Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- centos:mail_c7:postfix3_1 [26.01.2019 20:26. ] – [Lockup-Tables] django
+++ centos:mail_c7:postfix3_1 [26.01.2019 20:33. ] – [Paketfilter / Firewall] django
@@ Zeile 2306: / Zeile 2306: @@
   * **[[centos:mail_c7:mta_4?&#virtual|virtual]]**
-\\ \\ \\
-<WRAP center round todo 30%>
-FIXME FIXME FIXME
-  * //**do geds weida!**//
-FIXME FIXME FIXME
-</WRAP>
-\\ \\ \\
 ===== Header-Checks =====
 Möchte man Informationen im Mailheader zum Bewerten verwenden, um so z.B. eine Nachricht zu blocken, kann man dies mit Hilfe der Konfigurationsdatei **header_checks** realisieren.
    # less /etc/postfix/header_checks
 <file bash /etc/postfix/header_checks># HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
 #
 # NAME
 #        header_checks - Postfix built-in content inspection
 #
 # SYNOPSIS
 #        header_checks = pcre:/etc/postfix/header_checks
 #        mime_header_checks = pcre:/etc/postfix/mime_header_checks
 #        nested_header_checks = pcre:/etc/postfix/nested_header_checks
 #        body_checks = pcre:/etc/postfix/body_checks
 #
 #        milter_header_checks = pcre:/etc/postfix/milter_header_checks
@@ Zeile 2448: / Zeile 2441: @@
 #        if /pattern/flags
 #
-#        endif  Match the input string against the patterns between
+#        endif  If the input string matches /pattern/,  then  match
-#               if  and endif, if and only if the same input string
+#               that  input  string against the patterns between if
-#               also matches /pattern/. The if..endif can nest.
+#               and endif.  The if..endif can nest.
 #
 #               Note: do not prepend whitespace to patterns  inside
@@ Zeile 2457: / Zeile 2450: @@
 #        if !/pattern/flags
 #
-#        endif  Match the input string against the patterns between
+#        endif  If  the input string does not match /pattern/, then
-#               if and endif, if and only if the same input  string
+#               match  that  input  string  against  the   patterns
-#               does not match /pattern/. The if..endif can nest.
+#               between if and endif. The if..endif can nest.
 #
 #        blank lines and comments
@@ Zeile 2492: / Zeile 2485: @@
 #        Action names are case insensitive. They are shown in upper
 #        case for consistency with other Postfix documentation.
+#
+#        BCC user@domain
+#               Add the specified address as a BCC  recipient,  and
+#               inspect  the next input line. The address must have
+#               a local part and domain part.  The  number  of  BCC
+#               addresses  that can be added is limited only by the
+#               amount of available storage space.
+#
+#               Note 1: the BCC address is added as if it was spec-
+#               ified  with  NOTIFY=NONE.  The  sender  will not be
+#               notified when the BCC address is undeliverable,  as
+#               long  as  all  down-stream  software implements RFC
+#               3461.
+#
+#               Note 2: this ignores duplicate addresses (with  the
+#               same delivery status notification options).
+#
+#               This feature is available in Postfix 3.0 and later.
+#
+#               This feature is not supported with smtp header/body
+#               checks.
 #
 #        DISCARD optional text...
-#               Claim successful delivery and silently discard  the
+#               Claim  successful delivery and silently discard the
+#               message.  Do not inspect the remainder of the input
 #               message.   Log the optional text if specified, oth-
 #               erwise log a generic message.
@@ Zeile 2521: / Zeile 2536: @@
 #
 #        FILTER transport:destination
-#               After the message is queued, send the  entire  mes-
+#               Override the content_filter parameter setting,  and
-#               sage through the specified external content filter.
+#               inspect  the next input line.  After the message is
-#               The transport name specifies the first field  of  a
+#               queued, send the entire message through the  speci-
-#               mail  delivery  agent  definition in master.cf; the
+#               fied  external  content  filter. The transport name
-#               syntax of the next-hop destination is described  in
+#               specifies the first field of a mail delivery  agent
-#               the  manual  page  of  the  corresponding  delivery
+#               definition in master.cf; the syntax of the next-hop
-#               agent.  More  information  about  external  content
+#               destination is described in the manual page of  the
-#               filters is in the Postfix FILTER_README file.
