Hello everyone! I was using Mailcow 2025-02 without any issues, but after updating to 2025-03a, I noticed that when I send emails with attachments, recipients are unable to download them, regardless of the email client they use. The attachment simply does not appear as available for download. Has anyone else experienced this issue or found a solution? I appreciate any help!

Hi everyone! I found that the issue with the attachments was caused by the default signature of one of the domains. It was in HTML, and its formatting was corrupting the MIME structure of the message, preventing proper attachment parsing by email clients. I'm currently using version 2025-03b without any issues. Thanks to everyone who viewed the message. If you face something similar, it’s worth checking the HTML structure of your signatures.

This doesn't seem like a viable solution. Why should I be punished for not being able to add an attachment if someone's email signature mimetype is corrupted? Mailcow should let me be able to attach a document to send back to someone if they have an HTML signature

**Clarification** I had the exact same issue. The OP referred to it as "default signature of a domain", this is actually the "Domain wide footer" that is causing this issue and not the "Signature" of the email in the classical sense I hope this helps someone else in future.

Well, i've a (new?) variant of the problem, tested with Mailcow versions 2025-05 and 2025-07. In my case it only manifests, when having an additional inline graphic (like writing text and making a quick screenshot and paste it into the compose window) in the mail. And only then, when attachements are added, these don't get displayed (even with SOGo) at the receivers side. Everything else is correctly displayed (even the inline graphics) and the added domain footer with html formatting. When i disable the domain footer, everything is displayed correctly. But, in real the email does include the attachements, cause the size is correct and when displayed inside SOGo (with the option raw) it can be seen as encoded multi parts. Also when downloaded via SOGo as .eml file, my eMail programm displays it correctly (including the inline graphic and the attachements and footer). I need to add, that the domain footer here is extreme simple: nothing fancy at all. The plain version is only 3 paragraphs long and the html version of it uses only and tags, nothing else! So it seems to be a not properly encoded stream of data/parts and the displaying (interpreter) finally ignores the attachements. Do i remember rightly, that the domain footer was added via rspams provided functionality? If so, it could be a very simply, but wrongly added/positioned encapsulating tag/string. Just a thought. What do others think?

@"sOliver"#p26244 I can confirm that tests did on my setup, did include a html signature with inline graphics. However I did do some tests where even without the signature (and thus inline image) inserted, when the email was encoded as html (both from Outlook or SOGo Web) it would still strip the attachments. Plain Text mails did not show this behaviour.

I too am having issues with emails striping Attachments I have tried this will all the email clients I know including the new Outlook, which has issues also adding my IMAP accounts in the first instance. This has something to do with AutoDiscover not playing nicely either. But agree attachments are not being received on the recipient end even though RSPAMD shows the attachment is their. This is making Mailcow unusable. Using 2025-07 and have a company wide domain footer with basic html, but use cdn linked images. I would not say using an earlier version of Mailcow is solved because that would mean any future releases of Mailcow would be pointless if that is the case.

I just wanted to test this myself by adding a HTML signature to my testing domain `Test signature from {= from_name =}` Then I sent an attachment via Sogo. The mail was received including the attachment, just as it should be. What are the exact steps to reproduce this? Some of you wrote to include an inline image, how did you do that in the mailcow UI? I can't paste an image into the text field of the HTML footer **EDIT:** in case I misunderstood, even adding an inline image to the email body (text + paste image + text, HTML signature active) delivers the attachment as it should **EDIT 2:** maybe it's your signature itself, do you mind sharing what exactly you put into the footer text field (and if you used the HTML or the PLAIN footer field)

Sure this is what I have as a footer ``` ` Cylinder Lifter Limited Innovative Gas Cylinder Handling Solutions 📧 {= from_user =}@cylinderlifter.com 📞 +44 (0)1242 502 191 🌐 www.cylinderlifter.com UK Head Office: Cylinder Lifter Limited – Company Reg. No: 16197049 123 Promenade, Cheltenham, GL50 1NW, United Kingdom Licensed Global Manufacturer: PALI Trading LLC – Trade Licence No: 1514425 Office 101, Ranya Business Center, Al Barsha First, Behind Mall of Emirates, P.O. Box 6155, Dubai, United Arab Emirates Manufactured exclusively for Cylinder Lifter Limited by PALI Trading LLC. Cylinder Lifter is a registered brand and patented design. This email and any attachments are confidential and intended solely for the named recipient(s). If you have received this email in error, please notify the sender immediately and delete it from your system. Unauthorised use, disclosure, or copying is prohibited. Email transmission cannot be guaranteed to be secure or error-free. We do not accept liability for any errors or omissions arising from email transmission. If verification is required, please request a hard copy. ``` Its Outlook friendly too... that was the hardest part to get it to sit nicely.

