1<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" 2 "http://www.w3.org/TR/html4/loose.dtd"> 3<html> <head> 4<meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> 5<title> Postfix manual - header_checks(5) </title> 6</head> <body> <pre> 7HEADER_CHECKS(5) HEADER_CHECKS(5) 8 9<b>NAME</b> 10 <a href="postconf.5.html#header_checks">header_checks</a> - Postfix built-in content inspection 11 12<b>SYNOPSIS</b> 13 <b><a href="postconf.5.html#header_checks">header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/header_checks</b> 14 <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/mime_header_checks</b> 15 <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/nested_header_checks</b> 16 <b><a href="postconf.5.html#body_checks">body_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/body_checks</b> 17 18 <b>postmap -q "</b><i>string</i><b>" <a href="pcre_table.5.html">pcre</a>:/etc/postfix/</b><i>filename</i> 19 <b>postmap -q - <a href="pcre_table.5.html">pcre</a>:/etc/postfix/</b><i>filename</i> <<i>inputfile</i> 20 21<b>DESCRIPTION</b> 22 This document describes access control on the content of 23 message headers and message body lines; it is implemented 24 by the Postfix <a href="cleanup.8.html"><b>cleanup</b>(8)</a> server before mail is queued. 25 See <a href="access.5.html"><b>access</b>(5)</a> for access control on remote SMTP client 26 information. 27 28 Each message header or message body line is compared 29 against a list of patterns. When a match is found the 30 corresponding action is executed, and the matching process 31 is repeated for the next message header or message body 32 line. 33 34 For examples, see the EXAMPLES section at the end of this 35 manual page. 36 37 Postfix header or <a href="postconf.5.html#body_checks">body_checks</a> are designed to stop a flood 38 of mail from worms or viruses; they do not decode attach- 39 ments, and they do not unzip archives. See the documents 40 referenced below in the README FILES section if you need 41 more sophisticated content analysis. 42 43 Postfix supports four built-in content inspection classes: 44 45 <b><a href="postconf.5.html#header_checks">header_checks</a></b> 46 These are applied to initial message headers 47 (except for the headers that are processed with 48 <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>). 49 50 <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>) 51 These are applied to MIME related message headers 52 only. 53 54 This feature is available in Postfix 2.0 and later. 55 56 <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>) 57 These are applied to message headers of attached 58 email messages (except for the headers that are 59 processed with <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>). 60 61 This feature is available in Postfix 2.0 and later. 62 63 <b><a href="postconf.5.html#body_checks">body_checks</a></b> 64 These are applied to all other content, including 65 multi-part message boundaries. 66 67 With Postfix versions before 2.0, all content after 68 the initial message headers is treated as body con- 69 tent. 70 71 Note: message headers are examined one logical header at a 72 time, even when a message header spans multiple lines. 73 Body lines are always examined one line at a time. 74 75<b>COMPATIBILITY</b> 76 With Postfix version 2.2 and earlier specify "<b>postmap -fq</b>" 77 to query a table that contains case sensitive patterns. By 78 default, <a href="regexp_table.5.html">regexp</a>: and <a href="pcre_table.5.html">pcre</a>: patterns are case insensitive. 79 80<b>TABLE FORMAT</b> 81 This document assumes that header and <a href="postconf.5.html#body_checks">body_checks</a> rules 82 are specified in the form of Postfix regular expression 83 lookup tables. Usually the best performance is obtained 84 with <b>pcre</b> (Perl Compatible Regular Expression) tables, but 85 the slower <b>regexp</b> (POSIX regular expressions) support is 86 more widely available. Use the command "<b>postconf -m</b>" to 87 find out what lookup table types your Postfix system sup- 88 ports. 89 90 The general format of Postfix regular expression tables is 91 given below. For a discussion of specific pattern or 92 flags syntax, see <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a> or <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a>, 93 respectively. 94 95 <b>/</b><i>pattern</i><b>/</b><i>flags action</i> 96 When /<i>pattern</i>/ matches the input string, execute 97 the corresponding <i>action</i>. See below for a list of 98 possible actions. 99 100 <b>!/</b><i>pattern</i><b>/</b><i>flags action</i> 101 When /<i>pattern</i>/ does <b>not</b> match the input string, 102 execute the corresponding <i>action</i>. 