body_checks man page on YellowDog

Man page or keyword search:  
man Server   18644 pages
apropos Keyword Search (all sections)
Output format
YellowDog logo
[printable version]

HEADER_CHECKS(5)					      HEADER_CHECKS(5)

NAME
       header_checks - Postfix built-in header/body inspection

SYNOPSIS
       header_checks = pcre:/etc/postfix/header_checks
       mime_header_checks = pcre:/etc/postfix/mime_header_checks
       nested_header_checks = pcre:/etc/postfix/nested_header_checks
       body_checks = pcre:/etc/postfix/body_checks

       postmap -fq "string" pcre:/etc/postfix/filename
       postmap -fq - pcre:/etc/postfix/filename <inputfile

DESCRIPTION
       Postfix	provides  a  simple built-in content inspection mechanism that
       examines incoming mail one message header or one message body line at a
       time.  Each  input  is  compared against a list of patterns, and when a
       match is found the corresponding action is executed.  This  feature  is
       implemented by the Postfix cleanup(8) server.

       For examples, see the EXAMPLES section at the end of this manual page.

       Postfix header or body_checks are designed to stop a flood of mail from
       worms or viruses; they do not decode attachments, and they do not unzip
       archives.  See  the documents referenced below in the README FILES sec‐
       tion if you need more sophisticated content analysis.

       Postfix supports four built-in content inspection classes:

       header_checks
	      These are applied to initial message  headers  (except  for  the
	      headers that are processed with mime_header_checks).

       mime_header_checks (default: $header_checks)
	      These are applied to MIME related message headers only.

	      This feature is available in Postfix 2.0 and later.

       nested_header_checks (default: $header_checks)
	      These  are applied to message headers of attached email messages
	      (except	for   the   headers   that    are    processed	  with
	      mime_header_checks).

	      This feature is available in Postfix 2.0 and later.

       body_checks
	      These  are  applied  to  all other content, including multi-part
	      message boundaries.

	      With Postfix versions before 2.0, all content after the  initial
	      message headers is treated as body content.

       Note:  message  headers are examined one logical header at a time, even
       when a message header spans multiple lines. Body lines are always exam‐
       ined one line at a time.

TABLE FORMAT
       This  document  assumes that header and body_checks rules are specified
       in the form of Postfix regular expression lookup	 tables.  Usually  the
       best performance is obtained with pcre (Perl Compatible Regular Expres‐
       sion) tables, but the slower regexp (POSIX regular expressions) support
       is  more	 widely	 available.  Use the command "postconf -m" to find out
       what lookup table types your Postfix system supports.

       The general format of Postfix regular expression tables is given below.
       For a discussion of specific pattern or flags syntax, see pcre_table(5)
       or regexp_table(5), respectively.

       /pattern/flags action
	      When pattern matches the input string, execute the corresponding
	      action. See below for a list of possible actions.

       !/pattern/flags action
	      When pattern does not match the input string, execute the corre‐
	      sponding action.

       if /pattern/flags

       endif  Match the input string  against  the  patterns  between  if  and
	      endif, if and only if the input string also matches pattern. The
	      if..endif can nest.

	      Note: do not prepend whitespace to patterns inside if..endif.

       if !/pattern/flags

       endif  Match the input string  against  the  patterns  between  if  and
	      endif,  if  and only if the input string does not match pattern.
	      The if..endif can nest.

       blank lines and comments
	      Empty lines and whitespace-only lines are ignored, as are	 lines
	      whose first non-whitespace character is a `#'.

       multi-line text
	      A	 pattern/action	 line  starts with non-whitespace text. A line
	      that starts with whitespace continues a logical line.

TABLE SEARCH ORDER
       For each line of message input, the patterns are applied in  the	 order
       as  specified  in  the  table. When a pattern is found that matches the
       input line, the corresponding action is	executed  and  then  the  next
       input line is inspected.

TEXT SUBSTITUTION
       Substitution  of substrings from the matched expression into the action
       string is possible using the conventional Perl syntax ($1,  $2,	etc.).
       The  macros in the result string may need to be written as ${n} or $(n)
       if they aren't followed by whitespace.

