1 # HEADER_CHECKS(5) HEADER_CHECKS(5)
4 # header_checks - Postfix built-in header/body inspection
7 # header_checks = pcre:/etc/postfix/header_checks
8 # mime_header_checks = pcre:/etc/postfix/mime_header_checks
9 # nested_header_checks = pcre:/etc/postfix/nested_header_checks
10 # body_checks = pcre:/etc/postfix/body_checks
12 # postmap -fq "string" pcre:/etc/postfix/filename
13 # postmap -fq - pcre:/etc/postfix/filename <inputfile
16 # Postfix provides a simple built-in content inspection
17 # mechanism that examines incoming mail one message header
18 # or one message body line at a time. Each input is compared
19 # against a list of patterns, and when a match is found the
20 # corresponding action is executed. This feature is imple-
21 # mented by the Postfix cleanup(8) server.
23 # For examples, see the EXAMPLES section at the end of this
26 # Postfix header or body_checks are designed to stop a flood
27 # of mail from worms or viruses; they do not decode attach-
28 # ments, and they do not unzip archives. See the documents
29 # referenced below in the README FILES section if you need
30 # more sophisticated content analysis.
32 # Postfix supports four built-in content inspection classes:
35 # These are applied to initial message headers
36 # (except for the headers that are processed with
37 # mime_header_checks).
39 # mime_header_checks (default: $header_checks)
40 # These are applied to MIME related message headers
43 # This feature is available in Postfix 2.0 and later.
45 # nested_header_checks (default: $header_checks)
46 # These are applied to message headers of attached
47 # email messages (except for the headers that are
48 # processed with mime_header_checks).
50 # This feature is available in Postfix 2.0 and later.
53 # These are applied to all other content, including
54 # multi-part message boundaries.
56 # With Postfix versions before 2.0, all content after
57 # the initial message headers is treated as body con-
60 # Note: message headers are examined one logical header at a
61 # time, even when a message header spans multiple lines.
62 # Body lines are always examined one line at a time.
65 # This document assumes that header and body_checks rules
66 # are specified in the form of Postfix regular expression
67 # lookup tables. Usually the best performance is obtained
68 # with pcre (Perl Compatible Regular Expression) tables, but
69 # the slower regexp (POSIX regular expressions) support is
70 # more widely available. Use the command "postconf -m" to
71 # find out what lookup table types your Postfix system sup-
74 # The general format of Postfix regular expression tables is
75 # given below. For a discussion of specific pattern or
76 # flags syntax, see pcre_table(5) or regexp_table(5),
79 # /pattern/flags action
80 # When pattern matches the input string, execute the
81 # corresponding action. See below for a list of pos-
84 # !/pattern/flags action
85 # When pattern does not match the input string, exe-
86 # cute the corresponding action.
90 # endif Match the input string against the patterns between
91 # if and endif, if and only if the input string also
92 # matches pattern. The if..endif can nest.
94 # Note: do not prepend whitespace to patterns inside
99 # endif Match the input string against the patterns between
100 # if and endif, if and only if the input string does
101 # not match pattern. The if..endif can nest.
103 # blank lines and comments
104 # Empty lines and whitespace-only lines are ignored,
105 # as are lines whose first non-whitespace character
109 # A pattern/action line starts with non-whitespace
110 # text. A line that starts with whitespace continues
114 # For each line of message input, the patterns are applied
115 # in the order as specified in the table. When a pattern is
116 # found that matches the input line, the corresponding
117 # action is executed and then the next input line is
121 # Substitution of substrings from the matched expression
122 # into the action string is possible using the conventional
123 # Perl syntax ($1, $2, etc.). The macros in the result
124 # string may need to be written as ${n} or $(n) if they
125 # aren't followed by whitespace.
127 # Note: since negated patterns (those preceded by !) return
128 # a result when the expression does not match, substitutions
129 # are not available for negated patterns.
132 # Action names are case insensitive. They are shown in upper
133 # case for consistency with other Postfix documentation.
135 # DISCARD optional text...
136 # Claim successful delivery and silently discard the
137 # message. Log the optional text if specified, oth-
138 # erwise log a generic message.
140 # Note: this action disables further header or
141 # body_checks inspection of the current message and
142 # affects all recipients.
144 # This feature is available in Postfix 2.0 and later.
146 # DUNNO Pretend that the input line did not match any pat-
147 # tern, and inspect the next input line. This action
148 # can be used to shorten the table search.
150 # For backwards compatibility reasons, Postfix also
151 # accepts OK but it is (and always has been) treated
154 # This feature is available in Postfix 2.1 and later.
156 # FILTER transport:destination
157 # Write a content filter request to the queue file
158 # and inspect the next input line. After the com-
159 # plete message is received it will be sent through
160 # the specified external content filter. More infor-
161 # mation about external content filters is in the
162 # Postfix FILTER_README file.
164 # Note: this action overrides the main.cf con-
165 # tent_filter setting, and affects all recipients of
166 # the message. In the case that multiple FILTER
167 # actions fire, only the last one is executed.
169 # This feature is available in Postfix 2.0 and later.
171 # HOLD optional text...
172 # Arrange for the message to be placed on the hold
173 # queue, and inspect the next input line. The mes-
174 # sage remains on hold until someone either deletes
175 # it or releases it for delivery. Log the optional
176 # text if specified, otherwise log a generic message.
178 # Mail that is placed on hold can be examined with
179 # the postcat(1) command, and can be destroyed or
180 # released with the postsuper(1) command.
182 # Note: use "postsuper -r" to release mail that was
183 # kept on hold for a significant fraction of $maxi-
184 # mal_queue_lifetime or $bounce_queue_lifetime, or
187 # Note: this action affects all recipients of the
190 # This feature is available in Postfix 2.0 and later.
