Attachment issue after updating to Mailcow 2025-03a

shaneodoo

CK_beats Hello CK_Beats, welcome to the opensource world. The file that you need to be looking at is in data/conf/rspamd/lua/rspamd.local.lua locate the #add footer section towards the bottom and amend add the hack mentioned above. Once saved you will need to restart the rspamd docker container for it to action.

Please note this is not the official code but I have mentioned it to the github team. Waiting for it to be included in the next release. [rspamd/rspamd5334]

ebizz

shaneodoo

I tried to patch the current running stable version as descripted above. Still the same bug.

Just for clarification, I edited “mailcow-dockerized/data/conf/rspamd/lua/rspamd.local.luca”.

Somewhere below line 600 I did have the – add footer. There I replaced everything in the function "local function rewrite with your patch/code from above:

local function rewrite_ct_cb(name, hdr)
  if rewrite.need_rewrite_ct then
    if name:lower() == 'content-type' then
      -- NEW: include boundary if present
      local boundary_part = rewrite.new_ct.boundary and
        string.format('; boundary="%s"', rewrite.new_ct.boundary) or ''
      local nct = string.format('%s: %s/%s; charset=utf-8%s',
          'Content-Type', rewrite.new_ct.type, rewrite.new_ct.subtype, boundary_part)
      out[#out + 1] = nct
      -- update Content-Type header (include boundary if present)
      task:set_milter_reply({
        remove_headers = {['Content-Type'] = 0},
      })
      task:set_milter_reply({
        add_headers = {['Content-Type'] = string.format('%s/%s; charset=utf-8%s',
          rewrite.new_ct.type, rewrite.new_ct.subtype, boundary_part)}
      })
      return
    elseif name:lower() == 'content-transfer-encoding' then
      out[#out + 1] = string.format('%s: %s',
          'Content-Transfer-Encoding', 'quoted-printable')
      -- update Content-Transfer-Encoding header
      task:set_milter_reply({
        remove_headers = {['Content-Transfer-Encoding'] = 0},
      })
      task:set_milter_reply({
        add_headers = {['Content-Transfer-Encoding'] = 'quoted-printable'}
      })
      seen_cte = true
      return
    end
  end
  out[#out + 1] = hdr.raw:gsub('\r?\n?$', '')
end

… the next line after the exchanged function is task:headers_foreach(rewrite….) which I left untouched.

Next I did restart the container (and even the whole Server) with:

docker compose restart rspamd-mailcow

Now I replied to a mail and attached for example a second pdf file, the receiver does not see it (although it is as mentioned above in the raw data of the mail).

Did I miss something?

In gerneral I do wonder that anyone can use Mailcow with this bug - it makes the product unusable :-) Since I am new to mailcow I am not the one to decide, but I would raise it to create a Hotfix ASAP.

I for now decided to Set “Ignore footer on reply e-mails:”, but this is of course just a temporarly solution.

PS: I appriciate the work in this community, not to missunderstand me. Mailcow in general comes close to perfection.

Regards, Jens

CK_beats

ebizz

Thanks for the approach of only adding the footer to new emails.
Sometimes you can’t see the forest full of trees. 😅😅😅😅

[unknown]

Thank you for your detailed instructions and the friendly welcome.
I will update it and report back shortly.

The dysfunction of the footer does not make Mailcow a bad system.
Of course, very helpful for the general appearance of the corporate identity if it works.
A feature that I have also used for many years in MS Exchange.

[unknown]

Thank you for your detailed instructions and the friendly welcome.
I will update it and report back shortly.

[unknown]
Thank you for your detailed instructions and the friendly welcome.
I will update it and report back shortly.

@“shaneodoo”
Thank you for your detailed instructions and the friendly welcome.
I will update it and report back shortly.

shaneodoo

ebizz Your –add Footer should look like this I think you are missing the part I highlighted in a recent pull request I have submitted https://github.com/shaneodoo/mailcow-dockerized/tree/master check the latest one I submitted two, but both the same oops

CK_beats

The option only to use the domainwide footer only at new e-mails is not working.
The recipient server rejects the email with the error that it is not DMARC authenticated.
E-mail hat an PDF attachment.
said: 550 #5.7.1 DMARC unauthenticated mail is prohibited. (in reply to end of DATA command)
DMARC and DKIM are already set.
RspamD sees only the evelope from and evelope to.
The mail-ID ist also undefinated, even if the e-mail only includes html-text.

ebizz

@CK_beats

are you sure? I have this working with valid DMARC entries, I do not think it has anything to do with the option to use the domainwide footer only at new emails. Nevertheless, the Option is not fully helping, as soon a mailboxuser is FORWARDING a mail, it happens again I found out. :-)

The DMARC stuff is put into effect at another position for sure.

ebizz

@shaneodoo

I just exchanged in one of my installations the code you were linking at with the git repository with the changes from yesterday. I replaced everything between –add footer until – End of headers with your github version:


   -- add footer
            local out = {}
            local rewrite = lua_mime.add_text_footer(task, footer.html, footer.plain) or {}

            local seen_cte
            local newline_s = newline(task)

            local function rewrite_ct_cb(name, hdr)
              if rewrite.need_rewrite_ct then
                if name:lower() == 'content-type' then
                  local nct = string.format('%s: %s/%s; charset=utf-8',
                      'Content-Type', rewrite.new_ct.type, rewrite.new_ct.subtype)
                  out[#out + 1] = nct
                  -- update Content-Type header
                  task:set_milter_reply({
                    remove_headers = {['Content-Type'] = 0},
                  })
                  task:set_milter_reply({
                    add_headers = {['Content-Type'] = string.format('%s/%s; charset=utf-8', rewrite.new_ct.type, rewrite.new_ct.subtype)}
                  })
                  return
                elseif name:lower() == 'content-transfer-encoding' then
                  out[#out + 1] = string.format('%s: %s',
                      'Content-Transfer-Encoding', 'quoted-printable')
                  -- update Content-Transfer-Encoding header
                  task:set_milter_reply({
                    remove_headers = {['Content-Transfer-Encoding'] = 0},
                  })
                  task:set_milter_reply({
                    add_headers = {['Content-Transfer-Encoding'] = 'quoted-printable'}
                  })
                  seen_cte = true
                  return
                end
              end
              out[#out + 1] = hdr.raw:gsub('\r?\n?$', '')
            end
        
            task:headers_foreach(rewrite_ct_cb, {full = true})
        
            if not seen_cte and rewrite.need_rewrite_ct then
              out[#out + 1] = string.format('%s: %s', 'Content-Transfer-Encoding', 'quoted-printable')
            end

A first test forwarding a former received mail with attachment and adding a new one worked fine.

CK_beats

ebizz Ein erster Test, bei dem eine zuvor empfangene E-Mail mit Anhang weitergeleitet und ein neuer hinzugefügt wurde, funktionierte einwandfrei.

Please add an additional image (screenshot or something similar) to your HTML email.
Then you get an error again.
That’s how it was with me.

For me it is definitely the case that when the domain-wide footer is activated, the email is no longer readable for RspamD.
RspamD only seems to be able to recognize the envelopes.
Accordingly, DMARC is also missing, which leads to emails being rejected by authorities, for example.

RspamD can no longer read which IP the email was sent from.
See my screenshot above.

As soon as I delete the footer everything works fine again.

ebizz

CK_beats

Version: 2025-07, latest stable, The System is on the latest version
I am running on the above release, patched as written above and I really do not have any of the problems - all attachments are included, old and new once, no problem with DKIM (at least my mails go all through). Did your mailcow work before without any problem? I would upgrade to the latest stable release, make the above patch in the lua script of rspamd … and check your DNS Server entries about the DKIM, maybe generate a complete new DKIM key with a different selector and add this to your DNS to try out. Verify the working DNS with for example https://mxtoolbox.com DKIM check - there you can type in even the selector.
example with supertool and newly created selector emailtest for mydomain.eu:

dkim:mydomain.eu:emailtest

Happy Bug-Fixing!

DocFraggle

ebizz The problem occurs when using Outlook to send an email with inline image and activated domain footer. Did you try this as well?
Other nail clients don’t seem to be affected afaik

CK_beats

DocFraggle
Absolutely correct!
Sorry, I forgot to mention that we only use Outlook as a stationary email client.
The integrated Gmail clients or Apple Mail are used for smartphones.

[unknown]
DKIM and DMARC are configured correctly.
We also use the latest stable version.

Email reception and sending are available via TLS & SSL via the ports specified in the documentation.
The certificate service has also been configured correctly and is working.
The system works completely error-free so far unless you activate the domain-wide footer.
In this case, RspamD is no longer able to recognize the email as such.
Sender and receiver, as well as mime version etc. are missing or broken.

shaneodoo

CK_beats Outlook is not the issue here. As I have it working just fine as 4 of my clients who use outlook like its the best email client since sliced bread.

Would you mind pasting the rspamd.local.lau file here so I can take a look to see if there is a syntax issue? It seems like you may have overwritten some header stuff which is stripping it out.

If it is any help here is the complete file https://raw.githubusercontent.com/shaneodoo/mailcow-dockerized/refs/heads/master/data/conf/rspamd/lua/rspamd.local.lua

DocFraggle

shaneodoo Outlook is not the issue here

Well, it is for me. Maybe we have to define the Outlook versions which are not working currently. I’m using:

Microsoft® Outlook® für Microsoft 365 MSO (Version 2508 Build 16.0.19127.20082) 32 Bit

CK_beats

shaneodoo
My rspamd.local.lua configuration file is welcome here.
Thank you for checking them out.
If I didn’t make a mistake when copying, it should be the unchanged original file. No changes have been made by us.

We use older Outlook versions as clients.
E.g. Outlook 2013 and 2016, connected via Active-Sync.
All Versions for 64-bit systems.

`rspamd_config.MAILCOW_AUTH = {
callback = function(task)
local uname = task:get_user()
if uname then
return 1
end
end
}

local monitoring_hosts = rspamd_config:add_map{
url = “/etc/rspamd/custom/monitoring_nolog.map”,
description = “Monitoring hosts”,
type = “regexp”
}

rspamd_config:register_symbol({
name = ‘SMTP_ACCESS’,
type = ‘postfilter’,
callback = function(task)
local util = require(“rspamd_util”)
local rspamd_logger = require “rspamd_logger”
local rspamd_ip = require ‘rspamd_ip’
local uname = task:get_user()
local limited_access = task:get_symbol(“SMTP_LIMITED_ACCESS”)

if not uname then
  return false
end

if not limited_access then
  return false
end

local hash_key = 'SMTP_ALLOW_NETS_' .. uname

local redis_params = rspamd_parse_redis_server('smtp_access')
local ip = task:get_from_ip()

if ip == nil or not ip:is_valid() then
  return false
end

local from_ip_string = tostring(ip)
smtp_access_table = {from_ip_string}

local maxbits = 128
local minbits = 32
if ip:get_version() == 4 then
    maxbits = 32
    minbits = 8
end
for i=maxbits,minbits,-1 do
  local nip = ip:apply_mask(i):to_string() .. "/" .. i
  table.insert(smtp_access_table, nip)
end
local function smtp_access_cb(err, data)
  if err then
    rspamd_logger.infox(rspamd_config, "smtp_access query request for ip %s>
    return false
  else
    rspamd_logger.infox(rspamd_config, "checking ip %s for smtp_access in %>
    for k,v in pairs(data) do
      if (v and v ~= userdata and v == '1') then
        rspamd_logger.infox(rspamd_config, "found ip in smtp_access map")
        task:insert_result(true, 'SMTP_ACCESS', 0.0, from_ip_string)
        return true
      end
    end
    rspamd_logger.infox(rspamd_config, "couldnt find ip in smtp_access map")
    task:insert_result(true, 'SMTP_ACCESS', 999.0, from_ip_string)
    return true
  end
end
table.insert(smtp_access_table, 1, hash_key)
local redis_ret_user = rspamd_redis_make_request(task,
  redis_params, -- connect params
  hash_key, -- hash key
  false, -- is write
  smtp_access_cb, --callback
  'HMGET', -- command
  smtp_access_table -- arguments
)
if not redis_ret_user then
  rspamd_logger.infox(rspamd_config, "cannot check smtp_access redis map")
end

end,
priority = 10
})

rspamd_config:register_symbol({
name = ‘POSTMASTER_HANDLER’,
type = ‘prefilter’,
callback = function(task)
local rcpts = task:get_recipients(‘smtp’)
local rspamd_logger = require “rspamd_logger”
local lua_util = require “lua_util”
local from = task:get_from(1)

– not applying to mails with more than one rcpt to avoid bypassing filters b>
if rcpts and #rcpts == 1 then
for _,rcpt in ipairs(rcpts) do
local rcpt_split = rspamd_str_split(rcpt[‘addr’], ‘@’)
if #rcpt_split == 2 then
if rcpt_split[1] == ‘postmaster’ then
task:set_pre_result(‘accept’, ‘whitelisting postmaster smtp rcpt’)
return
end
end
end
end

if from then
for _,fr in ipairs(from) do
local fr_split = rspamd_str_split(fr[‘addr’], ‘@’)
if #fr_split == 2 then
if fr_split[1] == ‘postmaster’ and task:get_user() then
– no whitelist, keep signatures
task:insert_result(true, ‘POSTMASTER_FROM’, -2500.0)
return
end
end
end
end

end,
priority = 10
})

rspamd_config:register_symbol({
name = ‘KEEP_SPAM’,
type = ‘prefilter’,
callback = function(task)
local util = require(“rspamd_util”)
local rspamd_logger = require “rspamd_logger”
local rspamd_ip = require ‘rspamd_ip’
local uname = task:get_user()

if uname then
  return false
end

local redis_params = rspamd_parse_redis_server('keep_spam')
local ip = task:get_from_ip()

if ip == nil or not ip:is_valid() then
  return false
end

local from_ip_string = tostring(ip)
ip_check_table = {from_ip_string}

local maxbits = 128
local minbits = 32
if ip:get_version() == 4 then
    maxbits = 32
    minbits = 8
end
for i=maxbits,minbits,-1 do
  local nip = ip:apply_mask(i):to_string() .. "/" .. i
  table.insert(ip_check_table, nip)
end
local function keep_spam_cb(err, data)
  if err then
    rspamd_logger.infox(rspamd_config, "keep_spam query request for ip %s r>
    return false
  else
    for k,v in pairs(data) do
      if (v and v ~= userdata and v == '1') then
        rspamd_logger.infox(rspamd_config, "found ip in keep_spam map, sett>
        task:set_pre_result('accept', 'ip matched with forward hosts')
      end
    end
  end
end
table.insert(ip_check_table, 1, 'KEEP_SPAM')
local redis_ret_user = rspamd_redis_make_request(task,
  redis_params, -- connect params
  'KEEP_SPAM', -- hash key
  false, -- is write
  keep_spam_cb, --callback
  'HMGET', -- command
  ip_check_table -- arguments
)
if not redis_ret_user then
  rspamd_logger.infox(rspamd_config, "cannot check keep_spam redis map")
end

end,
priority = 19
})

rspamd_config:register_symbol({
name = ‘TLS_HEADER’,
type = ‘postfilter’,
callback = function(task)
local rspamd_logger = require “rspamd_logger”
local tls_tag = task:get_request_header(‘TLS-Version’)
if type(tls_tag) == ‘nil’ then
task:set_milter_reply({
add_headers = {[‘X-Last-TLS-Session-Version’] = ‘None’}
})
})
else
task:set_milter_reply({
add_headers = {[‘X-Last-TLS-Session-Version’] = tostring(tls_tag)}
})
end
end,
priority = 12
})

rspamd_config:register_symbol({
name = ‘TAG_MOO’,
type = ‘postfilter’,
callback = function(task)
local util = require(“rspamd_util”)
local rspamd_logger = require “rspamd_logger”
local redis_params = rspamd_parse_redis_server(‘taghandler’)
local rspamd_http = require “rspamd_http”
local rcpts = task:get_recipients(‘smtp’)
local lua_util = require “lua_util”

local tagged_rcpt = task:get_symbol("TAGGED_RCPT")
local mailcow_domain = task:get_symbol("RCPT_MAILCOW_DOMAIN")

local function remove_moo_tag()
  local moo_tag_header = task:get_header('X-Moo-Tag', false)
  if moo_tag_header then
    task:set_milter_reply({
      remove_headers = {['X-Moo-Tag'] = 0},
    })
  end
  return true
end

if tagged_rcpt and tagged_rcpt[1].options and mailcow_domain then
  local tag = tagged_rcpt[1].options[1]
  rspamd_logger.infox("found tag: %s", tag)
  local action = task:get_metric_action('default')
  rspamd_logger.infox("metric action now: %s", action)

  if action ~= 'no action' and action ~= 'greylist' then
    rspamd_logger.infox("skipping tag handler for action: %s", action)
    remove_moo_tag()
    return true
  end

  local function http_callback(err_message, code, body, headers)
    if body ~= nil and body ~= "" then
      rspamd_logger.infox(rspamd_config, "expanding rcpt to \"%s\"", body)

      local function tag_callback_subject(err, data)
        if err or type(data) ~= 'string' then
          rspamd_logger.infox(rspamd_config, "subject tag handler rcpt %s r<t %s returned invalid or empty data (\"%s\") or error (\"%s\") - trying subfollder tag handler...", body, data, err)

          local function tag_callback_subfolder(err, data)
            if err or type(data) ~= 'string' then
              rspamd_logger.infox(rspamd_config, "subfolder tag handler for  rcpt %s returned invalid or empty data (\"%s\") or error (\"%s\")", body, data, err)
              remove_moo_tag()
            else
              rspamd_logger.infox("Add X-Moo-Tag header")
              task:set_milter_reply({
                add_headers = {['X-Moo-Tag'] = 'YES'}
              })
            end
          end

          local redis_ret_subfolder = rspamd_redis_make_request(task,
            redis_params, -- connect params
            body, -- hash key
            false, -- is write
            tag_callback_subfolder, --callback
            'HGET', -- command
            {'RCPT_WANTS_SUBFOLDER_TAG', body} -- arguments
          )
          if not redis_ret_subfolder then
            rspamd_logger.infox(rspamd_config, "cannot make request to load>
            remove_moo_tag()
          end

        else
          rspamd_logger.infox("user wants subject modified for tagged mail")
          local sbj = task:get_header('Subject')
          new_sbj = '=?UTF-8?B?' .. tostring(util.encode_base64('[' .. tag .. '] ' .. sbj)) .. '?='
          task:set_milter_reply({
            remove_headers = {
              ['Subject'] = 1,
              ['X-Moo-Tag'] = 0
            },
            add_headers = {['Subject'] = new_sbj}
          })
        end
      end

      local redis_ret_subject = rspamd_redis_make_request(task,
        redis_params, -- connect params
        body, -- hash key
        false, -- is write
        tag_callback_subject, --callback
        'HGET', -- command
        {'RCPT_WANTS_SUBJECT_TAG', body} -- arguments
      )
      if not redis_ret_subject then
        rspamd_logger.infox(rspamd_config, "cannot make request to load tag handler for rcpt")
        remove_moo_tag()
      end

    end
  end

  if rcpts and #rcpts == 1 then
    for _,rcpt in ipairs(rcpts) do
      local rcpt_split = rspamd_str_split(rcpt['addr'], '@')
      if #rcpt_split == 2 then
        if rcpt_split[1] == 'postmaster' then
          rspamd_logger.infox(rspamd_config, "not expanding postmaster alias")

          remove_moo_tag()
        else
          rspamd_http.request({
            task=task,
            url='http://nginx:8081/aliasexp.php',
            body='',
            callback=http_callback,
            headers={Rcpt=rcpt['addr']},
          })
        end
      end
    end
  end
else
  remove_moo_tag()
end

end,
priority = 19
})

rspamd_config:register_symbol({
name = ‘BCC’,
type = ‘postfilter’,
callback = function(task)
local util = require(“rspamd_util”)
local rspamd_http = require “rspamd_http”
local rspamd_logger = require “rspamd_logger”

local from_table = {}
local rcpt_table = {}

if task:has_symbol('ENCRYPTED_CHAT') then
  return -- stop
end

local send_mail = function(task, bcc_dest)
  local lua_smtp = require "lua_smtp"
  local function sendmail_cb(ret, err)
    if not ret then
      rspamd_logger.errx(task, 'BCC SMTP ERROR: %s', err)
    else
      rspamd_logger.infox(rspamd_config, "BCC SMTP SUCCESS TO %s", bcc_dest)
    end
  end
  if not bcc_dest then
    return -- stop
  end
  -- dot stuff content before sending
  local email_content = tostring(task:get_content())
  email_content = string.gsub(email_content, "\r\n%.", "\r\n..")
  -- send mail
  lua_smtp.sendmail({
    task = task,
    host = os.getenv("IPV4_NETWORK") .. '.253',
    port = 591,
    from = task:get_from(stp)[1].addr,
    recipients = bcc_dest,
    helo = 'bcc',
    timeout = 20,
  }, email_content, sendmail_cb)
end

-- determine from
local from = task:get_from('smtp')
if from then
  for _, a in ipairs(from) do
    table.insert(from_table, a['addr']) -- add this rcpt to table
    table.insert(from_table, '@' .. a['domain']) -- add this rcpts domain t>
  end
else
  return -- stop
end

-- determine rcpts
local rcpts = task:get_recipients('smtp')
if rcpts then
  for _, a in ipairs(rcpts) do
    table.insert(rcpt_table, a['addr']) -- add this rcpt to table
    table.insert(rcpt_table, '@' .. a['domain']) -- add this rcpts domain t>
  end
else
  return -- stop
end

local action = task:get_metric_action('default')
rspamd_logger.infox("metric action now: %s", action)

local function rcpt_callback(err_message, code, body, headers)
  if err_message == nil and code == 201 and body ~= nil then
    if action == 'no action' or action == 'add header' or action == 'rewrite subject' then
      send_mail(task, body)
    end
  end
end

local function from_callback(err_message, code, body, headers)
  if err_message == nil and code == 201 and body ~= nil then
    if action == 'no action' or action == 'add header' or action == 'rewrite subject' then
      send_mail(task, body)
    end
  end
end

if rcpt_table then
  for _,e in ipairs(rcpt_table) do
    rspamd_logger.infox(rspamd_config, "checking bcc for rcpt address %s", e)
    rspamd_http.request({
      task=task,
      url='http://nginx:8081/bcc.php',
      body='',
      callback=rcpt_callback,
      headers={Rcpt=e}
    })
  end
end

if from_table then
  for _,e in ipairs(from_table) do
    rspamd_logger.infox(rspamd_config, "checking bcc for from address %s", e)

    rspamd_http.request({
      task=task,
      url='http://nginx:8081/bcc.php',
      callback=from_callback,
      headers={From=e}
    })
  end
end

return true

end,
priority = 20
})

rspamd_config:register_symbol({
name = ‘DYN_RL_CHECK’,
type = ‘prefilter’,
callback = function(task)
local util = require(“rspamd_util”)
local redis_params = rspamd_parse_redis_server(‘dyn_rl’)
local rspamd_logger = require “rspamd_logger”
local envfrom = task:get_from(1)
local uname = task:get_user()
if not envfrom or not uname then
return false
end
local uname = uname:lower()

local env_from_domain = envfrom[1].domain:lower() -- get smtp from domain i>

local function redis_cb_user(err, data)

  if err or type(data) ~= 'string' then
    rspamd_logger.infox(rspamd_config, "dynamic ratelimit request for user >

    local function redis_key_cb_domain(err, data)
      if err or type(data) ~= 'string' then
        rspamd_logger.infox(rspamd_config, "dynamic ratelimit request for d>
      else
        rspamd_logger.infox(rspamd_config, "found dynamic ratelimit in redi>
        task:insert_result('DYN_RL', 0.0, data, env_from_domain)
      end
    end

    local redis_ret_domain = rspamd_redis_make_request(task,
      redis_params, -- connect params
      env_from_domain, -- hash key
      false, -- is write
      redis_key_cb_domain, --callback
      'HGET', -- command
      {'RL_VALUE', env_from_domain} -- arguments
    )
    if not redis_ret_domain then
      rspamd_logger.infox(rspamd_config, "cannot make request to load ratelimit for domain")
    end
  else
    rspamd_logger.infox(rspamd_config, "found dynamic ratelimit in redis for user %s with value %s", uname, data)
    task:insert_result('DYN_RL', 0.0, data, uname)
  end

end

local redis_ret_user = rspamd_redis_make_request(task,
  redis_params, -- connect params
  uname, -- hash key
  false, -- is write
  redis_cb_user, --callback
  'HGET', -- command
  {'RL_VALUE', uname} -- arguments
)
if not redis_ret_user then
  rspamd_logger.infox(rspamd_config, "cannot make request to load ratelimit>
end
return true

end,
flags = ‘empty’,
priority = 20
})

rspamd_config:register_symbol({
name = ‘NO_LOG_STAT’,
type = ‘postfilter’,
callback = function(task)
local from = task:get_header(‘From’)
if from and (monitoring_hosts:get_key(from) or from == “watchdog@localhost”) then
task:set_flag(‘no_log’)
task:set_flag(‘no_stat’)
end
end
})

rspamd_config:register_symbol({
name = ‘MOO_FOOTER’,
type = ‘prefilter’,
callback = function(task)
local cjson = require “cjson”
local lua_mime = require “lua_mime”
local lua_util = require “lua_util”
local rspamd_logger = require “rspamd_logger”
local rspamd_http = require “rspamd_http”
local envfrom = task:get_from(1)
local uname = task:get_user()
if not envfrom or not uname then
return false
end
local uname = uname:lower()
local env_from_domain = envfrom[1].domain:lower()
local env_from_addr = envfrom[1].addr:lower()

-- determine newline type
local function newline(task)
  local t = task:get_newlines_type()

  if t == 'cr' then
    return '\r'
  elseif t == 'lf' then
    return '\n'
  end

  return '\r\n'
end
-- retrieve footer
local function footer_cb(err_message, code, data, headers)
  if err or type(data) ~= 'string' then
    rspamd_logger.infox(rspamd_config, "domain wide footer request for user %s returned invalid or empty data (\"%s\") or error (\"%s\")", uname, data, err)
  else

    -- parse json string
    local footer = cjson.decode(data)
    if not footer then
      rspamd_logger.infox(rspamd_config, "parsing domain wide footer for user %s returned invalid or empty data (\"%s\") or error (\"%s\")", uname,  data, err)
    else
      if footer and type(footer) == "table" and (footer.html and footer.htmml ~= "" or footer.plain and footer.plain ~= "")  then
        rspamd_logger.infox(rspamd_config, "found domain wide footer for user %s: html=%s, plain=%s, vars=%s", uname, footer.html, footer.plain, footer.vars)

        if footer.skip_replies ~= 0 then
          in_reply_to = task:get_header_raw('in-reply-to')
          if in_reply_to then
            rspamd_logger.infox(rspamd_config, "mail is a reply - skip footer")
            return
          end
        end

        local envfrom_mime = task:get_from(2)
        local from_name = ""
        if envfrom_mime and envfrom_mime[1].name then
          from_name = envfrom_mime[1].name
        elseif envfrom and envfrom[1].name then
          from_name = envfrom[1].name
        end

        -- default replacements
        local replacements = {
          auth_user = uname,
          from_user = envfrom[1].user,
          from_name = from_name,
          from_addr = envfrom[1].addr,
          from_domain = envfrom[1].domain:lower()
        }
        -- add custom mailbox attributes
        if footer.vars and type(footer.vars) == "string" then
          local footer_vars = cjson.decode(footer.vars)

          if type(footer_vars) == "table" then
            for key, value in pairs(footer_vars) do
              replacements[key] = value
            end
          end
        end
        if footer.html and footer.html ~= "" then
          footer.html = lua_util.jinja_template(footer.html, replacements, true)
        end
        if footer.plain and footer.plain ~= "" then
          footer.plain = lua_util.jinja_template(footer.plain, replacements, true)
        end

        -- add footer
                    local out = {}
                    local rewrite = lua_mime.add_text_footer(task, footer.html, footer.plain) or {}

                    local seen_cte
                    local newline_s = newline(task)

                    local function rewrite_ct_cb(name, hdr)
                      if rewrite.need_rewrite_ct then
                            if name:lower() == 'content-type' then
                              -- NEW: include boundary if present
                              local boundary_part = rewrite.new_ct.boundary and
                                    string.format('; boundary="%s"', rewrite.new_ct.boundary) or ''
                              local nct = string.format('%s: %s/%s; charset=utf-8%s',
                                      'Content-Type', rewrite.new_ct.type, rewrite.new_ct.subtype, boundary_part)
                              out[#out + 1] = nct
                              -- update Content-Type header (include boundary if present)
                              task:set_milter_reply({
                                    remove_headers = {['Content-Type'] = 0},
                              })
                              task:set_milter_reply({
                                    add_headers = {['Content-Type'] = string.format('%s/%s; charset=utf-8%s',
                                      rewrite.new_ct.type, rewrite.new_ct.subtype, boundary_part)}
                              })
                              return
                            elseif name:lower() == 'content-transfer-encoding' then
                              out[#out + 1] = string.format('%s: %s',
                                      'Content-Transfer-Encoding', 'quoted-printable')
                              -- update Content-Transfer-Encoding header
                              task:set_milter_reply({
                                    remove_headers = {['Content-Transfer-Encoding'] = 0},
                              })
                              task:set_milter_reply({
                                    add_headers = {['Content-Transfer-Encoding'] = 'quoted-printable'}
                              })
                              seen_cte = true
                              return
                            end
                      end
                      out[#out + 1] = hdr.raw:gsub('\r?\n?$', '')
                    end

        -- End of headers
        out[#out + 1] = newline_s

        if rewrite.out then
          for _,o in ipairs(rewrite.out) do
            out[#out + 1] = o
          end
        else
          out[#out + 1] = task:get_rawbody()
        end
        local out_parts = {}
        for _,o in ipairs(out) do
          if type(o) ~= 'table' then
            out_parts[#out_parts + 1] = o
            out_parts[#out_parts + 1] = newline_s
          else
            local removePrefix = "--\x0D\x0AContent-Type"
            if string.lower(string.sub(tostring(o[1]), 1, string.len(removePrefix))) == string.lower(removePrefix) then
              o[1] = string.sub(tostring(o[1]), string.len("--\x0D\x0A") + 1)
            end
            out_parts[#out_parts + 1] = o[1]
            if o[2] then
              out_parts[#out_parts + 1] = newline_s
            end
          end
        end
        task:set_message(out_parts)
      else
        rspamd_logger.infox(rspamd_config, "domain wide footer request for user %s returned invalid or empty data (\"%s\")", uname, data)
      end
    end
  end
end

-- fetch footer
rspamd_http.request({
  task=task,
  url='http://nginx:8081/footer.php',
  body='',
  callback=footer_cb,
  headers={Domain=env_from_domain,Username=uname,From=env_from_addr},
})

return true

end,
priority = 1
})
`

shaneodoo
First of all, thank you so much for your hard work and care! I’m sorry, I’m still getting used to the world of Debian.
I haven’t got it right yet.

I inserted your rspamd.local.lua and restarted the Docker.
The result is almost perfect!
Nice!

A forwarded email with attachments includes the footer!
RspamD can handle the mail. It can read the sender, recipient and IP!
The attachments are also forwarded.

But!
If the forwarded email contains attachments and a screen clipping, the footer is attached, but the attachments disappear.
They are simply deleted.

If that is fixed the footer would be just perfect!

shaneodoo

DocFraggle I am using Microsoft 365 Outlook Version 16.0.19029.20156 64 bit and New Outlook 1.2025.806.300 but I really do not think this is the issue here. This is a new rabbit hole, so lets not go there just yet. Also have a client using MAC OS Outlook 16 not sure on the version though.

I have just send an email with an inline image using Outlook 16 and here is the RSPAMD results.

GLOBAL_SMTP_FROM_WL (-2050) [shane@xxxxxxxxx.com]
GLOBAL_MIME_FROM_WL (-2050) [shane@xxxxxxxx.com]
MAILCOW_AUTH (-20)
BAYES_HAM (-5.5) [100.00%]
**R_BAD_CTE_7BIT (1.05) [7bit,utf8]**
MIME_GOOD (-0.1) [multipart/mixed,multipart/related,multipart/alternative,text/plain]
TO_MATCH_ENVRCPT_ALL (0)
MID_RHS_MATCH_FROM (0)
ASN (0) [asn:206067, ipnet:18.0.0.0/19, country:GB]
RCPT_COUNT_ONE (0) [1]
ARC_NA (0)
BCC (0)
RCVD_COUNT_ZERO (0) [0]
MAILCOW_DOMAIN_HEADER_FROM (0) [xxxxxxxxxxx.com]
DKIM_SIGNED (0) [xxxxxxxxx.com:s=dkimxxxxx]
FROM_NO_DN (0)
FREEMAIL_ENVRCPT (0) [hotmail.com]
MOO_FOOTER (0)
DYN_RL_CHECK (0)
MIME_TRACE (0) [0:+,1:+,2:+,3:+,4:~,5:~,6:+,7:~]
TO_DN_NONE (0)
FREEMAIL_TO (0) [hotmail.com]
HAS_ATTACHMENT (0)
FROM_EQ_ENVFROM (0)

What is the errors you are seeing @DocFraggle ?

shaneodoo

CK_beats Thanks for posting that.. there are some syntax issues in your script. Have you modified more than just the –add footer section.. Here is what I have found.