OK, I just added your exact HTML code to my domain's HTML footer and sent an email with inline image and attachment via Sogo to my GMX address. No problem at all here... Attachment received

I agree, its does not seem to be an issue, just every now and then it happens and when its important to my boss to send emails with attachments. I would expect it is on the recipient end with strong security in place that rejects attachments, being a financial establishment and all. Thanks for your assistance here. I even increased the email size to 30mb across Postfix, ClamAV and rspamd to ensure transition takes place. Also set ClamAV to scan as a complete Blob, before Postfix got its hands on the content.

I'm chiming in, to clarify a bit more... In the Mailcow footer section i had setup both types with the same content: the PLAIN version (only text) and the HTML version (witch only used some text formatting like bold & italic). I guessed, that for every format of an eMail i want to have a corresponding footer. The problem here is 100% reproducable: 1) create new email and write some text 2) make a screenshot and paste that after the text (now we've a inline graphic) 3) write some more text (after the pasted graphic) 4) add attachements (we had PDFs, not big at all ~60 KB) 5) send eMail Now on the receiver side the eMail shows no attachements, but everything else is displayed correctly (text + inline graphic + text). Even SOGo does not show the attachements. BUT: almost all eMails (only very few didn't) contain the attachements (looking at the raw source of the email, the multi-part segments are there, which also have the correct file names of the attachements). Crosscheck On the sender side i use the (before) sent same eMail (with inline graphic and attachments) and: 1) delete that inline graphic, keep the attachements and send again (to the same adress): success! 2) or leave it as it was (text, inline graphic, ataachements), but only disable the mailcow footer, send it – success! So my thought is, whenever the automatic footer is active, somehow mailcow (or probably rspam) does somewhere an encoding mistake (not properly positioned or closed tages, etc.) and then the interpreter on the receiving side simply falls over it and strips the rest (which is then the attachements). Else i can't explain it – removing the inline graphic, or disabling the footer results in 100% success.

Attachment issue after updating to Mailcow 2025-03a

CK_beats

function1983
I would like to thank you very much for merging the individual codes intorspamd.local.lua!
I pasted all your code and restarted Docker.
I’m excited to see how it will work for us! 👌
I will report!

First of all, a relaxing Christmas holiday and Merry Christmas to all of you! 🎄🎄🎄
Thank you for your commitment and support! 😊😊

shaneodoo

@function1983

Awesome work thank you for the addition to the code. I was becoming blind and cross-eyed.

I have ran extensive testing and can confirm its working like a dream.

I have updated the Pull Request to include the changes, just waiting now for the Mailcow team to review this in staging and for it to be merged in to main.

https://github.com/mailcow/mailcow-dockerized/pull/6934

CK_beats

shaneodoo
I just installed update 2026-01. Therspamd.local.lua was also changed here.
My update could not be carried out successfully because I had activated write protection for the file mentioned above.
Otherwise I probably wouldn’t have noticed the change.

Unfortunately, your pull request doesn’t seem to be of interest. I read that you are accused of changing something that shouldn’t happen.

I have installed and activated the new rspamd.local.lua.
Lo and behold, the Mailcow Contributors unfortunately have no idea.
For emails with file attachments, inline graphics and an activated footer, the attachments are deleted again.
Or destroyed and are not visible to the recipient.
Mail client, as usual, MS Outlook.

I have reactivated the “old”rspamd.local.lua that you modified.
Everything is working again.

It’s a shame that you don’t get enough attention here! 😒😩😩😡😡🤬🤬

ebizz

CK_beats

Yes, really annoying. I setup a new installation as an other exchange replacement - the bug is still in the newest version 2026. I do wonder how this is actually possible, Mailcow seems to be the wrong choice for a productive environment if such big bugs do not get fixed. HOW CAN WE RAISE THE PRIORITY to get a fix permanently integrated in the current stable? SOME ANY IDEAS? This gives a very bad reputation to MAILCOW…

CK_beats

ebizz
Unfortunately, the error (only) exists in connection with old MS Outlook versions and Mailcow. All other mail clients, including the GUI SoGo, do not have this problem.
Therefore it will not be pushed further.
If I read correctly, the Mailcow programmers/maintainers complained about shaneodoo has changing something in the code. That supposedly shouldn’t be the case. But seems to be the solution to our problem.
If we continue to use the modified rspamd.local.lua from shaneodoo ha it works.

ebizz

CK_beats

Actually if I remember correctly I used to have the same problems running emClient, which certainly is not Outlook. I do not know anyone really working with a program using only the SoGo Webmailer - I have to say I already regret switching some clients to mailcow. I first thought what a fantastic product since I grew up using Debian, Postfix, DoveCot etc - but if they just focus on Webinterfaces for the Users side this is for sure the wrong tool for most business cases.

