MIMEDEFANG(8)MIMEDEFANG(8)NAMEmimedefang - Sendmail MIME mail filter
SYNOPSISmimedefang prcap
mimedefang-p connection -m mx_socket_name -U user [options]
DESCRIPTIONmimedefang is a filter built around Sendmail 8.11's milter API for mail
filters. It collects each incoming message and runs a filter on the
message. This is useful for deleting attachments which may be a secu‐
rity risk on poorly-designed systems like Microsoft Windows.
mimedefang does not actually run the Perl filter; instead, it communi‐
cates with mimedefang-multiplexor(8), which manages a pool of persis‐
tent Perl processes. See the mimedefang-multiplexor man page for addi‐
tional information.
OPTIONS
If you invoke mimedefang with the single argument prcap, it prints
information about the version of Milter it is linked against and exits.
Otherwise, you should invoke mimedefang as shown in the second line of
the SYNOPSIS.
-U user
Runs mimedefang as user rather than root. The user argument
must match the argument to mimedefang-multiplexor's -U option as
well.
-y If the -y command-line option is given, MIMEDefang will call
smfi_setsymlist to set the list of macros it wants. This func‐
tion leaked memory in versions of Sendmail prior to 8.14.4 so by
default we do not call it. If you are running an older version
of sendmail, you should explicitly set the list of macros you
want in the Sendmail configuration file.
-z spooldir
Set the spool directory to spooldir. If this option is omitted,
the spool directory defaults to /var/spool/MIMEDefang.
-p connection
The -p switch is required and specifies the milter connection
type. Typically, you should run mimedefang on the same computer
as sendmail. Therefore, you should use a UNIX-domain socket for
the connection type. The suggested value for the -p switch is
mimedefang.sock under the spool directory.
-m mx_socket_name
Specifies the socket for communicating with mimedefang-multi‐
plexor(8). The mx_socket_name specifies the path of the UNIX-
domain socket. See mimedefang-multiplexor(8) for details.
-b backlog
Sets the "backlog" argument to the listen(2) system call to
backlog. If this option is omitted, then the operating-system
default backlog is used.
-G Normally, mimedefang uses a umask of 077 when creating the mil‐
ter socket and files. If you would like the socket to be read‐
able and writeable by the group and files to be group-readable,
supply the -G option. This causes the umask to be 007 whenever
UNIX-domain sockets are created and 027 whenever files are cre‐
ated. Note: if your milter library is too old to have the
smfi_opensocket() function, the -G option causes mimedefang to
use a umask of 007 throughout its execution.
Note that by default, /var/spool/MIMEDefang is created with mode
0700. If you use the -G option, you probably should change the
mode to 0750.
-d The -d switch causes mimedefang not to delete the temporary
spool files it creates for incoming messages. This is for
debugging purposes only and should never be used on a production
mail server.
-r Causes mimedefang to perform a relay check before processing any
messages. It calls into a user-supplied Perl function called
filter_relay with the IP address and host name of the sending
relay. (See mimedefang-filter(5) for details.)
-H Causes mimedefang to perform a HELO check before processing any
messages. It calls into a user-supplied Perl function called
filter_helo with the IP address and host name of the sending
relay, and the HELO argument. (See mimedefang-filter(5) for
details.)
-s Causes mimedefang to perform a sender check before processing
the message body. It calls into a user-supplied Perl function
called filter_sender with the envelope address of the sender.
(See mimedefang-filter(5) for details.)
-t Causes mimedefang to perform recipient checks before processing
the message body. It calls into a user-supplied Perl function
called filter_recipient with the envelope address of each recip‐
ient. (See mimedefang-filter(5) for details.)
-q Permits the multiplexor to queue new connections. See the sec‐
tion QUEUEING REQUESTS in the mimedefang-multiplexor man page.
Note that this option and the -R option are mutually-exclusive.
If you supply -q, then -R is ignored.
-k Causes mimedefang not to delete working directories if a filter
fails. This lets you obtain the message which caused the filter
to fail and determine what went wrong. mimedefang logs the
directory containing the failed message using syslog.
-P fileName
Causes mimedefang to write its process-ID (after becoming a dae‐
mon) to the specified file.
