mimedefang - Sendmail MIME mail filter
mimedefang prcap
mimedefang -p connection -m mx_socket_name -U
user [options]
mimedefang is a filter built around Sendmail 8.11's
milter API for mail filters. It collects each incoming message and
runs a filter on the message. This is useful for deleting attachments which
may be a security risk on poorly-designed systems like Microsoft
Windows.
mimedefang does not actually run the Perl filter; instead,
it communicates with mimedefang-multiplexor(8), which manages a pool
of persistent Perl processes. See the mimedefang-multiplexor man page
for additional information.
If you invoke mimedefang with the single argument
prcap, it prints information about the version of Milter it is linked
against and exits. Otherwise, you should invoke mimedefang as shown
in the second line of the SYNOPSIS.
- -U user
- Runs mimedefang as user rather than root. The
user argument must match the argument to
mimedefang-multiplexor's -U option as well.
- -y
- If the -y command-line option is given, MIMEDefang will call
smfi_setsymlist to set the list of macros it wants. This function
leaked memory in versions of Sendmail prior to 8.14.4 so by default
we do not call it. If you are running an older version of sendmail, you
should explicitly set the list of macros you want in the Sendmail
configuration file.
- -z spooldir
- Set the spool directory to spooldir. If this option is omitted, the
spool directory defaults to /var/spool/MIMEDefang.
- -p connection
- The -p switch is required and specifies the milter
connection type. Typically, you should run mimedefang on the same
computer as sendmail. Therefore, you should use a UNIX-domain
socket for the connection type. The suggested value for the -p
switch is mimedefang.sock under the spool directory.
- -m
mx_socket_name
- Specifies the socket for communicating with
mimedefang-multiplexor(8). The mx_socket_name specifies the
path of the UNIX-domain socket. See mimedefang-multiplexor(8) for
details.
- -b backlog
- Sets the "backlog" argument to the listen(2) system call
to backlog. If this option is omitted, then the operating-system
default backlog is used.
- -G
- Normally, mimedefang uses a umask of 077 when creating the milter
socket and files. If you would like the socket to be readable and
writeable by the group and files to be group-readable, supply the
-G option. This causes the umask to be 007 whenever UNIX-domain
sockets are created and 027 whenever files are created. Note: if
your milter library is too old to have the smfi_opensocket() function, the
-G option causes mimedefang to use a umask of 007 throughout
its execution.
Note that by default, /var/spool/MIMEDefang is created with
mode 0700. If you use the -G option, you probably should change
the mode to 0750.
- -d
- The -d switch causes mimedefang not to delete the
temporary spool files it creates for incoming messages. This is for
debugging purposes only and should never be used on a production
mail server.
- -r
- Causes mimedefang to perform a relay check before processing any
messages. It calls into a user-supplied Perl function called
filter_relay with the IP address and host name of the sending
relay. (See mimedefang-filter(5) for details.)
- -H
- Causes mimedefang to perform a HELO check before processing any
messages. It calls into a user-supplied Perl function called
filter_helo with the IP address and host name of the sending relay,
and the HELO argument. (See mimedefang-filter(5) for details.)
- -s
- Causes mimedefang to perform a sender check before processing the
message body. It calls into a user-supplied Perl function called
filter_sender with the envelope address of the sender. (See
mimedefang-filter(5) for details.)
- -t
- Causes mimedefang to perform recipient checks before processing the
message body. It calls into a user-supplied Perl function called
filter_recipient with the envelope address of each recipient. (See
mimedefang-filter(5) for details.)
- -q
- Permits the multiplexor to queue new connections. See the section QUEUEING
REQUESTS in the mimedefang-multiplexor man page. Note that this option and
the -R option are mutually-exclusive. If you supply -q, then
-R is ignored.
- -k
- Causes mimedefang not to delete working directories if a
filter fails. This lets you obtain the message which caused the filter to
fail and determine what went wrong. mimedefang logs the directory
containing the failed message using syslog.
- -P fileName
- Causes mimedefang to write its process-ID (after becoming a daemon)
to the specified file. The file will be owned by root.
