Hi all,
I need to send dwg files as attachments of emails but they are blocked as exe. To send them I had to unlock executables block in mail filter. Is this normal?
/cc: @stephdl
1 Like
check â/etc/rspamd/forbidden_file_extension.mapâ does dwg is inside the file ?
check also that you did not use the rspamd UI to play with file rejection, I thin rspamd use a virtual map
/var/lib/rspamd/rspamd_dynamic
The file is blocked as exe, not as dwg. See there:
FORBIDDEN_FILE_EXTENSION(0.00){exe;}
but the real file extension is dwg. File created in Autocad.
rspamd see the mime content as exe
https://rspamd.com/doc/modules/mime_types.html
https://rspamd.com/doc/modules/mime_types.html#filename-whitelist is probably your only hope
1 Like
yes no template, we do not use /etc/rspamd/local.d/mime_types.conf
1 Like
Last question: docs says
The map file should look like this:
/^hello_world\.exe$/
But if I want to exclude all .dwg files what should I put?
/^\.dwg$/
is correct?
no
/\.dwg$/
^ is the beginning of the word
1 Like
Nice, thank you man 
Iâll try and report here my results!
1 Like
think to restart rspamd
1 Like
It doesnât work: this file is correct?
[root@mail ~]# cat /etc/rspamd/local.d/mime_types.conf
# local.d/mime_types.conf
filename_whitelist = "/etc/rspamd/maps.d/mime_types.wl";
This is the log:
Jul 10 18:34:53 mail rspamd[11461]: <8c8a19>; proxy; rspamd_task_write_log: id: <1327411257.257.1594398893884@mail.domain.eu>, qid: <E35641E2B1>, ip: 127.0.0.1, user: federico@domain.eu, from: <federico.ballarini@domain.eu>, (default: T (reject): [0.00/20.00] [FORBIDDEN_FILE_EXTENSION(0.00){exe;}]), len: 2679489, time: 8.793ms, dns req: 0, digest: <2c9c1d45cb6f1d15f3436bc9057abfe8>, rcpts: <federico.ballarini@domain.eu>, mime_rcpts: <federico.ballarini@domain.eu>, forced: reject "Forbidden attachment name extension"; score=nan (set by multimap), settings_id: authenticated
Jul 10 18:34:53 mail rspamd[11461]: <8c8a19>; proxy; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 184 regexps total, 0 regexps cached, 0B scanned using pcre, 0B scanned total
Jul 10 18:34:53 mail postfix/cleanup[13417]: E35641E2B1: milter-reject: END-OF-MESSAGE from localhost[127.0.0.1]: 5.7.1 Forbidden attachment name extension; from=<federico.ballarini@domain.eu> to=<federico.ballarini@domain.eu> proto=ESMTP helo=<mail.domain.eu>I bet it is the exe that you need to exclude, but it is not good at all
Also with exe in filename_whitelist it doesnât work. Do you think I need to exclude executables?
donât know
dwg seem to be know : rspamd/conf/maps.d/mime_types.inc at 1471922ed2ab6e72e2c5f5f66121624ede4418d5 · rspamd/rspamd · GitHub
1 Like
it is the multimap that match and it only greps the extension name, no mime content inspection I think
1 Like
no the docs states that it inspect the mime type : https://rspamd.com/doc/modules/multimap.html#filename-filters
1 Like
For the moment I disabled executables check⊠but I donât like itâŠ
you can check the header and refuse email from windows servers, this what I do myself (I am kidding)
Time to go for 3 weeks of holidaysâŠIf I have a better idea, I come back with it
1 Like