1MIMEDEFANG(8) System Manager's Manual MIMEDEFANG(8)
2
6 mimedefang - Sendmail MIME mail filter
7
9 mimedefang prcap
10 mimedefang -p connection -m mx_socket_name -U user [options]
12
15 mimedefang is a filter built around Sendmail 8.11's milter API for mail
16 filters. It collects each incoming message and runs a filter on the
17 message. This is useful for deleting attachments which may be a secu‐
18 rity risk on poorly-designed systems like Microsoft Windows.
19 mimedefang does not actually run the Perl filter; instead, it communi‐
21 cates with mimedefang-multiplexor(8), which manages a pool of persis‐
22 tent Perl processes. See the mimedefang-multiplexor man page for addi‐
23 tional information.
24
27 If you invoke mimedefang with the single argument prcap, it prints in‐
28 formation about the version of Milter it is linked against and exits.
29 Otherwise, you should invoke mimedefang as shown in the second line of
30 the SYNOPSIS.
31 -U user
34 Runs mimedefang as user rather than root. The user argument
35 must match the argument to mimedefang-multiplexor's -U option as
36 well.
37 -y If the -y command-line option is given, MIMEDefang will call
40 smfi_setsymlist to set the list of macros it wants. This func‐
41 tion leaked memory in versions of Sendmail prior to 8.14.4 so by
42 default we do not call it. If you are running an older version
43 of sendmail, you should explicitly set the list of macros you
44 want in the Sendmail configuration file.
45 -z spooldir
48 Set the spool directory to spooldir. If this option is omitted,
49 the spool directory defaults to /var/spool/MIMEDefang.
50 -p connection
53 The -p switch is required and specifies the milter connection
54 type. Typically, you should run mimedefang on the same computer
55 as sendmail. Therefore, you should use a UNIX-domain socket for
56 the connection type. The suggested value for the -p switch is
57 mimedefang.sock under the spool directory.
58 -m mx_socket_name
61 Specifies the socket for communicating with mimedefang-multi‐
62 plexor(8). The mx_socket_name specifies the path of the UNIX-
63 domain socket. See mimedefang-multiplexor(8) for details.
64 -b backlog
67 Sets the "backlog" argument to the listen(2) system call to
68 backlog. If this option is omitted, then the operating-system
69 default backlog is used.
70 -G Normally, mimedefang uses a umask of 077 when creating the mil‐
73 ter socket and files. If you would like the socket to be read‐
74 able and writeable by the group and files to be group-readable,
75 supply the -G option. This causes the umask to be 007 whenever
76 UNIX-domain sockets are created and 027 whenever files are cre‐
77 ated. Note: if your milter library is too old to have the
78 smfi_opensocket() function, the -G option causes mimedefang to
79 use a umask of 007 throughout its execution.
80 Note that by default, /var/spool/MIMEDefang is created with mode
82 0700. If you use the -G option, you probably should change the
83 mode to 0750.
84 -d The -d switch causes mimedefang not to delete the temporary
87 spool files it creates for incoming messages. This is for de‐
88 bugging purposes only and should never be used on a production
89 mail server.
90 -r Causes mimedefang to perform a relay check before processing any
93 messages. It calls into a user-supplied Perl function called
94 filter_relay with the IP address and host name of the sending
95 relay. (See mimedefang-filter(5) for details.)
96 -H Causes mimedefang to perform a HELO check before processing any
99 messages. It calls into a user-supplied Perl function called
100 filter_helo with the IP address and host name of the sending re‐
101 lay, and the HELO argument. (See mimedefang-filter(5) for de‐
102 tails.)
103 -s Causes mimedefang to perform a sender check before processing
107 the message body. It calls into a user-supplied Perl function
108 called filter_sender with the envelope address of the sender.
109 (See mimedefang-filter(5) for details.)
110 -t Causes mimedefang to perform recipient checks before processing
113 the message body. It calls into a user-supplied Perl function
114 called filter_recipient with the envelope address of each recip‐
115 ient. (See mimedefang-filter(5) for details.)
116 -q Permits the multiplexor to queue new connections. See the sec‐
119 tion QUEUEING REQUESTS in the mimedefang-multiplexor man page.
120 Note that this option and the -R option are mutually-exclusive.
121 If you supply -q, then -R is ignored.
122 -k Causes mimedefang not to delete working directories if a filter
125 fails. This lets you obtain the message which caused the filter
126 to fail and determine what went wrong. mimedefang logs the di‐
127 rectory containing the failed message using syslog.
128 -P fileName
131 Causes mimedefang to write its process-ID (after becoming a dae‐
132 mon) to the specified file. The file will be owned by root.
