I've several installations of mailcow (and I love it). But one customer receives often encrypted office documents from outside and forwards them after review to internal users. After the customer switched to mailcow now all that mails are marked as Spam and are in quarantane. 1. Who ist responsable for the rating, that mails with encrypted attachments are "bad" - is it Rspamd or ClamAV? I just like to understand that for future situations. 2. How can I configure one or more domains to prevent mailcow to mark it as spam and put that into quarantane? 3. Or - when I cannot configure that per domain, how can I configure the complete mailcow instance to ignore that "rule"? Be aware - I like that feature/rule/filter - but in one situation with a customer, that doesn't want to look into its quarantine every day its a pain. And I'm not sure, who is responsable and so I don't know, how to change that behaviour.

Ah, I found: https://github.com/mailcow/mailcow-dockerized/issues/1548

Disable quarantane for encrypted attachments

trickert

I’ve several installations of mailcow (and I love it).

But one customer receives often encrypted office documents from outside and forwards them after review to internal users. After the customer switched to mailcow now all that mails are marked as Spam and are in quarantane.

Who ist responsable for the rating, that mails with encrypted attachments are “bad” - is it Rspamd or ClamAV? I just like to understand that for future situations.
How can I configure one or more domains to prevent mailcow to mark it as spam and put that into quarantane?
Or - when I cannot configure that per domain, how can I configure the complete mailcow instance to ignore that “rule”?

Be aware - I like that feature/rule/filter - but in one situation with a customer, that doesn’t want to look into its quarantine every day its a pain. And I’m not sure, who is responsable and so I don’t know, how to change that behaviour.

trickert

Concrete - the symbol is MIME_DOUBLE_BAD_EXTENSION and MIME_BAD_EXTENSION.

trickert

…and VIRUS_FOUND. I’m sure, there is no virus in it. We’ve checked that. So, ClamAV cannot open the file (it is encrypted), then this symbol comes up and now? Setting weight=0 for symbol VIRUS_FOUND isn’t a good solution, or? ;-)

trickert

Ah, I found: mailcow/mailcow-dockerized1548

diekuh

Hi,

Can you post the signature and the full symbols set (without your domain) or that mail? 🙂