+#               corresponding  delivery  agent.   More  information
+#               about external content filters is  in  the  Postfix
+#               FILTER_README file.
 #
 #               Note  1: do not use $number regular expression sub-
@@ Zeile 2581: / Zeile 2598: @@
 #
 #        IGNORE Delete the current line from the input, and inspect
-#               the next input line.
+#               the next input line. See STRIP for  an  alternative
+#               that logs the action.
 #
 #        INFO optional text...
 #               Log an "info:" record with the optional text... (or
-#               log  a  generic  text),  and inspect the next input
+#               log a generic text), and  inspect  the  next  input
-#               line. This action is useful for routine logging  or
+#               line.  This action is useful for routine logging or
 #               for debugging.
 #
 #               This feature is available in Postfix 2.8 and later.
+#
+#        PASS optional text...
+#               Log  a "pass:" record with the optional text... (or
+#               log a generic text), and turn off header, body, and
+#               Milter  inspection  for  the remainder of this mes-
+#               sage.
+#
+#               Note: this feature relies on trust  in  information
+#               that is easy to forge.
+#
+#               This feature is available in Postfix 3.2 and later.
+#
+#               This feature is not supported with smtp header/body
+#               checks.
 #
 #        PREPEND text...
-#               Prepend one  line  with  the  specified  text,  and
+#               Prepend  one  line  with  the  specified  text, and
 #               inspect the next input line.
 #
 #               Notes:
 #
-#               o      The  prepended  text is output on a separate
+#               o      The prepended text is output on  a  separate
 #                      line,  immediately  before  the  input  that
 #                      triggered the PREPEND action.
 #
 #               o      The prepended text is not considered part of
-#                      the input  stream:  it  is  not  subject  to
+#                      the  input  stream:  it  is  not  subject to
 #                      header/body checks or address rewriting, and
 #                      it does not affect the way that Postfix adds
@@ Zeile 2608: / Zeile 2640: @@
 #
 #               o      When prepending text before a message header
-#                      line, the prepended text must begin  with  a
+#                      line,  the  prepended text must begin with a
 #                      valid message header label.
 #
-#               o      This action cannot be used to prepend multi-
+#               o      This  action  cannot  be  used  to   prepend
-#                      line text.
+#                      multi-line text.
 #
 #               This feature is available in Postfix 2.1 and later.
@@ Zeile 2620: / Zeile 2652: @@
 #
 #        REDIRECT user@domain
-#               Write a message redirection request  to  the  queue
+#               Write  a  message  redirection request to the queue
-#               file,  and  inspect  the next input line. After the
+#               file, and inspect the next input  line.  After  the
 #               message is queued, it will be sent to the specified
 #               address instead of the intended recipient(s).
 #
-#               Note:  this action overrides the FILTER action, and
+#               Note: this action overrides the FILTER action,  and
-#               affects all recipients of the message. If  multiple
+#               affects  all recipients of the message. If multiple
-#               REDIRECT  actions  fire,  only the last one is exe-
+#               REDIRECT actions fire, only the last  one  is  exe-
 #               cuted.
 #
@@ Zeile 2636: / Zeile 2668: @@
 #
 #        REPLACE text...
-#               Replace the current line with the  specified  text,
+#               Replace  the  current line with the specified text,
 #               and inspect the next input line.
 #
 #               This feature is available in Postfix 2.2 and later.
-#               The description below applies to Postfix 2.2.2  and
+#               The  description below applies to Postfix 2.2.2 and
 #               later.
 #
 #               Notes:
 #
-#               o      When  replacing  a  message header line, the
+#               o      When replacing a message  header  line,  the
-#                      replacement text must  begin  with  a  valid
+#                      replacement  text  must  begin  with a valid
 #                      header label.
 #
-#               o      The  replaced text remains part of the input
+#               o      The replaced text remains part of the  input
-#                      stream. Unlike the result from  the  PREPEND
+#                      stream.  Unlike  the result from the PREPEND
-#                      action,  a  replaced  message  header may be
+#                      action, a replaced  message  header  may  be
-#                      subject to address rewriting and may  affect
+#                      subject  to address rewriting and may affect
-#                      the  way  that  Postfix adds missing message
+#                      the way that Postfix  adds  missing  message
 #                      headers.
 #
 #        REJECT optional text...
-#               Reject the  entire  message.  Reply  with  optional
+#               Reject  the  entire  message.  Do  not  inspect the
-#               text... when the optional text is specified, other-
+#               remainder  of  the  input  message.    Reply   with
-#               wise reply with a generic error message.
