Problem with user-specific filename rules

Mark Sapiro mark at
Thu Apr 14 15:29:32 UTC 2016

On 04/14/2016 02:13 AM, Garry Glendown wrote:
> Hi,
> I tried setting up a user-specific filename filtering rule ... after
> setting up the general reference to the rule file with
>     Filename Rules = %etc-dir%/rules/filename.rules
> I set up the above rules file like this:
> ----
> From:   someuser1 at
> /etc/MailScanner/filename.toexternal-rules.conf
> From:   someuser2 at
> /etc/MailScanner/filename.toexternal-rules.conf
> To:                /etc/MailScanner/filename.rules.conf
> To:           /etc/MailScanner/filename.rules.conf
> # Default
> To:     default         /etc/MailScanner/filename.toexternal-rules.conf
> ----
> filename.rules.conf contains somewhat stricter limits for receiving
> mails, while sending outgoing mails are more general with less
> restrictions (filename.toexternal-rules.conf). In general, this works
> fine. Anyway, I want someuser1 and 2 to be able to send files blocked by
> the filename.rules.conf to internal users. I was expecting that by
> adding the two "from" lines to the .rules that they would be used.
> Anyway, the to: lines still seem to have priority, blocking sending of
> the mails ...
> Am I missing something here, or is this a limitation of MailScanner that
> it does not go through the rules file sequentially, but re-orders the
> rule entries?

If you look at the various rules at
<>, you will see
that some rules allow a ruleset and some do not, and for those that do
there are two ruleset types, FirstMatch and AllMatch.

First match rulesets pick the first rule that matches. All match
rulesets look at all the rules and if any rule specifies a positive
action, pick that one.

Filename Rules is an AllMatch rule. Since the actions here are simply
filenames, it is not clear how MailScanner would even chose the match.
It may be in this case MailScanner looks at all the matching rules files
and if any contains a 'deny' action, that action is taken. That would be
consistent with AllMatch behavior in general and I think would explain
this behavior.

You could try instead, rules like

From: /^?!someuser[12]@domain\.de$/ and To:

I.e., add a negative lookahead condition so the To: rule
doesn't match those senders. In practice, it would probably be
different, e.g.,

From: /^?!(usera|otherperson)@domain\.de$/ and To:

Mark Sapiro <mark at>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the MailScanner mailing list