Filename.rules.conf

[Mark Sapiro]

On 10/28/19 3:13 PM, Kevin Miller wrote:
> 
>> Again, the name MailScanner is rejecting is "rocketmail.com.gz". To understand why, we need to see all the MIME part headers from the message.
> 
> It's in the pastebin post.

The pastebin post is clear that the only name is
"rocketmail.com!jnuairport.com!1571875200!1571961599.xml.gz" and any of
the regexps '.*\.com[^.]*\.xml\.gz$', '.*\.com[^.]*\.xml(\.gz)?$' or
'.*\.com[^.]*[^.]\.com*[^.]*.xml.*\.gz$' will match that.

I've looked at the code and it appears that MailScanner is actually
looking at what it calls safename which may or may not be the
"rocketmail.com.gz" name in the report. I'm not particularly fluent in
perl and I haven't found exactly how safename is made from the original
name. I'm not sure, but I'm guessing that that will also be the name of
the attachment stored in the
/var/spool/MailSanner/quarantine/<DATE>/QUEUE.ID/ directory.

But if that's the case and it's looking at a name like
"rocketmail.com.gz" which it made from
"rocketmail.com!jnuairport.com!1571875200!1571961599.xml.gz", it's hard
to understand why other similar names are accepted.

I do note that your earlier posts referred to the file being contained
in a zip archive and you needed to put your allow rules in
archives.filename.rules.conf. However, the file in the pastbin is not in
a zip archive so it needs a rule in filename.rules.conf. Do you have
your rules in both places?


-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan