whitespace continues a logical line. 146 147<b>TABLE SEARCH ORDER</b> 148 For each line of message input, the patterns are applied in the order 149 as specified in the table. When a pattern is found that matches the 150 input line, the corresponding action is executed and then the next 151 input line is inspected. 152 153<b>TEXT SUBSTITUTION</b> 154 Substitution of substrings from the matched expression into the <i>action</i> 155 string is possible using the conventional Perl syntax (<b>$1</b>, <b>$2</b>, etc.). 156 The macros in the result string may need to be written as <b>${n}</b> or <b>$(n)</b> 157 if they aren't followed by whitespace. 158 159 Note: since negated patterns (those preceded by <b>!</b>) return a result when 160 the expression does not match, substitutions are not available for 161 negated patterns. 162 163<b>ACTIONS</b> 164 Action names are case insensitive. They are shown in upper case for 165 consistency with other Postfix documentation. 166 167 <b>BCC</b> <i>user@domain</i> 168 Add the specified address as a BCC recipient, and inspect the 169 next input line. The address must have a local part and domain 170 part. The number of BCC addresses that can be added is limited 171 only by the amount of available storage space. 172 173 Note 1: the BCC address is added as if it was specified with 174 NOTIFY=NONE. The sender will not be notified when the BCC 175 address is undeliverable, as long as all down-stream software 176 implements <a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a>. 177 178 Note 2: this ignores duplicate addresses (with the same delivery 179 status notification options). 180 181 This feature is available in Postfix 3.0 and later. 182 183 This feature is not supported with smtp header/body checks. 184 185 <b>DISCARD</b> <i>optional text...</i> 186 Claim successful delivery and silently discard the message. Do 187 not inspect the remainder of the input message. Log the 188 optional text if specified, otherwise log a generic message. 189 190 Note: this action disables further header or <a href="postconf.5.html#body_checks">body_checks</a> inspec- 191 tion of the current message and affects all recipients. To dis- 192 card only one recipient without discarding the entire message, 193 use the <a href="transport.5.html">transport(5)</a> table to direct mail to the <a href="discard.8.html">discard(8)</a> ser- 194 vice. 195 196 This feature is available in Postfix 2.0 and later. 197 198 This feature is not supported with smtp header/body checks. 199 200 <b>DUNNO</b> Pretend that the input line did not match any pattern, and 201 inspect the next input line. This action can be used to shorten 202 the table search. 203 204 For backwards compatibility reasons, Postfix also accepts <b>OK</b> but 205 it is (and always has been) treated as <b>DUNNO</b>. 206 207 This feature is available in Postfix 2.1 and later. 208 209 <b>FILTER</b> <i>transport:destination</i> 210 Override the <a href="postconf.5.html#content_filter">content_filter</a> parameter setting, and inspect the 211 next input line. After the message is queued, send the entire 212 message through the specified external content filter. The 213 <i>transport</i> name specifies the first field of a mail delivery 214 agent definition in <a href="master.5.html">master.cf</a>; the syntax of the next-hop <i>desti-</i> 215 <i>nation</i> is described in the manual page of the corresponding 216 delivery agent. More information about external content filters 217 is in the Postfix <a href="FILTER_README.html">FILTER_README</a> file. 218 219 Note 1: do not use $<i>number</i> regular expression substitutions for 220 <i>transport</i> or <i>destination</i> unless you know that the information 221 has a trusted origin. 222 223 Note 2: this action overrides the <a href="postconf.5.html">main.cf</a> <b><a href="postconf.5.html#content_filter">content_filter</a></b> set- 224 ting, and affects all recipients of the message. In the case 225 that multiple <b>FILTER</b> actions fire, only the last one is exe- 226 cuted. 