CK_beats

ebizz
We only use the old Outlook 2016 version as a mail client. Therefore I can only ever reproduce the problem for this.
The standard mail client from Apple & Android works without errors.

Since Mailcow is an open source system, more attention will probably be paid to open source email clients.
These errors do not exist here.
In addition, the question naturally arises as to how many hosts actually use the domain-wide footer.

As long as you use the modified rspamd.local.lua everything is fine, right?

We have operated MS Exchange as a mail server for over two decades. I currently don’t regret switching from Exchange to Mailcow for a day.

shaneodoo

I have been using the modified file which is on the PR and have no issues, but it seems that lagacy MS Outlook really does need to be updated if it is not working for later version, and the previous version does work. Here are that main differences.. between what I submitted here and whats on the PR.

I will reference this as Document 1..

rspamd_config.MAILCOW_AUTH = {
  callback = function(task)
    local uname = task:get_user()
    if uname then
      return 1
    end
  end
}

local monitoring_hosts = rspamd_config:add_map{
  url = "/etc/rspamd/custom/monitoring_nolog.map",
  description = "Monitoring hosts",
  type = "regexp"
}

rspamd_config:register_symbol({
  name = 'SMTP_ACCESS',
  type = 'postfilter',
  callback = function(task)
    local util = require("rspamd_util")
    local rspamd_logger = require "rspamd_logger"
    local rspamd_ip = require 'rspamd_ip'
    local uname = task:get_user()
    local limited_access = task:get_symbol("SMTP_LIMITED_ACCESS")

    if not uname then
      return false
    end

    if not limited_access then
      return false
    end

    local hash_key = 'SMTP_ALLOW_NETS_' .. uname

    local redis_params = rspamd_parse_redis_server('smtp_access')
    local ip = task:get_from_ip()

    if ip == nil or not ip:is_valid() then
      return false
    end

    local from_ip_string = tostring(ip)
    smtp_access_table = {from_ip_string}

    local maxbits = 128
    local minbits = 32
    if ip:get_version() == 4 then
        maxbits = 32
        minbits = 8
    end
    for i=maxbits,minbits,-1 do
      local nip = ip:apply_mask(i):to_string() .. "/" .. i
      table.insert(smtp_access_table, nip)
    end
    local function smtp_access_cb(err, data)
      if err then
        rspamd_logger.infox(rspamd_config, "smtp_access query request for ip %s returned invalid or empty data (\"%s\") or error (\"%s\")", ip, data, err)
        return false
      else
        rspamd_logger.infox(rspamd_config, "checking ip %s for smtp_access in %s", from_ip_string, hash_key)
        for k,v in pairs(data) do
          if (v and v ~= userdata and v == '1') then
            rspamd_logger.infox(rspamd_config, "found ip in smtp_access map")
            task:insert_result(true, 'SMTP_ACCESS', 0.0, from_ip_string)
            return true
          end
        end
        rspamd_logger.infox(rspamd_config, "couldnt find ip in smtp_access map")
        task:insert_result(true, 'SMTP_ACCESS', 999.0, from_ip_string)
        return true
      end
    end
    table.insert(smtp_access_table, 1, hash_key)
    local redis_ret_user = rspamd_redis_make_request(task,
      redis_params, hash_key, false, smtp_access_cb, 'HMGET', smtp_access_table
    )
    if not redis_ret_user then
      rspamd_logger.infox(rspamd_config, "cannot check smtp_access redis map")
    end
  end,
  priority = 10
})

rspamd_config:register_symbol({
  name = 'POSTMASTER_HANDLER',
  type = 'prefilter',
  callback = function(task)
    local rcpts = task:get_recipients('smtp')
    local rspamd_logger = require "rspamd_logger"
    local lua_util = require "lua_util"
    local from = task:get_from(1)

    if rcpts and #rcpts == 1 then
      for _,rcpt in ipairs(rcpts) do
        local rcpt_split = rspamd_str_split(rcpt['addr'], '@')
        if #rcpt_split == 2 then
          if rcpt_split[1] == 'postmaster' then
            task:set_pre_result('accept', 'whitelisting postmaster smtp rcpt', 'postmaster')
            return
          end
        end
      end
    end

    if from then
      for _,fr in ipairs(from) do
        local fr_split = rspamd_str_split(fr['addr'], '@')
        if #fr_split == 2 then
          if fr_split[1] == 'postmaster' and task:get_user() then
            task:insert_result(true, 'POSTMASTER_FROM', -2500.0)
            return
          end
        end
      end
    end
  end,
  priority = 10
})

rspamd_config:register_symbol({
  name = 'KEEP_SPAM',
  type = 'prefilter',
  callback = function(task)
    local util = require("rspamd_util")
    local rspamd_logger = require "rspamd_logger"
    local rspamd_ip = require 'rspamd_ip'
    local uname = task:get_user()