+#               optional  text...  when the optional text is speci-
+#               fied, otherwise reply with a generic error message.
 #
-#               Note:  this  action  disables  further  header   or
+#               Note:   this  action  disables  further  header  or
-#               body_checks  inspection  of the current message and
+#               body_checks inspection of the current  message  and
 #               affects all recipients.
 #
@@ Zeile 2672: / Zeile 2705: @@
 #               This feature is not supported with smtp header/body
 #               checks.
+#
+#        STRIP optional text...
+#               Log a "strip:" record with the optional text... (or
+#               log a generic text), delete the input line from the
+#               input,  and inspect the next input line. See IGNORE
+#               for a silent alternative.
+#
+#               This feature is available in Postfix 3.2 and later.
 #
 #        WARN optional text...
-#               Log a "warning:" record with the  optional  text...
+#               Log  a  "warning:" record with the optional text...
 #               (or log a generic text), and inspect the next input
-#               line. This action is useful for debugging  and  for
+#               line.  This  action is useful for debugging and for
-#               testing  a  pattern  before  applying  more drastic
+#               testing a  pattern  before  applying  more  drastic
 #               actions.
 #
 # BUGS
 #        Empty lines never match, because some map types mis-behave
-#        when  given  a zero-length search string.  This limitation
+#        when given a zero-length search string.   This  limitation
-#        may be removed for regular expression tables in  a  future
+#        may  be  removed for regular expression tables in a future
 #        release.
 #
-#        Many  people  overlook  the main limitations of header and
+#        Many people overlook the main limitations  of  header  and
 #        body_checks rules.
 #
-#        o      These rules operate on one logical  message  header
+#        o      These  rules  operate on one logical message header
 #               or one body line at a time. A decision made for one
 #               line is not carried over to the next line.
 #
-#        o      If text in the message body is encoded  (RFC  2045)
+#        o      If  text  in the message body is encoded (RFC 2045)
