These checks control on the content of message headers and message body lines; it is implemented by the Postfix cleanup server before mail is queued. Each message header or message body line is compared against a list of patterns. When a match is found the corresponding action is executed, and the matching process is repeated for the next message header or message body line. Note: message headers are examined one logical header at a time, even when a message header spans multiple lines. Body lines are always examined one line at a time. Postfix header or body_checks are designed to stop a flood of mail from worms or viruses; they do not decode attachments, and they do not unzip archives.
More detailed documentation can be found on the Postfix website: Postfix header checks.
• Do not try to manually enable PCRE support if your OS uses the Postfix packages provided by Plesk because the package manager will try to downgrade Postfix to the default OS version. The Postfix packages provided by Plesk already have PCRE support enabled by default.
• Checks will use the pcre lookup table type if PCRE support is enabled in Postfix otherwise it will fall back to regexp. • Administrators can check ifpcre
is supported by Postfix using the commandpostconf -m
.
• Administrators can edit access files directly in Warden by clicking on the "Advanced" button on any of the grids under Warden -> Settings -> Mail Server Checks. This makes it easy to make changes in bulk.
Header and body check entries will be added by Warden automatically. For example when adding a header entry in the grid the line header_checks = pcre:/etc/postfix/header_checks
will be added to /etc/postfix/main.cf
on a server supporting PCRE lookup tables.
Postfix parameter | Lookup type | Check entry | Description |
---|---|---|---|
header_checks |
pcre (if supported) or regexp | pcre:/etc/postfix/header_checks or regexp:/etc/postfix/header_checks |
The file containing the headers checks to perform. |
body_checks |
pcre (if supported) or regexp | pcre:/etc/postfix/body_checks or regexp:/etc/postfix/body_checks |
The file contanining the body checks to perform. |
/pattern/flags action optional text
Header Check Example (/etc/postfix/header_checks)
// reject mail matching a specific subject (case insensitive)
/^Subject: make money fast/i REJECT Your subject is banned.
Body Check Example (/etc/postfix/body_checks)
// reject any mail with viagra in the body (case insensitive)
/viagra/i REJECT Your mail contains a banned keyword.
To blacklist an entry use the
REJECT
action. Using theDISCARD
action is not recommended!
Action | Description |
---|---|
REJECT [optional text] |
Reject the request. You can optionally specify a short string of text to be used in the reply and with logging for this message; otherwise, Postfix uses the general reply code and text configured for the restriction. |
OK |
Accept the request. Processing for the current rule stops. Postfix moves on to the next restriction rule. |
DUNNO |
Stop checking entries for that key in the lookup table. Postfix moves on to the next restriction for the current rule. |
DISCARD [optional text] |
Report a successful delivery to the client, but drop the message. You can optionally specify a short string of text to be logged; otherwise, Postfix logs a generic message. |
HOLD [optional text] |
Place the message in the hold queue. You can optionally specify a short string of text to be logged; otherwise, Postfix logs a generic message. |
BCC [user@example.com] |
Send one copy of the message to the specified recipient. |
REDIRECT [user@example.com] |
Send the message to the specified address instead of the intended recipient(s). |
PREPEND [header: text] |
Prepend the specified message header to the message. |
INFO [optional text] |
Place an informational message in the log file with client information, helo, sender, recipient, and protocol information . You can optionally specify a short string of text to be logged; otherwise, Postfix logs a generic message. |
WARN [optional text] |
Place a warning message in the log file. You can optionally specify a short string of text to be logged; otherwise, Postfix logs a generic message. |