We get legitimate messages blocked because of .gz extension. While looking at the message at our external provider via webmail I see that there are some attachements, but no .gz.
I asked the sending user about those mails and he replied that he sends “normal” outlook2016 mails with a pdf attachement, and that he does not add any .gz-Files.
How can I prevent rspamd to block those legitimate mails?
We need the mailog relevant lines to understand and state
I found this and hope this is the relevant part of the maillog:
config show rspamd
config show rspamd
rspamd=service
BlockAttachmentClassList=Arch,Exec
BlockAttachmentCustomList=js, jar, bat, exe, msi, cpl, scr, com, pif, vbs, ps1, wsf, ppt, docm, xlsm, pptm, pptx, zip, rar, 7z
BlockAttachmentCustomStatus=enabled
BlockAttachmentStatus=enabled
OletoolsStatus=enabled
Password=xxx
RecipientWhiteList=
SenderBlackList=
SenderWhiteList=nethfirewallhostname.ourdomain.com,nethdomaincontrolerhostname.ourdomain.com,nethfileserverhostname.ourdomain.com,nethmailserverhostname.ourdomain.com
SpamCheckStatus=enabled
SpamGreyLevel=6
SpamKillLevel=15
SpamSubjectPrefixStatus=enabled
SpamSubjectPrefixString=SPAM
SpamTag2Level=8
VirusAction=reject
VirusCheckStatus=enabled
VirusScanOnlyAttachment=false
VirusScanSize=20000000
status=enabled
you refuse all archive files, probably either you have a mime content issue from rspamd or the pdf which is rejected is an renamed archive
Ok, so we decided to add this particular user to our whitelist. Thanks for your explanations.