103 104 <b>if /</b><i>pattern</i><b>/</b><i>flags</i> 105 106 <b>endif</b> Match the input string against the patterns between 107 <b>if</b> and <b>endif</b>, if and only if the same input string 108 also matches /<i>pattern</i>/. The <b>if</b>..<b>endif</b> can nest. 109 110 Note: do not prepend whitespace to patterns inside 111 <b>if</b>..<b>endif</b>. 112 113 <b>if !/</b><i>pattern</i><b>/</b><i>flags</i> 114 115 <b>endif</b> Match the input string against the patterns between 116 <b>if</b> and <b>endif</b>, if and only if the same input string 117 does <b>not</b> match /<i>pattern</i>/. The <b>if</b>..<b>endif</b> can nest. 118 119 blank lines and comments 120 Empty lines and whitespace-only lines are ignored, 121 as are lines whose first non-whitespace character 122 is a `#'. 123 124 multi-line text 125 A pattern/action line starts with non-whitespace 126 text. A line that starts with whitespace continues 127 a logical line. 128 129<b>TABLE SEARCH ORDER</b> 130 For each line of message input, the patterns are applied 131 in the order as specified in the table. When a pattern is 132 found that matches the input line, the corresponding 133 action is executed and then the next input line is 134 inspected. 135 136<b>TEXT SUBSTITUTION</b> 137 Substitution of substrings from the matched expression 138 into the <i>action</i> string is possible using the conventional 139 Perl syntax (<b>$1</b>, <b>$2</b>, etc.). The macros in the result 140 string may need to be written as <b>${n}</b> or <b>$(n)</b> if they 141 aren't followed by whitespace. 142 143 Note: since negated patterns (those preceded by <b>!</b>) return 144 a result when the expression does not match, substitutions 145 are not available for negated patterns. 146 147<b>ACTIONS</b> 148 Action names are case insensitive. They are shown in upper 149 case for consistency with other Postfix documentation. 150 151 <b>DISCARD</b> <i>optional text...</i> 152 Claim successful delivery and silently discard the 153 message. Log the optional text if specified, oth- 154 erwise log a generic message. 155 156 Note: this action disables further header or 157 <a href="postconf.5.html#body_checks">body_checks</a> inspection of the current message and 158 affects all recipients. To discard only one recip- 159 ient without discarding the entire message, use the 160 <a href="transport.5.html">transport(5)</a> table to direct mail to the <a href="discard.8.html">discard(8)</a> 161 service. 162 163 This feature is available in Postfix 2.0 and later. 164 165 <b>DUNNO</b> Pretend that the input line did not match any pat- 166 tern, and inspect the next input line. This action 167 can be used to shorten the table search. 168 169 For backwards compatibility reasons, Postfix also 170 accepts <b>OK</b> but it is (and always has been) treated 171 as <b>DUNNO</b>. 172 173 This feature is available in Postfix 2.1 and later. 174 175 <b>FILTER</b> <i>transport:destination</i> 176 Write a content filter request to the queue file, 177 and inspect the next input line. After the com- 178 plete message is received it will be sent through 179 the specified external content filter. More infor- 180 mation about external content filters is in the 181 Postfix <a href="FILTER_README.html">FILTER_README</a> file. 182 183 Note: this action overrides the <b><a href="postconf.5.html#content_filter">content_filter</a></b> set- 184 ting, and affects all recipients of the message. In 185 the case that multiple <b>FILTER</b> actions fire, only 186 the last one is executed. 187 188 This feature is available in Postfix 2.0 and later. 189 190 <b>HOLD</b> <i>optional text...</i> 191 Arrange for the message to be placed on the <b>hold</b> 192 queue, and inspect the next input line. The mes- 193 sage remains on <b>hold</b> until someone either deletes 194 it or releases it for delivery. Log the optional 195 text if specified, otherwise log a generic message. 196 197 Mail that is placed on hold can be examined with 198 the <a href="postcat.1.html"><b>postcat</b>(1)</a> command, and can be destroyed or 199 released with the <a href="postsuper.1.html"><b>postsuper</b>(1)</a> command. 200 201 Note: use "<b>postsuper -r</b>" to release mail that was 202 kept on hold for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b> 203 <b><a href="postconf.5.html#maximal_queue_lifetime">mal_queue_lifetime</a></b> or <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b>, or 204 longer. Use "<b>postsuper -H</b>" only for mail that will 205 not expire within a few delivery attempts. 206 207 Note: this action affects all recipients of the 208 message. 