# HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
# 
# NAME
#        header_checks - Postfix built-in content inspection
# 
# SYNOPSIS
#        header_checks = pcre:/etc/postfix/header_checks
#        mime_header_checks = pcre:/etc/postfix/mime_header_checks
#        nested_header_checks = pcre:/etc/postfix/nested_header_checks
#        body_checks = pcre:/etc/postfix/body_checks
# 
#        postmap -fq "string" pcre:/etc/postfix/filename
#        postmap -fq - pcre:/etc/postfix/filename <inputfile
# 
# DESCRIPTION
#        This  document  describes access control on the content of
#        message headers and message body lines; it is  implemented
#        by  the  Postfix  cleanup(8) server before mail is queued.
#        See access(5) for access control  on  remote  SMTP  client
#        information.
# 
#        Each  message  header  or  message  body  line is compared
#        against a list of patterns.  When a  match  is  found  the
#        corresponding action is executed, and the matching process
#        is repeated for the next message header  or  message  body
#        line.
# 
#        For  examples, see the EXAMPLES section at the end of this
#        manual page.
# 
#        Postfix header or body_checks are designed to stop a flood
#        of  mail from worms or viruses; they do not decode attach-
#        ments, and they do not unzip archives. See  the  documents
#        referenced  below  in the README FILES section if you need
#        more sophisticated content analysis.
# 
#        Postfix supports four built-in content inspection classes:
# 
#        header_checks
#               These   are  applied  to  initial  message  headers
#               (except for the headers  that  are  processed  with
#               mime_header_checks).
# 
#        mime_header_checks (default: $header_checks)
#               These  are  applied to MIME related message headers
#               only.
# 
#               This feature is available in Postfix 2.0 and later.
# 
#        nested_header_checks (default: $header_checks)
#               These  are  applied  to message headers of attached
#               email messages (except for  the  headers  that  are
#               processed with mime_header_checks).
# 
#               This feature is available in Postfix 2.0 and later.
# 
#        body_checks
#               These are applied to all other  content,  including
#               multi-part message boundaries.
# 
#               With Postfix versions before 2.0, all content after
#               the initial message headers is treated as body con-
#               tent.
# 
#        Note: message headers are examined one logical header at a
#        time, even when a message  header  spans  multiple  lines.
#        Body lines are always examined one line at a time.
# 
# TABLE FORMAT
#        This  document  assumes  that header and body_checks rules
#        are specified in the form of  Postfix  regular  expression
#        lookup  tables.  Usually  the best performance is obtained
#        with pcre (Perl Compatible Regular Expression) tables, but
#        the  slower  regexp (POSIX regular expressions) support is
#        more widely available.  Use the command "postconf  -m"  to
#        find  out what lookup table types your Postfix system sup-
#        ports.
# 
#        The general format of Postfix regular expression tables is
#        given  below.   For  a  discussion  of specific pattern or
#        flags  syntax,  see  pcre_table(5)   or   regexp_table(5),
#        respectively.
# 
#        /pattern/flags action
#               When  pattern matches the input string, execute the
#               corresponding action. See below for a list of  pos-
#               sible actions.
# 
#        !/pattern/flags action
#               When  pattern does not match the input string, exe-
#               cute the corresponding action.
# 
#        if /pattern/flags
# 
#        endif  Match the input string against the patterns between
#               if  and endif, if and only if the same input string
#               also matches pattern. The if..endif can nest.
# 
#               Note: do not prepend whitespace to patterns  inside
#               if..endif.
# 
#        if !/pattern/flags
# 
#        endif  Match the input string against the patterns between
#               if and endif, if and only if the same input  string
#               does not match pattern. The if..endif can nest.
# 
#        blank lines and comments
#               Empty  lines and whitespace-only lines are ignored,
#               as are lines whose first  non-whitespace  character
#               is a `#'.
# 
#        multi-line text
#               A  pattern/action  line  starts with non-whitespace
#               text. A line that starts with whitespace  continues
#               a logical line.
# 
# TABLE SEARCH ORDER
#        For  each  line of message input, the patterns are applied
#        in the order as specified in the table. When a pattern  is
#        found  that  matches  the  input  line,  the corresponding
#        action is  executed  and  then  the  next  input  line  is
#        inspected.
# 
# TEXT SUBSTITUTION
#        Substitution  of  substrings  from  the matched expression
#        into the action string is possible using the  conventional
#        Perl  syntax  ($1,  $2,  etc.).   The macros in the result
#        string may need to be written as  ${n}  or  $(n)  if  they
#        aren't followed by whitespace.
# 
#        Note:  since negated patterns (those preceded by !) return
#        a result when the expression does not match, substitutions
#        are not available for negated patterns.
