1MIMEDEFANG(8) System Manager's Manual MIMEDEFANG(8)
2
6 mimedefang - Sendmail MIME mail filter
7
9 mimedefang prcap
10 mimedefang -p connection -m mx_socket_name -U user [options]
12
15 mimedefang is a filter built around Sendmail 8.11's milter API for mail
16 filters. It collects each incoming message and runs a filter on the
17 message. This is useful for deleting attachments which may be a secu‐
18 rity risk on poorly-designed systems like Microsoft Windows.
19 mimedefang does not actually run the Perl filter; instead, it communi‐
21 cates with mimedefang-multiplexor(8), which manages a pool of persis‐
22 tent Perl processes. See the mimedefang-multiplexor man page for addi‐
23 tional information.
24
27 If you invoke mimedefang with the single argument prcap, it prints
28 information about the version of Milter it is linked against and exits.
29 Otherwise, you should invoke mimedefang as shown in the second line of
30 the SYNOPSIS.
31 -U user
34 Runs mimedefang as user rather than root. The user argument
35 must match the argument to mimedefang-multiplexor's -U option as
36 well.
37 -z spooldir
40 Set the spool directory to spooldir. If this option is omitted,
41 the spool directory defaults to /var/spool/MIMEDefang.
42 -p connection
45 The -p switch is required and specifies the milter connection
46 type. Typically, you should run mimedefang on the same computer
47 as sendmail. Therefore, you should use a UNIX-domain socket for
48 the connection type. The suggested value for the -p switch is
49 mimedefang.sock under the spool directory.
50 -m mx_socket_name
53 Specifies the socket for communicating with mimedefang-multi‐
54 plexor(8). The mx_socket_name specifies the path of the UNIX-
55 domain socket. See mimedefang-multiplexor(8) for details.
56 -b backlog
59 Sets the "backlog" argument to the listen(2) system call to
60 backlog. If this option is omitted, then the operating-system
61 default backlog is used.
62 -d The -d switch causes mimedefang not to delete the temporary
65 spool files it creates for incoming messages. This is for
66 debugging purposes only and should never be used on a production
67 mail server.
68 -r Causes mimedefang to perform a relay check before processing any
71 messages. It calls into a user-supplied Perl function called
72 filter_relay with the IP address and host name of the sending
73 relay. (See mimedefang-filter(5) for details.)
74 -H Causes mimedefang to perform a HELO check before processing any
77 messages. It calls into a user-supplied Perl function called
78 filter_helo with the IP address and host name of the sending
79 relay, and the HELO argument. (See mimedefang-filter(5) for
80 details.)
81 -s Causes mimedefang to perform a sender check before processing
85 the message body. It calls into a user-supplied Perl function
86 called filter_sender with the envelope address of the sender.
87 (See mimedefang-filter(5) for details.)
88 -t Causes mimedefang to perform recipient checks before processing
91 the message body. It calls into a user-supplied Perl function
92 called filter_recipient with the envelope address of each recip‐
93 ient. (See mimedefang-filter(5) for details.)
94 -q Permits the multiplexor to queue new connections. See the sec‐
97 tion QUEUEING REQUESTS in the mimedefang-multiplexor man page.
98 Note that this option and the -R option are mutually-exclusive.
99 If you supply -q, then -R is ignored.
100 -k Causes mimedefang not to delete working directories if a filter
103 fails. This lets you obtain the message which caused the filter
104 to fail and determine what went wrong. mimedefang logs the
105 directory containing the failed message using syslog.
106 -P fileName
109 Causes mimedefang to write its process-ID (after becoming a dae‐
110 mon) to the specified file.
111 -R num Normally, mimedefang tempfails a new SMTP connection if there
114 are no free slaves. Supplying the -R num option makes mimede‐
115 fang tempfail new connections if there are fewer than num free
116 slaves, unless the connection is from the local host. This
117 allows you to favour connections from localhost so your client‐
118 mqueue doesn't build up. Note that supplying -R 0 is subtly
119 different from omitting the option; in this case, mimedefang
120 permits new connections from localhost to queue, but not connec‐
121 tions from other hosts (unless you also supply the -q option.)