209 210 This feature is available in Postfix 2.0 and later. 211 212 <b>IGNORE</b> Delete the current line from the input, and inspect 213 the next input line. 214 215 <b>PREPEND</b> <i>text...</i> 216 Prepend one line with the specified text, and 217 inspect the next input line. 218 219 Notes: 220 221 <b>o</b> The prepended text is output on a separate 222 line, immediately before the input that 223 triggered the <b>PREPEND</b> action. 224 225 <b>o</b> The prepended text is not considered part of 226 the input stream: it is not subject to 227 header/body checks or address rewriting, and 228 it does not affect the way that Postfix adds 229 missing message headers. 230 231 <b>o</b> When prepending text before a message header 232 line, the prepended text must begin with a 233 valid message header label. 234 235 <b>o</b> This action cannot be used to prepend multi- 236 line text. 237 238 This feature is available in Postfix 2.1 and later. 239 240 <b>REDIRECT</b> <i>user@domain</i> 241 Write a message redirection request to the queue 242 file, and inspect the next input line. After the 243 message is queued, it will be sent to the specified 244 address instead of the intended recipient(s). 245 246 Note: this action overrides the <b>FILTER</b> action, and 247 affects all recipients of the message. If multiple 248 <b>REDIRECT</b> actions fire, only the last one is exe- 249 cuted. 250 251 This feature is available in Postfix 2.1 and later. 252 253 <b>REPLACE</b> <i>text...</i> 254 Replace the current line with the specified text, 255 and inspect the next input line. 256 257 This feature is available in Postfix 2.2 and later. 258 The description below applies to Postfix 2.2.2 and 259 later. 260 261 Notes: 262 263 <b>o</b> When replacing a message header line, the 264 replacement text must begin with a valid 265 header label. 266 267 <b>o</b> The replaced text remains part of the input 268 stream. Unlike the result from the <b>PREPEND</b> 269 action, a replaced message header may be 270 subject to address rewriting and may affect 271 the way that Postfix adds missing message 272 headers. 273 274 <b>REJECT</b> <i>optional text...</i> 275 Reject the entire message. Reply with <i>optional</i> 276 <i>text...</i> when the optional text is specified, other- 277 wise reply with a generic error message. 278 279 Note: this action disables further header or 280 <a href="postconf.5.html#body_checks">body_checks</a> inspection of the current message and 281 affects all recipients. 282 283 Postfix version 2.3 and later support enhanced sta- 284 tus codes. When no code is specified at the begin- 285 ning of <i>optional text...</i>, Postfix inserts a default 286 enhanced status code of "5.7.1". 287 288 <b>WARN</b> <i>optional text...</i> 289 Log a warning with the <i>optional text...</i> (or log a 290 generic message), and inspect the next input line. 291 This action is useful for debugging and for testing 292 a pattern before applying more drastic actions. 293 294<b>BUGS</b> 295 Empty lines never match, because some map types mis-behave 296 when given a zero-length search string. This limitation 297 may be removed for regular expression tables in a future 298 release. 299 300 Many people overlook the main limitations of header and 301 <a href="postconf.5.html#body_checks">body_checks</a> rules. 302 303 <b>o</b> These rules operate on one logical message header 304 or one body line at a time. A decision made for one 305 line is not carried over to the next line. 306 307 <b>o</b> If text in the message body is encoded (<a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a>) 308 then the rules need to be specified for the encoded 309 form. 310 311 <b>o</b> Likewise, when message headers are encoded (<a href="http://tools.ietf.org/html/rfc2047">RFC</a> 312 <a href="http://tools.ietf.org/html/rfc2047">2047</a>) then the rules need to be specified for the 313 encoded form. 314 315 Message headers added by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon itself are 316 excluded from inspection. Examples of such message headers 317 are <b>From:</b>, <b>To:</b>, <b>Message-ID:</b>, <b>Date:</b>. 318 319 Message headers deleted by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon will be 320 examined before they are deleted. Examples are: <b>Bcc:, Con-</b> 321 <b>tent-Length:</b>, <b>Return-Path:</b>. 322 323<b>CONFIGURATION PARAMETERS</b> 324 <b><a href="postconf.5.html#body_checks">body_checks</a></b> 325 Lookup tables with content filter rules for message 326 body lines. These filters see one physical line at 327 a time, in chunks of at most <b>$<a href="postconf.5.html#line_length_limit">line_length_limit</a></b> 328 bytes. 