-R num Normally, mimedefang tempfails a new SMTP connection if there
are no free slaves. Supplying the -R num option makes mimede‐
fang tempfail new connections if there are fewer than num free
slaves, unless the connection is from the local host. This
allows you to favour connections from localhost so your client‐
mqueue doesn't build up. Note that supplying -R 0 is subtly
different from omitting the option; in this case, mimedefang
permits new connections from localhost to queue, but not connec‐
tions from other hosts (unless you also supply the -q option.)
The purpose of the -R option is to reserve resources for client‐
mqueue runs. Otherwise, on a very busy mail server, client‐
mqueue runs can starve for a long time, leading to delays for
locally-generated or streamed mail. We recommend using a small
number for num; probably no more than 3 or 10% of the total num‐
ber of slaves (whichever is smaller.)
Note that this option and the -q option are mutually-exclusive.
If you supply -q, then -R is ignored.
-C Conserve file descriptors by opening and closing disk files more
often. (Disk files are never held open across Milter call‐
backs.) While this shortens the length of time a file descrip‐
tor is open, it also leaves more opportunities for the open to
fail. We do not recommend the use of this flag except on very
busy systems that exhibit failures due to a shortage of file
descriptors.
-T Causes mimedefang to log the run-time of the Perl filter using
syslog.
-x string
Add string as the content of the X-Scanned-By: header. If you
set string to the empty string (i.e. -x ""), then no X-Scanned-
By: header will be added.
-X Do not add an X-Scanned-By: header. Specifying -X is equivalent
to specifying -x "".
-D Do not fork into the background and become a daemon. Instead,
stay in the foreground. Useful mainly for debugging or if you
have a supervisory process managing mimedefang.
-M This option is obsolete; it is accepted for backward-compatibil‐
ity, but is ignored.
-N Normally, mimedefang sees all envelope recipients, even ones
that Sendmail knows to be invalid. If you don't want Sendmail
to perform a milter callback for recipients it knows to be
invalid, invoke mimedefang with the -N flag. Please note that
this flag only works with Sendmail and Milter 8.14.0 and newer.
It has no effect if you're running an older version of Sendmail
or Milter.
-S facility
Specifies the syslog facility for log messages. The default is
mail. See openlog(3) for a list of valid facilities. You can
use either the short name ("mail") or long name ("LOG_MAIL") for
the facility name.
-a macro
Pass the value of the specified Sendmail macro through to the
Perl filter. You can repeat the -a option to write more macros
than the built-in defaults. Note that in addition to asking
mimedefang to pass the macro value to the filter, you must con‐
figure Sendmail to pass the macro through to mimedefang using
the confMILTER_MACROS_ENVFROM definition in Sendmail's m4 con‐
figuration file.
-c Strip "bare" carriage-returns (CR) characters from the message
body. A bare CR should never appear in an e-mail message.
Older versions of mimedefang used to strip them out automati‐
cally, but now they are left in by default. The -c option
enables the older behavior.
-h Print usage information and exit.
OPERATION
When mimedefang starts, it connects to sendmail using the milter API.
(See the Sendmail 8.11 documentation.) For each incoming message,
mimedefang creates a temporary directory and saves information in the
directory. At various phases during the SMTP conversation, mimedefang
communicates with mimedefang-multiplexor to perform various operations.
mimedefang-multiplexor manages a pool of persistent Perl processes that
actually perform the mail scanning operations.
When a Perl process scans an e-mail, the temporary spool directory con‐
tains certain files; details of the communication protocol between
mimedefang and the Perl script are in mimedefang-protocol(7).
WARNINGSmimedefang does violence to the flow of e-mail. The Perl filter is
quite picky and assumes that MIME e-mail messages are well-formed.
While I have tried to make the script safe, I take no responsibility
for lost or mangled e-mail messages or any security holes this script
may introduce.
AUTHORmimedefang was written by David F. Skoll <dfs@roaringpenguin.com>. The
mimedefang home page is http://www.mimedefang.org/.
SEE ALSOmimedefang.pl(8), mimedefang-filter(5), mimedefang-multiplexor(8),
mimedefang-protocol(7)4th Berkeley Distribution 8 February 2005 MIMEDEFANG(8)