- -o fileName
- Causes mimedefang to use fileName as a lock file to avoid multiple
instances from running. If you supply -P but not -o, then
mimedefang constructs a lock file by appending ".lock" to the
pid file. However, this is less secure than having a root-owned pid file
in a root-owned directory and a lock file writable by the user named by
the -U option. (The lock file must be writable by the -U
user.)
- -R num
- Normally, mimedefang tempfails a new SMTP connection if there are
no free workers. Supplying the -R num option makes
mimedefang tempfail new connections if there are fewer than
num free workers, unless the connection is from the local
host. This allows you to favour connections from localhost so your
clientmqueue doesn't build up. Note that supplying -R 0 is subtly
different from omitting the option; in this case, mimedefang
permits new connections from localhost to queue, but not connections from
other hosts (unless you also supply the -q option.)
The purpose of the -R option is to reserve resources
for clientmqueue runs. Otherwise, on a very busy mail server,
clientmqueue runs can starve for a long time, leading to delays for
locally-generated or streamed mail. We recommend using a small number
for num; probably no more than 3 or 10% of the total number of
workers (whichever is smaller.)
Note that this option and the -q option are
mutually-exclusive. If you supply -q, then -R is
ignored.
- -C
- Conserve file descriptors by opening and closing disk files more often.
(Disk files are never held open across Milter callbacks.) While this
shortens the length of time a file descriptor is open, it also leaves more
opportunities for the open to fail. We do not recommend the use of this
flag except on very busy systems that exhibit failures due to a shortage
of file descriptors.
- -T
- Causes mimedefang to log the run-time of the Perl filter using
syslog.
- -x string
- Add string as the content of the X-Scanned-By: header. If you set
string to the empty string (i.e. -x ""), then no
X-Scanned-By: header will be added.
- -X
- Do not add an X-Scanned-By: header. Specifying -X is equivalent to
specifying -x "".
- -D
- Do not fork into the background and become a daemon. Instead, stay in the
foreground. Useful mainly for debugging or if you have a supervisory
process managing mimedefang.
- -M
- This option is obsolete; it is accepted for backward-compatibility, but is
ignored.
- -N
- Normally, mimedefang sees all envelope recipients, even ones that
Sendmail knows to be invalid. If you don't want Sendmail to perform a
milter callback for recipients it knows to be invalid, invoke
mimedefang with the -N flag. Please note that this flag
only works with Sendmail and Milter 8.14.0 and newer. It has no
effect if you're running an older version of Sendmail or Milter.
- -S facility
- Specifies the syslog facility for log messages. The default is
mail. See openlog(3) for a list of valid facilities. You can
use either the short name ("mail") or long name
("LOG_MAIL") for the facility name.
- -a macro
- Pass the value of the specified Sendmail macro through to the Perl filter.
You can repeat the -a option to write more macros than the built-in
defaults. Note that in addition to asking mimedefang to pass the
macro value to the filter, you must configure Sendmail to pass the macro
through to mimedefang using the confMILTER_MACROS_ENVFROM
definition in Sendmail's m4 configuration file.
- -c
- Strip "bare" carriage-returns (CR) characters from the message
body. A bare CR should never appear in an e-mail message. Older versions
of mimedefang used to strip them out automatically, but now they
are left in by default. The -c option enables the older
behavior.
- -h
- Print usage information and exit.
When mimedefang starts, it connects to sendmail
using the milter API. (See the Sendmail 8.11 documentation.) For each
incoming message, mimedefang creates a temporary directory and saves
information in the directory. At various phases during the SMTP
conversation, mimedefang communicates with
mimedefang-multiplexor to perform various operations.
mimedefang-multiplexor manages a pool of persistent Perl processes
that actually perform the mail scanning operations.
When a Perl process scans an e-mail, the temporary spool directory
contains certain files; details of the communication protocol between
mimedefang and the Perl script are in
mimedefang-protocol(7).
mimedefang does violence to the flow of e-mail. The Perl
filter is quite picky and assumes that MIME e-mail messages are well-formed.
While I have tried to make the script safe, I take no responsibility
for lost or mangled e-mail messages or any security holes this script may
introduce.
mimedefang was written by Dianne Skoll
<dfs@roaringpenguin.com>. The mimedefang home page is
http://www.mimedefang.org/.