329 330 <b><a href="postconf.5.html#body_checks_size_limit">body_checks_size_limit</a></b> 331 The amount of content per message body segment 332 (attachment) that is subjected to <b>$<a href="postconf.5.html#body_checks">body_checks</a></b> fil- 333 tering. 334 335 <b><a href="postconf.5.html#header_checks">header_checks</a></b> 336 337 <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>) 338 339 <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>) 340 Lookup tables with content filter rules for message 341 header lines: respectively, these are applied to 342 the initial message headers (not including MIME 343 headers), to the MIME headers anywhere in the mes- 344 sage, and to the initial headers of attached mes- 345 sages. 346 347 Note: these filters see one logical message header 348 at a time, even when a message header spans multi- 349 ple lines. Message headers that are longer than 350 <b>$<a href="postconf.5.html#header_size_limit">header_size_limit</a></b> characters are truncated. 351 352 <b><a href="postconf.5.html#disable_mime_input_processing">disable_mime_input_processing</a></b> 353 While receiving mail, give no special treatment to 354 MIME related message headers; all text after the 355 initial message headers is considered to be part of 356 the message body. This means that <b><a href="postconf.5.html#header_checks">header_checks</a></b> is 357 applied to all the initial message headers, and 358 that <b><a href="postconf.5.html#body_checks">body_checks</a></b> is applied to the remainder of the 359 message. 360 361 Note: when used in this manner, <b><a href="postconf.5.html#body_checks">body_checks</a></b> will 362 process a multi-line message header one line at a 363 time. 364 365<b>EXAMPLES</b> 366 Header pattern to block attachments with bad file name 367 extensions. For convenience, the PCRE /x flag is speci- 368 fied, so that there is no need to collapse the pattern 369 into a single line of text. The purpose of the 370 [[:xdigit:]] sub-expressions is to recognize Windows CLSID 371 strings. 372 373 /etc/postfix/<a href="postconf.5.html">main.cf</a>: 374 <a href="postconf.5.html#header_checks">header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/header_checks.pcre 375 376 /etc/postfix/header_checks.<a href="pcre_table.5.html">pcre</a>: 377 /^Content-(Disposition|Type).*name\s*=\s*"?(.*(\.|=2E)( 378 ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe| 379 hlp|ht[at]| 380 inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws| 381 \{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}| 382 ops|pcd|pif|prf|reg|sc[frt]|sh[bsm]|swf| 383 vb[esx]?|vxd|ws[cfh]))(\?=)?"?\s*(;|$)/x 384 REJECT Attachment name "$2" may not end with ".$4" 385 386 Body pattern to stop a specific HTML browser vulnerability 387 exploit. 388 389 /etc/postfix/<a href="postconf.5.html">main.cf</a>: 390 <a href="postconf.5.html#body_checks">body_checks</a> = <a href="regexp_table.5.html">regexp</a>:/etc/postfix/body_checks 391 392 /etc/postfix/body_checks: 393 /^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/ 394 REJECT IFRAME vulnerability exploit 395 396<b>SEE ALSO</b> 397 <a href="cleanup.8.html">cleanup(8)</a>, canonicalize and enqueue Postfix message 398 <a href="pcre_table.5.html">pcre_table(5)</a>, format of PCRE lookup tables 399 <a href="regexp_table.5.html">regexp_table(5)</a>, format of POSIX regular expression tables 400 <a href="postconf.1.html">postconf(1)</a>, Postfix configuration utility 401 <a href="postmap.1.html">postmap(1)</a>, Postfix lookup table management 402 <a href="postsuper.1.html">postsuper(1)</a>, Postfix janitor 403 <a href="postcat.1.html">postcat(1)</a>, show Postfix queue file contents 404 <a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a>, base64 and quoted-printable encoding rules 405 <a href="http://tools.ietf.org/html/rfc2047">RFC 2047</a>, message header encoding for non-ASCII text 406 407<b>README FILES</b> 408 <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview 409 <a href="CONTENT_INSPECTION_README.html">CONTENT_INSPECTION_README</a>, Postfix content inspection overview 410 <a href="BUILTIN_FILTER_README.html">BUILTIN_FILTER_README</a>, Postfix built-in content inspection 411 <a href="BACKSCATTER_README.html">BACKSCATTER_README</a>, blocking returned forged mail 412 413<b>LICENSE</b> 414 The Secure Mailer license must be distributed with this 415 software. 416 417<b>AUTHOR(S)</b> 418 Wietse Venema 419 IBM T.J. Watson Research 420 P.O. Box 704 421 Yorktown Heights, NY 10598, USA 422 423 HEADER_CHECKS(5) 424</pre> </body> </html> 425