133 -o fileName
136 Causes mimedefang to use fileName as a lock file to avoid multi‐
137 ple instances from running. If you supply -P but not -o, then
138 mimedefang constructs a lock file by appending ".lock" to the
139 pid file. However, this is less secure than having a root-owned
140 pid file in a root-owned directory and a lock file writable by
141 the user named by the -U option. (The lock file must be
142 writable by the -U user.)
143 -R num Normally, mimedefang tempfails a new SMTP connection if there
146 are no free workers. Supplying the -R num option makes mimede‐
147 fang tempfail new connections if there are fewer than num free
148 workers, unless the connection is from the local host. This al‐
149 lows you to favour connections from localhost so your client‐
150 mqueue doesn't build up. Note that supplying -R 0 is subtly
151 different from omitting the option; in this case, mimedefang
152 permits new connections from localhost to queue, but not connec‐
153 tions from other hosts (unless you also supply the -q option.)
154 The purpose of the -R option is to reserve resources for client‐
156 mqueue runs. Otherwise, on a very busy mail server, client‐
157 mqueue runs can starve for a long time, leading to delays for
158 locally-generated or streamed mail. We recommend using a small
159 number for num; probably no more than 3 or 10% of the total num‐
160 ber of workers (whichever is smaller.)
161 Note that this option and the -q option are mutually-exclusive.
163 If you supply -q, then -R is ignored.
164 -C Conserve file descriptors by opening and closing disk files more
167 often. (Disk files are never held open across Milter call‐
168 backs.) While this shortens the length of time a file descrip‐
169 tor is open, it also leaves more opportunities for the open to
170 fail. We do not recommend the use of this flag except on very
171 busy systems that exhibit failures due to a shortage of file de‐
172 scriptors.
173 -T Causes mimedefang to log the run-time of the Perl filter using
176 syslog.
177 -x string
180 Add string as the content of the X-Scanned-By: header. If you
181 set string to the empty string (i.e. -x ""), then no X-Scanned-
182 By: header will be added.
183 -X Do not add an X-Scanned-By: header. Specifying -X is equivalent
186 to specifying -x "".
187 -D Do not fork into the background and become a daemon. Instead,
190 stay in the foreground. Useful mainly for debugging or if you
191 have a supervisory process managing mimedefang.
192 -M This option is obsolete; it is accepted for backward-compatibil‐
195 ity, but is ignored.
196 -N Normally, mimedefang sees all envelope recipients, even ones
199 that Sendmail knows to be invalid. If you don't want Sendmail
200 to perform a milter callback for recipients it knows to be in‐
201 valid, invoke mimedefang with the -N flag. Please note that
202 this flag only works with Sendmail and Milter 8.14.0 and newer.
203 It has no effect if you're running an older version of Sendmail
204 or Milter.
205 -S facility
208 Specifies the syslog facility for log messages. The default is
209 mail. See openlog(3) for a list of valid facilities. You can
210 use either the short name ("mail") or long name ("LOG_MAIL") for
211 the facility name.
212 -a macro
215 Pass the value of the specified Sendmail macro through to the
216 Perl filter. You can repeat the -a option to write more macros
217 than the built-in defaults. Note that in addition to asking
218 mimedefang to pass the macro value to the filter, you must con‐
219 figure Sendmail to pass the macro through to mimedefang using
220 the confMILTER_MACROS_ENVFROM definition in Sendmail's m4 con‐
221 figuration file.
222 -c Strip "bare" carriage-returns (CR) characters from the message
225 body. A bare CR should never appear in an e-mail message.
226 Older versions of mimedefang used to strip them out automati‐
227 cally, but now they are left in by default. The -c option en‐
228 ables the older behavior.
229 -h Print usage information and exit.
231
234 When mimedefang starts, it connects to sendmail using the milter API.
235 (See the Sendmail 8.11 documentation.) For each incoming message,
236 mimedefang creates a temporary directory and saves information in the
237 directory. At various phases during the SMTP conversation, mimedefang
238 communicates with mimedefang-multiplexor to perform various operations.
239 mimedefang-multiplexor manages a pool of persistent Perl processes that
240 actually perform the mail scanning operations.
241 When a Perl process scans an e-mail, the temporary spool directory con‐
244 tains certain files; details of the communication protocol between
245 mimedefang and the Perl script are in mimedefang-protocol(7).
246
249 mimedefang does violence to the flow of e-mail. The Perl filter is
250 quite picky and assumes that MIME e-mail messages are well-formed.
251 While I have tried to make the script safe, I take no responsibility
252 for lost or mangled e-mail messages or any security holes this script
253 may introduce.
254
257 mimedefang was written by Dianne Skoll <dfs@roaringpenguin.com>. The
258 mimedefang home page is http://www.mimedefang.org/.
259
262 mimedefang.pl(8), mimedefang-filter(5), mimedefang-multiplexor(8),
263 mimedefang-protocol(7), mimedefang-release(8)
2644th Berkeley Distribution 8 February 2005 MIMEDEFANG(8)