[Rspamd-Users] Block emails with .doc, .xls attachments with Rspamd

[Andreas]

Am Dienstag, 16. April 2024, 07:52:51 CEST schrieb Andreas Wass - Glas 
Gasperlmair:
> i use it like this:
> 
> vi /etc/rspamd/local.d/mime_types.conf
> 
> # Extensions that are treated as 'bad'
> # Number is score multiply factor
> bad_extensions = {
>    accdb = 1,
>    accdr = 1,
>    ace = 1000,
>    ade = 1,
>    adp = 1,
>    ani = 1,
>    app = 1,
>    arj = 1,
>    asd = 1,
>    asf = 1,
>    asx = 1,
>    b64 = 1,
>    bas = 1,
>    bat = 1000,
> 
> tag your bad extensions with a high multipicator (1000)
> 

Well, it doesn't really work for me with mimetypes.conf.

I have these entries in mimetypes.conf

bad_extensions = {
    
     sh = 1000;
}
and in multimap.conf

ATTACHMENT_BLACKLISTED {
   type = "filename";
   filter = "extension";
   map = "$CONFDIR/local.d/mimetype.conf";
   action = "reject";
   message = "A restricted file type was found";
   skip_archives = true;
}

System reload required.

If I now send a bash file with .sh to myself externally, it will not be 
rejected, but will end up in my junk folder as SPAM.

2024-04-16T08:39:54.059848+02:00 mx postfix/cleanup[2569186]: 0D3B4120093: 
message-id=<CAL+748cvm4Jarmy-RUNhzFMyMXspLqxK=8-
ZGNGjqrWr94KkEA at mail.gmail.com>
2024-04-16T08:39:54.270196+02:00 mx postfix/cleanup[2569186]: 0D3B4120093: 
milter-reject: END-OF-MESSAGE from mail-lj1-x22f.google.com[2a00:1450:4864:20 
::22f]: 4.7.1 Try again later; from=<andreas at googlemail.com> 
to=<info at example.com> proto=ESMTP helo=<mail-lj1-x22f.google.com>

Florian’s solution works better. Which is why I wanted to know why 
mimetypes.conf at all?

So in principle Florian's solution meets the desired requirements.

Best regards

Andreas