122 The purpose of the -R option is to reserve resources for client‐
124 mqueue runs. Otherwise, on a very busy mail server, client‐
125 mqueue runs can starve for a long time, leading to delays for
126 locally-generated or streamed mail. We recommend using a small
127 number for num; probably no more than 3 or 10% of the total num‐
128 ber of slaves (whichever is smaller.)
129 Note that this option and the -q option are mutually-exclusive.
131 If you supply -q, then -R is ignored.
132 -C Conserve file descriptors by opening and closing disk files more
135 often. (Disk files are never held open across Milter call‐
136 backs.) While this shortens the length of time a file descrip‐
137 tor is open, it also leaves more opportunities for the open to
138 fail. We do not recommend the use of this flag except on very
139 busy systems that exhibit failures due to a shortage of file
140 descriptors.
141 -T Causes mimedefang to log the run-time of the Perl filter using
144 syslog.
145 -x string
148 Add string as the content of the X-Scanned-By: header. If you
149 set string to the empty string (i.e. -x ""), then no X-Scanned-
150 By: header will be added.
151 -X Do not add an X-Scanned-By: header. Specifying -X is equivalent
154 to specifying -x "".
155 -D Do not fork into the background and become a daemon. Instead,
158 stay in the foreground. Useful mainly for debugging or if you
159 have a supervisory process managing mimedefang.
160 -M When mimedefang processes a message, it creates a temporary
163 working directory. On some architectures, you might have to
164 protect this action with a "mutex" to stop different threads
165 from interfering with each other. This should not normally be
166 necessary, but if you see many logs that mimedefang is unable to
167 create the working directory, use the -M flag.
168 -N Normally, mimedefang sees all envelope recipients, even ones
171 that Sendmail knows to be invalid. If you don't want Sendmail
172 to perform a milter callback for recipients it knows to be
173 invalid, invoke mimedefang with the -N flag. Please note that
174 this flag only works with Sendmail and Milter 8.14.0 and newer.
175 It has no effect if you're running an older version of Sendmail
176 or Milter.
177 -S facility
180 Specifies the syslog facility for log messages. The default is
181 mail. See openlog(3) for a list of valid facilities. You can
182 use either the short name ("mail") or long name ("LOG_MAIL") for
183 the facility name.
184 -a macro
187 Pass the value of the specified Sendmail macro through to the
188 Perl filter. You can repeat the -a option to write more macros
189 than the built-in defaults. Note that in addition to asking
190 mimedefang to pass the macro value to the filter, you must con‐
191 figure Sendmail to pass the macro through to mimedefang using
192 the confMILTER_MACROS_ENVFROM definition in Sendmail's m4 con‐
193 figuration file.
194 -c Strip "bare" carriage-returns (CR) characters from the message
197 body. A bare CR should never appear in an e-mail message.
198 Older versions of mimedefang used to strip them out automati‐
199 cally, but now they are left in by default. The -c option
200 enables the older behavior.
201 -h Print usage information and exit.
203
206 When mimedefang starts, it connects to sendmail using the milter API.
207 (See the Sendmail 8.11 documentation.) For each incoming message,
208 mimedefang creates a temporary directory and saves information in the
209 directory. At various phases during the SMTP conversation, mimedefang
210 communicates with mimedefang-multiplexor to perform various operations.
211 mimedefang-multiplexor manages a pool of persistent Perl processes that
212 actually perform the mail scanning operations.
213 When a Perl process scans an e-mail, the temporary spool directory con‐
216 tains certain files; details of the communication protocol between
217 mimedefang and the Perl script are in mimedefang-protocol(7).
218
221 mimedefang does violence to the flow of e-mail. The Perl filter is
222 quite picky and assumes that MIME e-mail messages are well-formed.
223 While I have tried to make the script safe, I take no responsibility
224 for lost or mangled e-mail messages or any security holes this script
225 may introduce.
226
229 mimedefang was written by David F. Skoll <dfs@roaringpenguin.com>. The
230 mimedefang home page is http://www.mimedefang.org/.
231
234 mimedefang.pl(8), mimedefang-filter(5), mimedefang-multiplexor(8),
235 mimedefang-protocol(7)
2364th Berkeley Distribution 8 February 2005 MIMEDEFANG(8)