Kevin Miller kevin.miller at
Tue Oct 8 20:14:59 UTC 2019

I've recently set up dmarc and have been getting reports that often have multiple extensions.  I've tried messing with the filename.rules.conf entries to allow some of them through but so far I haven't found the magic combination to do so.

MailScanner sends this:
  Report: MailScanner: Attempt to hide real filename extension (
although the real filename is found in this mail.log entry:
  Oct  8 11:47:05 mxt MailScanner[43737]: Filename Checks: Found possible filename hiding (E0CFA1001B6.AE939!!1569974400!1570060800!e0c093e8-0e44-4ac4-9ce8-c9cac0aa676c.xml)

This file is actually contained in!!1569974400!1570060800!
for whatever that's worth.

Entries I've tried in filename.rules.conf are:
  allow   \.xml$  -       -
  allow   \*\.com*\.xml$  -       -
  allow   \*\.com*\.zip$  -       -
as well as entries without the "*"

So how does one all these through?


Kevin Miller
907 586-0242
City & Borough of Juneau

More information about the MailScanner mailing list