MailScanner: allowing attachments identified as text/plain by file -i

Volker Dose vpdose at
Wed Jul 22 12:21:47 UTC 2015

Hi list,
I am struggling with the ”magic”  fifth field in filetype.rules.conf – as so many others in the past, as far as I understand old posting.
Let me explain my settings:
I have a list of attachments, I do allow in filetype.rules.conf (like text, pics, html, pdf and other stuff) and  the last line is a deny for every other attachment. I did this, because I do not want to get anything to my mailserver, where I am not 100% sure of the filetype – so executables are banned and also every unknown  filetype.
This file looks like this:
allow   ASCII text      ASCII text      ASCII text
allow   PC bitmap       PC bitmap       PC bitmap
allow   Emacs v18       Emacs v18       Emacs v18
allow   C++ source      C++ source      C++ source
allow   source          diverse source  diverse source
deny            .*      Deny unidentified attachments                   Deny unidentified attachments
But  from time to time I get a false positive, often non-english text-parts are not very good identified, like Finnish or east-European languages.  Often the pdf attachment is identified fine and mailscanner processes it,  but txt and html-parts are too often blocked.

But using the file –I command I have a much higher rate of messages identified as text or html mail-part.
So I wanted to use this  feature Julian implemented 2008:
This 5th field is optional, and specifies a regular expression which is
matched against the MIME type as determined by the "file -i" command.
If it is never specified, then the "file -i" command will never be run
on your message attachments so there is no appreciable overhead on the
speed of MailScanner caused by this new feature.
If the "mime type" *and* the filetype fields are both specified (and are
not "-") then either matching will cause the rule to fire. In a "deny"
rule like the example above, then *either* test firing will cause the
attachment to be blocked. In an "allow" rule then *both* of the tests
must pass to cause the attachment to be allowed and hence no more rules
to be checked. This sounds a bit odd but actually ends up doing pretty
much what you expect it to. I'm sure you'll let me know if I'm wrong
there :-)
I added a line like this in my filetype.rules.conf:
allow         -                            text/plain                      -                       -
But the message mentioned above still triggered my last line
deny            .*      Deny unidentified attachments                   Deny unidentified attachments

For example: Yesterday I realized, the text-message of an email (starting with the string “THX!”) war identified as “AHX version” from my file (version 5.14) command but as text/plain with „file -i"

I understand the text from Julian, that both the “file” and the “file -i”-field has to match  and added a line like this:
allow   AHX version     text/plain      -       -
Which works – but only because I  have added the “file”-regex to that line, too.
I am looking for a “match all” at that point – the dash “-“ did not work for me.
I wonder if there is a  way to allow  any attachments, that give you a “text/plain” when using “file –i”.
Any help appreciated!
I am using MS-4.84.6-1 on a CentOS 6.6 32 bit.
And by the way: I love MailScanner – thanks to all of you helping make the software work.
Best regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the MailScanner mailing list