227 228 Note 3: the purpose of the FILTER command is to override message 229 routing. To override the recipient's <i>transport</i> but not the 230 next-hop <i>destination</i>, specify an empty filter <i>destination</i> (Post- 231 fix 2.7 and later), or specify a <i>transport:destination</i> that 232 delivers through a different Postfix instance (Postfix 2.6 and 233 earlier). Other options are using the recipient-dependent <b><a href="postconf.5.html#transport_maps">trans</a>-</b> 234 <b><a href="postconf.5.html#transport_maps">port_maps</a></b> or the sender-dependent <b><a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default-</b> 235 <b>_transport_maps</a></b> features. 236 237 This feature is available in Postfix 2.0 and later. 238 239 This feature is not supported with smtp header/body checks. 240 241 <b>HOLD</b> <i>optional text...</i> 242 Arrange for the message to be placed on the <b>hold</b> queue, and 243 inspect the next input line. The message remains on <b>hold</b> until 244 someone either deletes it or releases it for delivery. Log the 245 optional text if specified, otherwise log a generic message. 246 247 Mail that is placed on hold can be examined with the <a href="postcat.1.html"><b>postcat</b>(1)</a> 248 command, and can be destroyed or released with the <a href="postsuper.1.html"><b>postsuper</b>(1)</a> 249 command. 250 251 Note: use "<b>postsuper -r</b>" to release mail that was kept on hold 252 for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a></b> or 253 <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b>, or longer. Use "<b>postsuper -H</b>" only for 254 mail that will not expire within a few delivery attempts. 255 256 Note: this action affects all recipients of the message. 257 258 This feature is available in Postfix 2.0 and later. 259 260 This feature is not supported with smtp header/body checks. 261 262 <b>IGNORE</b> Delete the current line from the input, and inspect the next 263 input line. See <b>STRIP</b> for an alternative that logs the action. 264 265 <b>INFO</b> <i>optional text...</i> 266 Log an "info:" record with the <i>optional text...</i> (or log a 267 generic text), and inspect the next input line. This action is 268 useful for routine logging or for debugging. 269 270 This feature is available in Postfix 2.8 and later. 271 272 <b>PASS</b> <i>optional text...</i> 273 Log a "pass:" record with the <i>optional text...</i> (or log a generic 274 text), and turn off header, body, and Milter inspection for the 275 remainder of this message. 276 277 Note: this feature relies on trust in information that is easy 278 to forge. 279 280 This feature is available in Postfix 3.2 and later. 281 282 This feature is not supported with smtp header/body checks. 283 284 <b>PREPEND</b> <i>text...</i> 285 Prepend one line with the specified text, and inspect the next 286 input line. 287 288 Notes: 289 290 <b>o</b> The prepended text is output on a separate line, immedi- 291 ately before the input that triggered the <b>PREPEND</b> action. 292 293 <b>o</b> The prepended text is not considered part of the input 294 stream: it is not subject to header/body checks or 295 address rewriting, and it does not affect the way that 296 Postfix adds missing message headers. 297 298 <b>o</b> When prepending text before a message header line, the 299 prepended text must begin with a valid message header 300 label. 301 302 <b>o</b> This action cannot be used to prepend multi-line text. 303 304 This feature is available in Postfix 2.1 and later. 305 306 This feature is not supported with <a href="postconf.5.html#milter_header_checks">milter_header_checks</a>. 307 308 <b>REDIRECT</b> <i>user@domain</i> 309 Write a message redirection request to the queue file, and 310 inspect the next input line. After the message is queued, it 311 will be sent to the specified address instead of the intended 312 recipient(s). 313 314 Note: this action overrides the <b>FILTER</b> action, and affects all 315 recipients of the message. If multiple <b>REDIRECT</b> actions fire, 316 only the last one is executed. 317 318 This feature is available in Postfix 2.1 and later. 319 320 This feature is not supported with smtp header/body checks. 321 322 <b>REPLACE</b> <i>text...</i> 323 Replace the current line with the specified text, and inspect 324 the next input line. 325 326 This feature is available in Postfix 2.2 and later. The descrip- 327 tion below applies to Postfix 2.2.2 and later. 328 329 Notes: 330 331 <b>o</b> When replacing a message header line, the replacement 332 text must begin with a valid header label. 333 334 <b>o</b> The replaced text remains part of the input stream. 335 Unlike the result from the <b>PREPEND</b> action, a replaced 336 message header may be subject to address rewriting and 337 may affect the way that Postfix adds missing message 338 headers. 339 340 <b>REJECT</b> <i>optional text...</i> 341 Reject the entire message. Do not inspect the remainder of the 342 input message. Reply with <i>optional text...</i> when the optional 343 text is specified, otherwise reply with a generic error message. 344 345 Note: this action disables further header or <a href="postconf.5.html#body_checks">body_checks</a> inspec- 346 tion of the current message and affects all recipients. 347 348 Postfix version 2.3 and later support enhanced status codes. 349 When no code is specified at the beginning of <i>optional text...</i>, 350 Postfix inserts a default enhanced status code of "5.7.1". 351 352 This feature is not supported with smtp header/body checks. 353 354 <b>STRIP</b> <i>optional text...</i> 355 Log a "strip:" record with the <i>optional text...</i> (or log a 356 generic text), delete the input line from the input, and inspect 357 the next input line. See <b>IGNORE</b> for a silent alternative. 358 359 This feature is available in Postfix 3.2 and later. 360 361 <b>WARN</b> <i>optional text...</i> 362 Log a "warning:" record with the <i>optional text...</i> (or log a 363 generic text), and inspect the next input line. This action is 364 useful for debugging and for testing a pattern before applying 365 more drastic actions. 366 367<b>BUGS</b> 368 Empty lines never match, because some map types mis-behave when given a 369 zero-length search string. This limitation may be removed for regular 370 expression tables in a future release. 371 372 Many people overlook the main limitations of header and <a href="postconf.5.html#body_checks">body_checks</a> 373 rules. 374 375 <b>o</b> These rules operate on one logical message header or one body 376 line at a time. A decision made for one line is not carried over 377 to the next line. 378 379 <b>o</b> If text in the message body is encoded (<a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a>) then the rules 380 need to be specified for the encoded form. 381 382 <b>o</b> Likewise, when message headers are encoded (<a href="http://tools.ietf.org/html/rfc2047">RFC 2047</a>) then the 383 rules need to be specified for the encoded form. 384 385 Message headers added by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon itself are excluded from 386 inspection. Examples of such message headers are <b>From:</b>, <b>To:</b>, <b>Mes-</b> 387 <b>sage-ID:</b>, <b>Date:</b>. 388 389 Message headers deleted by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon will be examined 390 before they are deleted. Examples are: <b>Bcc:</b>, <b>Content-Length:</b>, 391 <b>Return-Path:</b>. 392 393<b>CONFIGURATION PARAMETERS</b> 394 <b><a href="postconf.5.html#body_checks">body_checks</a></b> 395 Lookup tables with content filter rules for message body lines. 396 These filters see one physical line at a time, in chunks of at 397 most <b>$<a href="postconf.5.html#line_length_limit">line_length_limit</a></b> bytes. 398 399 <b><a href="postconf.5.html#body_checks_size_limit">body_checks_size_limit</a></b> 400 The amount of content per message body segment (attachment) that 401 is subjected to <b>$<a href="postconf.5.html#body_checks">body_checks</a></b> filtering. 402 403 <b><a href="postconf.5.html#header_checks">header_checks</a></b> 404 405 <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>) 406 407 <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>) 408 Lookup tables with content filter rules for message header 409 lines: respectively, these are applied to the initial message 410 headers (not including MIME headers), to the MIME headers any- 411 where in the message, and to the initial headers of attached 412 messages. 