Using a Rule with 'use tnef contents'

Steve Freegard steve.freegard at
Wed Apr 20 23:08:46 IST 2011

On 20/04/11 18:56, Michael H. Martel wrote:
> Ok, so I'm doing something stupid here and I can't figure it out. Using
> the latest version of MailScanner on centos. (Installed from the RPM).
> In the /etc/MailScanner/MailScanner.conf I have this
> Expand TNEF = yes
> Then I set the "Use TNEF Contents" to a rule, which I think is done right.
> Use TNEF Contents = /opt/VSC-MailScanner/rules/expand-tnef.rules
> My rules file looks like this :
> From: michael.martel at replace
> FromOrTo: default no
> Now, I think it's my rules file that's wrong, because I still see
> winmail.dat files getting through. I looked in my physical copy of the
> book, but didn't see a section on "Use TNEF contents" (time for a new
> book!).
> Can anyone point out my very obvious mistake ?

Why the ruleset on 'Use TNEF Contents'? - what exactly are you trying to 

MailScanner.conf tells you what 'Use TNEF Contents' is for - you set it 
to 'no', 'add' or 'replace'; when set to 'No' the winmail.dat file is 
passed without alteration (which is what you are seeing), so any 
messages containing TNEF will only be readable by Outlook clients and 
will contain winmail.dat files.  'Add' will expand the TNEF and add each 
attachment to the message and will leave the winmail.dat file attached 
(don't really know why you'd want to do that - the resulting mail will 
be almost double the size) or 'replace' which turns the TNEF into 
properly formatted MIME attachments readable by all clients.

The 'Expand TNEF' setting is merely to unpack the TNEF attachments so 
that a virus scanner that does have a native TNEF expander can 'see' the 
individual file attachments and scan them for viruses (very few virus 
scanners don't already include this today) but it's a 'safe' default to 
catch those that don't.

Most people will want to default the 'Use TNEF Contents' to 'replace' 
unless you are an all Outlook shop.

If you are running Exchange yourself; then follow the numerous Technet 
articles to disable Rich Text format messages from leaving your 
organization and send messages in multipart MIME so that you're 
compatible with the rest of the internet.   Don't rely on sending all 
your outbound mail via MailScanner and having it convert the TNEF into 
MIME for you - it's simply slower and error prone due to the lack of 
documentation of the TNEF format; it should be 'fixed' at the Exchange end.

Hope that helps.

Kind regards,

More information about the MailScanner mailing list