192 # IGNORE Delete the current line from the input and inspect
193 # the next input line.
196 # Prepend one line with the specified text and
197 # inspect the next input line.
201 # o The prepended text is output on a separate
202 # line, immediately before the input that
203 # triggered the PREPEND action.
205 # o The prepended text is not considered part of
206 # the input stream: it is not subject to
207 # header/body checks or address rewriting, and
208 # it does not affect the way that Postfix adds
209 # missing message headers.
211 # o When prepending text before a message header
212 # line, the prepended text must begin with a
213 # valid message header label.
215 # o This action cannot be used to prepend multi-
218 # This feature is available in Postfix 2.1 and later.
220 # REDIRECT user@domain
221 # Write a message redirection request to the queue
222 # file and inspect the next input line. After the
223 # message is queued, it will be sent to the specified
224 # address instead of the intended recipient(s).
226 # Note: this action overrides the FILTER action, and
227 # affects all recipients of the message. If multiple
228 # REDIRECT actions fire, only the last one is exe-
231 # This feature is available in Postfix 2.1 and later.
234 # Replace the current line with the specified text
235 # and inspect the next input line.
237 # This feature is available in Postfix 2.2 and later.
238 # The description below applies to Postfix 2.2.2 and
243 # o When replacing a message header line, the
244 # replacement text must begin with a valid
247 # o The replaced text remains part of the input
248 # stream. Unlike the result from the PREPEND
249 # action, a replaced message header may be
250 # subject to address rewriting and may affect
251 # the way that Postfix adds missing message
254 # REJECT optional text...
255 # Reject the entire message. Reply with optional
256 # text... when the optional text is specified, other-
257 # wise reply with a generic error message.
259 # Note: this action disables further header or
260 # body_checks inspection of the current message and
261 # affects all recipients.
263 # WARN optional text...
264 # Log a warning with the optional text... (or log a
265 # generic message) and inspect the next input line.
266 # This action is useful for debugging and for testing
267 # a pattern before applying more drastic actions.
270 # Many people overlook the main limitations of header and
271 # body_checks rules. These rules operate on one logical
272 # message header or one body line at a time, and a decision
273 # made for one line is not carried over to the next line.
274 # If text in the message body is encoded (RFC 2045) then the
275 # rules have to specified for the encoded form. Likewise,
276 # when message headers are encoded (RFC 2047) then the rules
277 # need to be specified for the encoded form.
279 # Message headers added by the cleanup(8) daemon itself are
280 # excluded from inspection. Examples of such message headers
281 # are From:, To:, Message-ID:, Date:.
283 # Message headers deleted by the cleanup(8) daemon will be
284 # examined before they are deleted. Examples are: Bcc:, Con-
285 # tent-Length:, Return-Path:.
287 # CONFIGURATION PARAMETERS
289 # Lookup tables with content filter rules for message
290 # body lines. These filters see one physical line at
291 # a time, in chunks of at most $line_length_limit
294 # body_checks_size_limit
295 # The amount of content per message body segment
296 # (attachment) that is subjected to $body_checks fil-
301 # mime_header_checks (default: $header_checks)
303 # nested_header_checks (default: $header_checks)
304 # Lookup tables with content filter rules for message
305 # header lines: respectively, these are applied to
306 # the initial message headers (not including MIME
307 # headers), to the MIME headers anywhere in the mes-
308 # sage, and to the initial headers of attached mes-
311 # Note: these filters see one logical message header
312 # at a time, even when a message header spans multi-
313 # ple lines. Message headers that are longer than
314 # $header_size_limit characters are truncated.
316 # disable_mime_input_processing
317 # While receiving mail, give no special treatment to
318 # MIME related message headers; all text after the
319 # initial message headers is considered to be part of
320 # the message body. This means that header_checks is
321 # applied to all the initial message headers, and
322 # that body_checks is applied to the remainder of the
325 # Note: when used in this manner, body_checks will
326 # process a multi-line message header one line at a
330 # Header pattern to block attachments with bad file name
333 # /etc/postfix/main.cf:
334 # header_checks = regexp:/etc/postfix/header_checks
336 # /etc/postfix/header_checks:
337 # /^content-(type|disposition):.*name[[:space:]]*=.*\.(exe|vbs)/
338 # REJECT Bad attachment file name extension: $2
340 # Body pattern to stop a specific HTML browser vulnerability
343 # /etc/postfix/main.cf:
344 # body_checks = regexp:/etc/postfix/body_checks
346 # /etc/postfix/body_checks:
347 # /^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/
348 # REJECT IFRAME vulnerability exploit
351 # cleanup(8), canonicalize and enqueue Postfix message
352 # pcre_table(5), format of PCRE lookup tables
353 # regexp_table(5), format of POSIX regular expression tables
354 # postconf(1), Postfix configuration utility
355 # postmap(1), Postfix lookup table management
356 # postsuper(1), Postfix janitor
357 # postcat(1), show Postfix queue file contents
358 # RFC 2045, base64 and quoted-printable encoding rules
359 # RFC 2047, message header encoding for non-ASCII text
362 # Use "postconf readme_directory" or "postconf html_direc-
363 # tory" to locate this information.
364 # DATABASE_README, Postfix lookup table overview
365 # CONTENT_INSPECTION_README, Postfix content inspection overview
366 # BUILTIN_FILTER_README, Postfix built-in content inspection
367 # BACKSCATTER_README, blocking returned forged mail
370 # The Secure Mailer license must be distributed with this
375 # IBM T.J. Watson Research
377 # Yorktown Heights, NY 10598, USA