413 414 Note: these filters see one logical message header at a time, 415 even when a message header spans multiple lines. Message headers 416 that are longer than <b>$<a href="postconf.5.html#header_size_limit">header_size_limit</a></b> characters are trun- 417 cated. 418 419 <b><a href="postconf.5.html#disable_mime_input_processing">disable_mime_input_processing</a></b> 420 While receiving mail, give no special treatment to MIME related 421 message headers; all text after the initial message headers is 422 considered to be part of the message body. This means that 423 <b><a href="postconf.5.html#header_checks">header_checks</a></b> is applied to all the initial message headers, and 424 that <b><a href="postconf.5.html#body_checks">body_checks</a></b> is applied to the remainder of the message. 425 426 Note: when used in this manner, <b><a href="postconf.5.html#body_checks">body_checks</a></b> will process a 427 multi-line message header one line at a time. 428 429<b>EXAMPLES</b> 430 Header pattern to block attachments with bad file name extensions. For 431 convenience, the PCRE /x flag is specified, so that there is no need to 432 collapse the pattern into a single line of text. The purpose of the 433 [[:xdigit:]] sub-expressions is to recognize Windows CLSID strings. 434 435 /etc/postfix/<a href="postconf.5.html">main.cf</a>: 436 <a href="postconf.5.html#header_checks">header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/header_checks.pcre 437 438 /etc/postfix/header_checks.<a href="pcre_table.5.html">pcre</a>: 439 /^Content-(Disposition|Type).*name\s*=\s*"?([^;]*(\.|=2E)( 440 ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe| 441 hlp|ht[at]| 442 inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws| 443 \{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}| 444 ops|pcd|pif|prf|reg|sc[frt]|sh[bsm]|swf| 445 vb[esx]?|vxd|ws[cfh]))(\?=)?"?\s*(;|$)/x 446 REJECT Attachment name "$2" may not end with ".$4" 447 448 Body pattern to stop a specific HTML browser vulnerability exploit. 449 450 /etc/postfix/<a href="postconf.5.html">main.cf</a>: 451 <a href="postconf.5.html#body_checks">body_checks</a> = <a href="regexp_table.5.html">regexp</a>:/etc/postfix/body_checks 452 453 /etc/postfix/body_checks: 454 /^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/ 455 REJECT IFRAME vulnerability exploit 456 457<b>SEE ALSO</b> 458 <a href="cleanup.8.html">cleanup(8)</a>, canonicalize and enqueue Postfix message 459 <a href="pcre_table.5.html">pcre_table(5)</a>, format of PCRE lookup tables 460 <a href="regexp_table.5.html">regexp_table(5)</a>, format of POSIX regular expression tables 461 <a href="postconf.1.html">postconf(1)</a>, Postfix configuration utility 462 <a href="postmap.1.html">postmap(1)</a>, Postfix lookup table management 463 <a href="postsuper.1.html">postsuper(1)</a>, Postfix janitor 464 <a href="postcat.1.html">postcat(1)</a>, show Postfix queue file contents 465 <a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a>, base64 and quoted-printable encoding rules 466 <a href="http://tools.ietf.org/html/rfc2047">RFC 2047</a>, message header encoding for non-ASCII text 467 468<b>README FILES</b> 469 <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview 470 <a href="CONTENT_INSPECTION_README.html">CONTENT_INSPECTION_README</a>, Postfix content inspection overview 471 <a href="BUILTIN_FILTER_README.html">BUILTIN_FILTER_README</a>, Postfix built-in content inspection 472 <a href="BACKSCATTER_README.html">BACKSCATTER_README</a>, blocking returned forged mail 473 474<b>LICENSE</b> 475 The Secure Mailer license must be distributed with this software. 476 477<b>AUTHOR(S)</b> 478 Wietse Venema 479 IBM T.J. Watson Research 480 P.O. Box 704 481 Yorktown Heights, NY 10598, USA 482 483 Wietse Venema 484 Google, Inc. 485 111 8th Avenue 486 New York, NY 10011, USA 487 488 HEADER_CHECKS(5) 489</pre> </body> </html> 490