 #               then the rules need to be specified for the encoded
 #               form.
 #
-#        o      Likewise, when message  headers  are  encoded  (RFC
+#        o      Likewise,  when  message  headers  are encoded (RFC
-#               2047)  then  the rules need to be specified for the
+#               2047) then the rules need to be specified  for  the
 #               encoded form.
 #
-#        Message headers added by the cleanup(8) daemon itself  are
+#        Message  headers added by the cleanup(8) daemon itself are
 #        excluded from inspection. Examples of such message headers
 #        are From:, To:, Message-ID:, Date:.
 #
-#        Message headers deleted by the cleanup(8) daemon  will  be
+#        Message  headers  deleted by the cleanup(8) daemon will be
 #        examined before they are deleted. Examples are: Bcc:, Con-
 #        tent-Length:, Return-Path:.
@@ Zeile 2713: / Zeile 2754: @@
 #               Lookup tables with content filter rules for message
 #               body lines.  These filters see one physical line at
-#               a time, in chunks  of  at  most  $line_length_limit
+#               a  time,  in  chunks  of at most $line_length_limit
 #               bytes.
 #
 #        body_checks_size_limit
-#               The  amount  of  content  per  message body segment
+#               The amount of  content  per  message  body  segment
 #               (attachment) that is subjected to $body_checks fil-
 #               tering.
@@ Zeile 2727: / Zeile 2768: @@
 #        nested_header_checks (default: $header_checks)
 #               Lookup tables with content filter rules for message
-#               header lines: respectively, these  are  applied  to
+#               header  lines:  respectively,  these are applied to
-#               the  initial  message  headers  (not including MIME
+#               the initial message  headers  (not  including  MIME
-#               headers), to the MIME headers anywhere in the  mes-
+#               headers),  to the MIME headers anywhere in the mes-
-#               sage,  and  to the initial headers of attached mes-
+#               sage, and to the initial headers of  attached  mes-
 #               sages.
 #
-#               Note: these filters see one logical message  header
+#               Note:  these filters see one logical message header
-#               at  a time, even when a message header spans multi-
+#               at a time, even when a message header spans  multi-
-#               ple lines. Message headers  that  are  longer  than
+#               ple  lines.  Message  headers  that are longer than
 #               $header_size_limit characters are truncated.
 #
 #        disable_mime_input_processing
-#               While  receiving mail, give no special treatment to
+#               While receiving mail, give no special treatment  to
-#               MIME related message headers; all  text  after  the
+#               MIME  related  message  headers; all text after the
 #               initial message headers is considered to be part of
-#               the message body. This means that header_checks  is
+#               the  message body. This means that header_checks is
-#               applied  to  all  the  initial message headers, and
+#               applied to all the  initial  message  headers,  and
 #               that body_checks is applied to the remainder of the
 #               message.
 #
-#               Note:  when  used  in this manner, body_checks will
+#               Note: when used in this  manner,  body_checks  will
-#               process a multi-line message header one line  at  a
+#               process  a  multi-line message header one line at a
 #               time.
 #
 # EXAMPLES
-#        Header  pattern  to  block  attachments with bad file name
+#        Header pattern to block attachments  with  bad  file  name
-#        extensions.  For convenience, the PCRE /x flag  is  speci-
+#        extensions.   For  convenience, the PCRE /x flag is speci-
-#        fied,  so  that  there  is no need to collapse the pattern
+#        fied, so that there is no need  to  collapse  the  pattern
-#        into  a  single  line  of  text.   The  purpose   of   the
+#        into   a   single  line  of  text.   The  purpose  of  the
 #        [[:xdigit:]] sub-expressions is to recognize Windows CLSID
 #        strings.
@@ Zeile 2763: / Zeile 2804: @@
 #
 #        /etc/postfix/header_checks.pcre:
-#            /^Content-(Disposition|Type).*name\s*=\s*"?(.*(\.|=2E)(
+#            /^Content-(Disposition|Type).*name\s*=\s*"?([^;]*(\.|=2E)(
 #              ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|
 #              hlp|ht[at]|
@@ Zeile 2794: / Zeile 2835: @@
 #
 # README FILES
-#        Use  "postconf  readme_directory" or "postconf html_direc-
+#        Use "postconf readme_directory" or  "postconf  html_direc-
 #        tory" to locate this information.
 #        DATABASE_README, Postfix lookup table overview
@@ Zeile 2802: / Zeile 2843: @@
 #
 # LICENSE
-#        The Secure Mailer license must be  distributed  with  this
+#        The  Secure  Mailer  license must be distributed with this
 #        software.
 #
@@ Zeile 2811: / Zeile 2852: @@
 #        Yorktown Heights, NY 10598, USA
 #
-#
+#        Wietse Venema
-</file>
+#        Google, Inc.
+#        111 8th Avenue
-Wie dies im Detail von Statten geht werden wir uns in einem separaten Schritt [[centos:mail_c7:mta_3?&#inhaltliche_pruefungen|Grundabsicherung von Postfix]] noch genauer ansehen. FIXME
+#        New York, NY 10011, USA
+#
+#                                                               HEADER_CHECKS(5)</file>
+Wie dies im Detail von Statten geht werden wir uns in einem separaten Schritt [[centos:mail_c7:mta_3?&#inhaltliche_pruefungen|Grundabsicherung von Postfix]] noch genauer ansehen.
 ===== Paketfilter / Firewall =====
 Damit fremde **MTA**s((**M**ail **T**ransfer **A**gent)) auf **[[centos:mail_c7:mta_1#smtpd|SMTP]]**-Port **25** und unsere Kunden mit deren **MUA**s((**M**ail **U**ser **A**gent)) auf dem **[[centos:mail_c7:mta_1#submission|Submission]]**-Port **587** ihre Nachrichten bei unserem Postfix-Mailserver einliefern können, müssen wir für diese noch Änderungen am Paketfilter **firewalld** vornehmen.
@@ Zeile 2842: / Zeile 2886: @@
+\\ \\ \\
+<WRAP center round todo 30%>
+FIXME FIXME FIXME
+  * //**do geds weida!**//
+FIXME FIXME FIXME
+</WRAP>
+\\ \\ \\
 ===== Systemstart =====
 ==== erster manueller Start ====