<div dir="ltr"><div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-family:monospace">Hi,<br><br></div><div class="gmail_default" style="font-family:monospace">We too had same issue.<br></div><div class="gmail_default" style="font-family:monospace">put the rules in both filename.rules.conf and archive.filename.rules.conf<br></div><div class="gmail_default" style="font-family:monospace">and ran the following command with our email ids replaced.<br><br>$ echo "Testing MailScanner new config for whitelisting rocketmail dmarc on $(date +"%d/%m/%Y") at $(date +"%T")" | mailx -a rocketmail.com.gz -r "User <<a href="mailto:user@example.com">user@example.com</a>>" -S from="From: User <<a href="mailto:user@example.com">user@example.com</a>>" -s "Testing MailScanner new config on $(date +"%d/%m/%Y") at $(date +"%T")" <a href="mailto:user@example.com">user@example.com</a><br><br></div><div class="gmail_default" style="font-family:monospace">and the mail came through without issues.<br><br></div><div class="gmail_default" style="font-family:monospace">Also, you can send one or two mails to some contact with rocketmail id from your server and wait for the dmarc report.<br></div><div class="gmail_default" style="font-family:monospace"><br></div><div class="gmail_default" style="font-family:monospace">thanks<br><br>---<br></div><div class="gmail_default" style="font-family:monospace">Thomas Stephen Lee<br></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Oct 31, 2019 at 4:03 AM Kevin Miller <<a href="mailto:kevin.miller@juneau.org">kevin.miller@juneau.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Thanks again for looking Mark. I have entries in both filename.rules.conf and archive.filename.rules.conf. I think the path of least resistance at this point is just to enter "rocketmail.com.gz" in them as well. If that's what it's seeing, then I'll just live with it and give it a pass.<br>
<br>
Funny thing is, I haven't received any more reports from rocketmail since last week. Sooner or later one should turn up I expect.<br>
<br>
Best...<br>
<br>
...Kevin<br>
--<br>
Kevin Miller<br>
Network/email Administrator, CBJ MIS Dept.<br>
155 South Seward Street<br>
Juneau, Alaska 99801<br>
Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357<br>
<br>
-----Original Message-----<br>
From: MailScanner <mailscanner-bounces+kevin.miller=<a href="mailto:juneau.org@lists.mailscanner.info" target="_blank">juneau.org@lists.mailscanner.info</a>> On Behalf Of Mark Sapiro<br>
Sent: Wednesday, October 30, 2019 10:39 AM<br>
To: <a href="mailto:mailscanner@lists.mailscanner.info" target="_blank">mailscanner@lists.mailscanner.info</a><br>
Subject: Re: Filename.rules.conf<br>
<br>
EXTERNAL E-MAIL: BE CAUTIOUS WHEN OPENING FILES OR FOLLOWING LINKS<br>
<br>
________________________________<br>
<br>
On 10/28/19 3:13 PM, Kevin Miller wrote:<br>
><br>
>> Again, the name MailScanner is rejecting is "rocketmail.com.gz". To understand why, we need to see all the MIME part headers from the message.<br>
><br>
> It's in the pastebin post.<br>
<br>
The pastebin post is clear that the only name is "<a href="http://rocketmail.com" rel="noreferrer" target="_blank">rocketmail.com</a>!<a href="http://jnuairport.com" rel="noreferrer" target="_blank">jnuairport.com</a>!1571875200!1571961599.xml.gz" and any of the regexps '.*\.com[^.]*\.xml\.gz$', '.*\.com[^.]*\.xml(\.gz)?$' or '.*\.com[^.]*[^.]\.com*[^.]*.xml.*\.gz$' will match that.<br>
<br>
I've looked at the code and it appears that MailScanner is actually looking at what it calls safename which may or may not be the "rocketmail.com.gz" name in the report. I'm not particularly fluent in perl and I haven't found exactly how safename is made from the original name. I'm not sure, but I'm guessing that that will also be the name of the attachment stored in the /var/spool/MailSanner/quarantine/<DATE>/<a href="http://QUEUE.ID/" rel="noreferrer" target="_blank">QUEUE.ID/</a> directory.<br>
<br>
But if that's the case and it's looking at a name like "rocketmail.com.gz" which it made from "<a href="http://rocketmail.com" rel="noreferrer" target="_blank">rocketmail.com</a>!<a href="http://jnuairport.com" rel="noreferrer" target="_blank">jnuairport.com</a>!1571875200!1571961599.xml.gz", it's hard to understand why other similar names are accepted.<br>
<br>
I do note that your earlier posts referred to the file being contained in a zip archive and you needed to put your allow rules in archives.filename.rules.conf. However, the file in the pastbin is not in a zip archive so it needs a rule in filename.rules.conf. Do you have your rules in both places?<br>
<br>
<br>
--<br>
Mark Sapiro <<a href="mailto:mark@msapiro.net" target="_blank">mark@msapiro.net</a>> The highway is for gamblers,<br>
San Francisco Bay Area, California better use your sense - B. Dylan<br>
<br>
<br>
--<br>
MailScanner mailing list<br>
<a href="mailto:mailscanner@lists.mailscanner.info" target="_blank">mailscanner@lists.mailscanner.info</a><br>
<a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" rel="noreferrer" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
<br>
<br>
<br>
-- <br>
MailScanner mailing list<br>
<a href="mailto:mailscanner@lists.mailscanner.info" target="_blank">mailscanner@lists.mailscanner.info</a><br>
<a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" rel="noreferrer" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
<br>
</blockquote></div>