       Note: since negated patterns (those preceded by !) return a result when
       the  expression	does  not  match,  substitutions are not available for
       negated patterns.

ACTIONS
       Action names are case insensitive. They are shown  in  upper  case  for
       consistency with other Postfix documentation.

       DISCARD optional text...
	      Claim successful delivery and silently discard the message.  Log
	      the optional text if specified, otherwise log a generic message.

	      Note: this action disables further header or body_checks inspec‐
	      tion of the current message and affects all recipients.  To dis‐
	      card only one recipient without discarding the  entire  message,
	      use the transport(5) table to direct mail to the discard(8) ser‐
	      vice.

	      This feature is available in Postfix 2.0 and later.

       DUNNO  Pretend that the input line  did	not  match  any	 pattern,  and
	      inspect  the next input line. This action can be used to shorten
	      the table search.

	      For backwards compatibility reasons, Postfix also accepts OK but
	      it is (and always has been) treated as DUNNO.

	      This feature is available in Postfix 2.1 and later.

       FILTER transport:destination
	      Write a content filter request to the queue file and inspect the
	      next input line.	After the complete message is received it will
	      be  sent	through	 the  specified external content filter.  More
	      information about external content filters  is  in  the  Postfix
	      FILTER_README file.

	      Note:  this action overrides the main.cf content_filter setting,
	      and affects all recipients of the message. In the case that mul‐
	      tiple FILTER actions fire, only the last one is executed.

	      This feature is available in Postfix 2.0 and later.

       HOLD optional text...
	      Arrange  for  the	 message  to  be placed on the hold queue, and
	      inspect the next input line.  The message remains on hold	 until
	      someone  either deletes it or releases it for delivery.  Log the
	      optional text if specified, otherwise log a generic message.

	      Mail that is placed on hold can be examined with the  postcat(1)
	      command,	and can be destroyed or released with the postsuper(1)
	      command.

	      Note: use "postsuper -r" to release mail that was kept  on  hold
	      for   a	significant  fraction  of  $maximal_queue_lifetime  or
	      $bounce_queue_lifetime, or longer.

	      Note: this action affects all recipients of the message.

	      This feature is available in Postfix 2.0 and later.

       IGNORE Delete the current line from the	input  and  inspect  the  next
	      input line.

       PREPEND text...
	      Prepend  one  line  with the specified text and inspect the next
	      input line.

	      Notes:

	      ·	     The prepended text is output on a separate line,  immedi‐
		     ately before the input that triggered the PREPEND action.

	      ·	     The  prepended  text  is not considered part of the input
		     stream: it	 is  not  subject  to  header/body  checks  or
		     address  rewriting,  and  it does not affect the way that
		     Postfix adds missing message headers.

	      ·	     When prepending text before a message  header  line,  the
		     prepended	text  must  begin  with a valid message header
		     label.

	      ·	     This action cannot be used to prepend multi-line text.

	      This feature is available in Postfix 2.1 and later.

       REDIRECT user@domain
	      Write a message  redirection  request  to	 the  queue  file  and
	      inspect  the  next  input	 line. After the message is queued, it
	      will be sent to the specified address instead  of	 the  intended
	      recipient(s).

	      Note:  this  action overrides the FILTER action, and affects all
	      recipients of the message. If multiple  REDIRECT	actions	 fire,
	      only the last one is executed.

	      This feature is available in Postfix 2.1 and later.

       REPLACE text...
	      Replace the current line with the specified text and inspect the
	      next input line.

	      This feature is available in Postfix 2.2 and later. The descrip‐
	      tion below applies to Postfix 2.2.2 and later.

	      Notes:

	      ·	     When  replacing  a	 message  header line, the replacement
		     text must begin with a valid header label.

	      ·	     The replaced text	remains	 part  of  the	input  stream.
		     Unlike  the  result  from	the PREPEND action, a replaced
		     message header may be subject to  address	rewriting  and
		     may  affect  the  way  that  Postfix adds missing message
		     headers.

       REJECT optional text...
	      Reject the entire message. Reply with optional text... when  the
	      optional text is specified, otherwise reply with a generic error
	      message.

	      Note: this action disables further header or body_checks inspec‐
	      tion of the current message and affects all recipients.

	      Postfix  version	2.3  and  later support enhanced status codes.
	      When no code is specified at the beginning of optional  text...,
	      Postfix inserts a default enhanced status code of "5.7.1".

       WARN optional text...
	      Log  a  warning with the optional text... (or log a generic mes‐
	      sage) and inspect the next input line. This action is useful for
	      debugging and for testing a pattern before applying more drastic
	      actions.

BUGS
       Many people overlook the main limitations  of  header  and  body_checks
       rules.	These  rules operate on one logical message header or one body
       line at a time, and a decision made for one line is not carried over to
       the  next line.	If text in the message body is encoded (RFC 2045) then
       the rules have to specified for the encoded form.  Likewise, when  mes‐
       sage headers are encoded (RFC 2047) then the rules need to be specified
       for the encoded form.

       Message headers added by the cleanup(8) daemon itself are excluded from
       inspection.  Examples  of such message headers are From:, To:, Message-
       ID:, Date:.

       Message headers deleted by  the	cleanup(8)  daemon  will  be  examined
       before  they  are deleted. Examples are: Bcc:, Content-Length:, Return-
       Path:.

CONFIGURATION PARAMETERS
       body_checks
	      Lookup tables with content filter rules for message body	lines.
	      These  filters  see one physical line at a time, in chunks of at
	      most $line_length_limit bytes.

       body_checks_size_limit
	      The amount of content per message body segment (attachment) that
	      is subjected to $body_checks filtering.

       header_checks

       mime_header_checks (default: $header_checks)

       nested_header_checks (default: $header_checks)
	      Lookup  tables  with  content  filter  rules  for message header
	      lines: respectively, these are applied to	 the  initial  message
	      headers  (not  including MIME headers), to the MIME headers any‐
	      where in the message, and to the	initial	 headers  of  attached
	      messages.

	      Note:  these  filters  see one logical message header at a time,
	      even when a message header spans multiple lines. Message headers
	      that  are	 longer	 than  $header_size_limit characters are trun‐
	      cated.

       disable_mime_input_processing
	      While receiving mail, give no special treatment to MIME  related
	      message  headers;	 all text after the initial message headers is
	      considered to be part of	the  message  body.  This  means  that
	      header_checks is applied to all the initial message headers, and
	      that body_checks is applied to the remainder of the message.

	      Note: when used in  this	manner,	 body_checks  will  process  a
	      multi-line message header one line at a time.

EXAMPLES
       Header pattern to block attachments with bad file name extensions.

       /etc/postfix/main.cf:
	   header_checks = regexp:/etc/postfix/header_checks

       /etc/postfix/header_checks:
	   /^content-(type|disposition):.*name[[:space:]]*=.*\.(exe|vbs)/
	       REJECT Bad attachment file name extension: $2

       Body pattern to stop a specific HTML browser vulnerability exploit.

       /etc/postfix/main.cf:
	   body_checks = regexp:/etc/postfix/body_checks

       /etc/postfix/body_checks:
	   /^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/
	       REJECT IFRAME vulnerability exploit

SEE ALSO
       cleanup(8), canonicalize and enqueue Postfix message
       pcre_table(5), format of PCRE lookup tables
       regexp_table(5), format of POSIX regular expression tables
       postconf(1), Postfix configuration utility
       postmap(1), Postfix lookup table management
       postsuper(1), Postfix janitor
       postcat(1), show Postfix queue file contents
       RFC 2045, base64 and quoted-printable encoding rules
       RFC 2047, message header encoding for non-ASCII text

README FILES
       Use  "postconf readme_directory" or "postconf html_directory" to locate
       this information.
       DATABASE_README, Postfix lookup table overview
       CONTENT_INSPECTION_README, Postfix content inspection overview
       BUILTIN_FILTER_README, Postfix built-in content inspection
       BACKSCATTER_README, blocking returned forged mail

LICENSE
       The Secure Mailer license must be distributed with this software.

AUTHOR(S)
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA

							      HEADER_CHECKS(5)
[top]

List of man pages available for YellowDog

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net