# 
# ACTIONS
#        Action names are case insensitive. They are shown in upper
#        case for consistency with other Postfix documentation.
# 
#        DISCARD optional text...
#               Claim successful delivery and silently discard  the
#               message.   Log the optional text if specified, oth-
#               erwise log a generic message.
# 
#               Note:  this  action  disables  further  header   or
#               body_checks  inspection  of the current message and
#               affects all recipients.  To discard only one recip-
#               ient without discarding the entire message, use the
#               transport(5) table to direct mail to the discard(8)
#               service.
# 
#               This feature is available in Postfix 2.0 and later.
# 
#        DUNNO  Pretend that the input line did not match any  pat-
#               tern,  and inspect the next input line. This action
#               can be used to shorten the table search.
# 
#               For backwards compatibility reasons,  Postfix  also
#               accepts  OK but it is (and always has been) treated
#               as DUNNO.
# 
#               This feature is available in Postfix 2.1 and later.
# 
#        FILTER transport:destination
#               Write  a  content filter request to the queue file,
#               and inspect the next input line.   After  the  com-
#               plete  message  is received it will be sent through
#               the specified external content filter.  More infor-
#               mation  about  external  content  filters is in the
#               Postfix FILTER_README file.
# 
#               Note: this action overrides the content_filter set-
#               ting, and affects all recipients of the message. In
#               the case that multiple FILTER  actions  fire,  only
#               the last one is executed.
# 
#               This feature is available in Postfix 2.0 and later.
# 
#        HOLD optional text...
#               Arrange for the message to be placed  on  the  hold
#               queue,  and  inspect the next input line.  The mes-
#               sage remains on hold until someone  either  deletes
#               it  or  releases it for delivery.  Log the optional
#               text if specified, otherwise log a generic message.
# 
#               Mail  that  is  placed on hold can be examined with
#               the postcat(1) command, and  can  be  destroyed  or
#               released with the postsuper(1) command.
# 
#               Note:  use  "postsuper -r" to release mail that was
#               kept on hold for a significant fraction  of  $maxi-
#               mal_queue_lifetime  or  $bounce_queue_lifetime,  or
#               longer. Use "postsuper -H" only for mail that  will
#               not expire within a few delivery attempts.
# 
#               Note:  this  action  affects  all recipients of the
#               message.
# 
#               This feature is available in Postfix 2.0 and later.
# 
#        IGNORE Delete the current line from the input, and inspect
#               the next input line.
# 
#        PREPEND text...
#               Prepend one  line  with  the  specified  text,  and
#               inspect the next input line.
# 
#               Notes:
# 
#               o      The  prepended  text is output on a separate
#                      line,  immediately  before  the  input  that
#                      triggered the PREPEND action.
# 
#               o      The prepended text is not considered part of
#                      the input  stream:  it  is  not  subject  to
#                      header/body checks or address rewriting, and
#                      it does not affect the way that Postfix adds
#                      missing message headers.
# 
#               o      When prepending text before a message header
#                      line, the prepended text must begin  with  a
#                      valid message header label.
# 
#               o      This action cannot be used to prepend multi-
#                      line text.
# 
#               This feature is available in Postfix 2.1 and later.
# 
#        REDIRECT user@domain
#               Write  a  message  redirection request to the queue
#               file, and inspect the next input  line.  After  the
#               message is queued, it will be sent to the specified
#               address instead of the intended recipient(s).
# 
#               Note: this action overrides the FILTER action,  and
#               affects  all recipients of the message. If multiple
#               REDIRECT actions fire, only the last  one  is  exe-
#               cuted.
# 
#               This feature is available in Postfix 2.1 and later.
# 
#        REPLACE text...
#               Replace the current line with the  specified  text,
#               and inspect the next input line.
# 
#               This feature is available in Postfix 2.2 and later.
#               The description below applies to Postfix 2.2.2  and
#               later.
# 
#               Notes:
# 
#               o      When  replacing  a  message header line, the
#                      replacement text must  begin  with  a  valid
#                      header label.
# 
#               o      The  replaced text remains part of the input
#                      stream. Unlike the result from  the  PREPEND
#                      action,  a  replaced  message  header may be
#                      subject to address rewriting and may  affect
#                      the  way  that  Postfix adds missing message
#                      headers.
# 
#        REJECT optional text...