You have an extra }) before else needs to be removed or the rest of the script will break.

rspamd_config:register_symbol({
name = ‘TLS_HEADER’,
type = ‘postfilter’,
callback = function(task)
local rspamd_logger = require “rspamd_logger”
local tls_tag = task:get_request_header(‘TLS-Version’)
if type(tls_tag) == ‘nil’ then
task:set_milter_reply({
add_headers = {[‘X-Last-TLS-Session-Version’] = ‘None’}
})
})   <== THIS SHOULD NOT BE HERE ITS AN EXTRA
else
task:set_milter_reply({
add_headers = {[‘X-Last-TLS-Session-Version’] = tostring(tls_tag)}
})
end
end,
priority = 12
})

Below you have footer.htmml where it should be footer.html

– parse json string
local footer = cjson.decode(data)
if not footer then
rspamd_logger.infox(rspamd_config, “parsing domain wide footer for user %s returned invalid or empty data (\”%s\“) or error (\”%s\“)”, uname, data, err)
else
if footer and type(footer) == “table” and (footer.html and footer.htmml ~= "“ or footer.plain and footer.plain ~= ”") then
rspamd_logger.infox(rspamd_config, “found domain wide footer for user %s: html=%s, plain=%s, vars=%s”, uname, footer.html, footer.plain, footer.vars)
        if footer.skip_replies ~= 0 then
          in_reply_to = task:get_header_raw('in-reply-to')
          if in_reply_to then
            rspamd_logger.infox(rspamd_config, "mail is a reply - skip footer")
            return
          end
        end

Critical Part Here….. You must have pasted over the following bit of code before – End of headers.. as its missing from your script.

task:headers_foreach(rewrite_ct_cb, {full = true})

            if not seen_cte and rewrite.need_rewrite_ct then
              out[#out + 1] = string.format('%s: %s', 'Content-Transfer-Encoding', 'quoted-printable')
            end

            -- End of headers

This section ensures your added footer doesn’t break the email format and that email clients can display it properly. Skipping it could result in broken emails or headers not being recognised. That is your problem right there.. Oops

If it is easier to see here is a split https://github.com/shaneodoo/mailcow-dockerized/compare/master…shaneodoo-patch-domain-footer-missing-attachments?diff=split&w

CK_beats

shaneodoo
Thank you for being so committed to addressing the problem.
I suspect that the syntax errors in my rspamd.local.lua were caused by copying.
It wasn’t possible for me to copy everything completely with Nano-Editor. This probably caused the errors.
Our Mailcow mail server is completely unchanged.

I have already successfully tested the modified rspamd.local.lua you provided.
The attachments were only deleted when a screenshot was inserted into an HTML email.
If this is still fixed, the domain-wide footer would be perfect!

shaneodoo

CK_beats Aww now you tell me I was like OMG what have you done to the lua script looked like Frankenstein’s Monster lol.. OK see where the issues is now. Adding the footer strips out inline images.

– add footer
local out = {}
local rewrite = lua_mime.add_text_footer(task, footer.html, footer.plain) or {}

local seen_cte
local newline_s = newline(task)

local function rewrite_ct_cb(name, hdr)
if rewrite.need_rewrite_ct then
if name:lower() == ‘content-type’ then
– NEW: include boundary if present

change the part in bold to include multipart.

if name:lower() == 'content-type' and not hdr.value:lower():match('^multipart/') then

Also here..

task:set_milter_reply({
add_headers = {[‘Content-Type’] = string.format(‘%s/%s; charset=utf-8%s’,
rewrite.new_ct.type, rewrite.new_ct.subtype, boundary_part)}
})
return
elseif name:lower() == ‘content-transfer-encoding’ then
out[#out + 1] = string.format(‘%s: %s’,
‘Content-Transfer-Encoding’, ‘quoted-printable’)
– update Content-Transfer-Encoding header

elseif name:lower() == 'content-transfer-encoding' and not hdr.value:lower():match('^multipart/') then

This makes your script leave multipart/* mails (with inline images, attachments, etc.) alone, so the images won’t disappear when you inject the footer.

As a side note I would advise using something like VS Code to access your mailserver. Makes coding a lot easier than using Nano. Alternative to that use the cat filename.extention command to see the file to enable copying complete text.

New Pull Request https://github.com/mailcow/mailcow-dockerized/compare/master…shaneodoo:mailcow-dockerized:master

CK_beats

shaneodoo
I’m very sorry that you have to put in so much effort because of me!
That wasn’t my intention!

I will follow your advice and use VS Code etc. in the future.

Would you mind making the completely modified rspamd.local.lua available to us again so that there are no errors when copying and pasting?

Best regards
Constantin

CK_beats

shaneodoo
It works!
Thank you!

Tested on Outlook 2013 & 2016 Client via Active-Sync.

Email forwarded with screenshot embedded in the text and PDF as a file attachment.
Everything was transferred perfectly!
RspamD can completely read and understand the content of the email, sender and IP address.

I’m excited to hear what other users report!
From my side the footer is now perfect!

shaneodoo

CK_beats Hey not just for you to make yourself feel special lol, but its nice to know where people are having the issues so they can be fixed. if you click on my pull request link at the bottom of the last message then you will see the changes.

« Previous Page Next Page »