#               Reject the  entire  message.  Reply  with  optional
#               text... when the optional text is specified, other-
#               wise reply with a generic error message.
# 
#               Note:  this  action  disables  further  header   or
#               body_checks  inspection  of the current message and
#               affects all recipients.
# 
#               Postfix version 2.3 and later support enhanced sta-
#               tus codes.  When no code is specified at the begin-
#               ning of optional text..., Postfix inserts a default
#               enhanced status code of "5.7.1".
# 
#        WARN optional text...
#               Log  a  warning with the optional text... (or log a
#               generic message), and inspect the next input  line.
#               This action is useful for debugging and for testing
#               a pattern before applying more drastic actions.
# 
# BUGS
#        Many people overlook the main limitations  of  header  and
#        body_checks rules.
# 
#        o      These  rules  operate on one logical message header
#               or one body line at a time. A decision made for one
#               line is not carried over to the next line.
# 
#        o      If  text  in the message body is encoded (RFC 2045)
#               then the rules have to specified  for  the  encoded
#               form.
# 
#        o      Likewise,  when  message  headers  are encoded (RFC
#               2047) then the rules need to be specified  for  the
#               encoded form.
# 
#        Message  headers added by the cleanup(8) daemon itself are
#        excluded from inspection. Examples of such message headers
#        are From:, To:, Message-ID:, Date:.
# 
#        Message  headers  deleted by the cleanup(8) daemon will be
#        examined before they are deleted. Examples are: Bcc:, Con-
#        tent-Length:, Return-Path:.
# 
# CONFIGURATION PARAMETERS
#        body_checks
#               Lookup tables with content filter rules for message
#               body lines.  These filters see one physical line at
#               a  time,  in  chunks  of at most $line_length_limit
#               bytes.
# 
#        body_checks_size_limit
#               The amount of  content  per  message  body  segment
#               (attachment) that is subjected to $body_checks fil-
#               tering.
# 
#        header_checks
# 
#        mime_header_checks (default: $header_checks)
# 
#        nested_header_checks (default: $header_checks)
#               Lookup tables with content filter rules for message
#               header  lines:  respectively,  these are applied to
#               the initial message  headers  (not  including  MIME
#               headers),  to the MIME headers anywhere in the mes-
#               sage, and to the initial headers of  attached  mes-
#               sages.
# 
#               Note:  these filters see one logical message header
#               at a time, even when a message header spans  multi-
#               ple  lines.  Message  headers  that are longer than
#               $header_size_limit characters are truncated.
# 
#        disable_mime_input_processing
#               While receiving mail, give no special treatment  to
#               MIME  related  message  headers; all text after the
#               initial message headers is considered to be part of
#               the  message body. This means that header_checks is
#               applied to all the  initial  message  headers,  and
#               that body_checks is applied to the remainder of the
#               message.
# 
#               Note: when used in this  manner,  body_checks  will
#               process  a  multi-line message header one line at a
#               time.
# 
# EXAMPLES
#        Header pattern to block attachments  with  bad  file  name
#        extensions.
# 
#        /etc/postfix/main.cf:
#            header_checks = regexp:/etc/postfix/header_checks
# 
#        /etc/postfix/header_checks:
#            /^content-(type|disposition):.*name[[:space:]]*=.*\.(exe|vbs)/
#                REJECT Bad attachment file name extension: $2
# 
#        Body pattern to stop a specific HTML browser vulnerability
#        exploit.
# 
#        /etc/postfix/main.cf:
#            body_checks = regexp:/etc/postfix/body_checks
# 
#        /etc/postfix/body_checks:
#            /^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/
#                REJECT IFRAME vulnerability exploit
# 
# SEE ALSO
#        cleanup(8), canonicalize and enqueue Postfix message
#        pcre_table(5), format of PCRE lookup tables
#        regexp_table(5), format of POSIX regular expression tables
#        postconf(1), Postfix configuration utility
#        postmap(1), Postfix lookup table management
#        postsuper(1), Postfix janitor
#        postcat(1), show Postfix queue file contents
#        RFC 2045, base64 and quoted-printable encoding rules
#        RFC 2047, message header encoding for non-ASCII text
# 
# README FILES
#        Use "postconf readme_directory" or  "postconf  html_direc-
#        tory" to locate this information.
#        DATABASE_README, Postfix lookup table overview
#        CONTENT_INSPECTION_README, Postfix content inspection overview
#        BUILTIN_FILTER_README, Postfix built-in content inspection
#        BACKSCATTER_README, blocking returned forged mail
# 
# LICENSE
#        The  Secure  Mailer  license must be distributed with this
#        software.
# 
# AUTHOR(S)
#        Wietse Venema
#        IBM T.J. Watson Research
#        P.O. Box 704
#        Yorktown Heights, NY 10598, USA
# 
#                                                               HEADER_CHECKS(5)