    if uname then
      return false
    end

    local redis_params = rspamd_parse_redis_server('keep_spam')
    local ip = task:get_from_ip()

    if ip == nil or not ip:is_valid() then
      return false
    end

    local from_ip_string = tostring(ip)
    ip_check_table = {from_ip_string}

    local maxbits = 128
    local minbits = 32
    if ip:get_version() == 4 then
        maxbits = 32
        minbits = 8
    end
    for i=maxbits,minbits,-1 do
      local nip = ip:apply_mask(i):to_string() .. "/" .. i
      table.insert(ip_check_table, nip)
    end
    local function keep_spam_cb(err, data)
      if err then
        rspamd_logger.infox(rspamd_config, "keep_spam query request for ip %s returned invalid or empty data (\"%s\") or error (\"%s\")", ip, data, err)
        return false
      else
        for k,v in pairs(data) do
          if (v and v ~= userdata and v == '1') then
            rspamd_logger.infox(rspamd_config, "found ip in keep_spam map, setting pre-result")
            task:set_pre_result('accept', 'ip matched with forward hosts', 'keep_spam')
          end
        end
      end
    end
    table.insert(ip_check_table, 1, 'KEEP_SPAM')
    local redis_ret_user = rspamd_redis_make_request(task,
      redis_params, 'KEEP_SPAM', false, keep_spam_cb, 'HMGET', ip_check_table
    )
    if not redis_ret_user then
      rspamd_logger.infox(rspamd_config, "cannot check keep_spam redis map")
    end
  end,
  priority = 19
})

rspamd_config:register_symbol({
  name = 'TLS_HEADER',
  type = 'postfilter',
  callback = function(task)
    local rspamd_logger = require "rspamd_logger"
    local tls_tag = task:get_request_header('TLS-Version')
    if type(tls_tag) == 'nil' then
      task:set_milter_reply({
        add_headers = {['X-Last-TLS-Session-Version'] = 'None'}
      })
    else
      task:set_milter_reply({
        add_headers = {['X-Last-TLS-Session-Version'] = tostring(tls_tag)}
      })
    end
  end,
  priority = 12
})

rspamd_config:register_symbol({
  name = 'TAG_MOO',
  type = 'postfilter',
  callback = function(task)
    local util = require("rspamd_util")
    local rspamd_logger = require "rspamd_logger"
    local redis_params = rspamd_parse_redis_server('taghandler')
    local rspamd_http = require "rspamd_http"
    local rcpts = task:get_recipients('smtp')
    local lua_util = require "lua_util"

    local tagged_rcpt = task:get_symbol("TAGGED_RCPT")
    local mailcow_domain = task:get_symbol("RCPT_MAILCOW_DOMAIN")

    local function remove_moo_tag()
      local moo_tag_header = task:get_header('X-Moo-Tag', false)
      if moo_tag_header then
        task:set_milter_reply({
          remove_headers = {['X-Moo-Tag'] = 0},
        })
      end
      return true
    end

    if tagged_rcpt and tagged_rcpt[1].options and mailcow_domain then
      local tag = tagged_rcpt[1].options[1]
      rspamd_logger.infox("found tag: %s", tag)
      local action = task:get_metric_action('default')
      rspamd_logger.infox("metric action now: %s", action)

      if action ~= 'no action' and action ~= 'greylist' then
        rspamd_logger.infox("skipping tag handler for action: %s", action)
        remove_moo_tag()
        return true
      end

      local function http_callback(err_message, code, body, headers)
        if body ~= nil and body ~= "" then
          rspamd_logger.infox(rspamd_config, "expanding rcpt to \"%s\"", body)

          local function tag_callback_subject(err, data)
            if err or type(data) ~= 'string' then
              rspamd_logger.infox(rspamd_config, "subject tag handler rcpt %s returned invalid or empty data (\"%s\") or error (\"%s\") - trying subfolder tag handler...", body, data, err)

              local function tag_callback_subfolder(err, data)
                if err or type(data) ~= 'string' then
                  rspamd_logger.infox(rspamd_config, "subfolder tag handler for rcpt %s returned invalid or empty data (\"%s\") or error (\"%s\")", body, data, err)
                  remove_moo_tag()
                else
                  rspamd_logger.infox("Add X-Moo-Tag header")
                  task:set_milter_reply({
                    add_headers = {['X-Moo-Tag'] = 'YES'}
                  })
                end
              end

              local redis_ret_subfolder = rspamd_redis_make_request(task,
                redis_params, body, false, tag_callback_subfolder, 'HGET', {'RCPT_WANTS_SUBFOLDER_TAG', body}
              )
              if not redis_ret_subfolder then
                rspamd_logger.infox(rspamd_config, "cannot make request to load tag handler for rcpt")
                remove_moo_tag()
              end

            else
              rspamd_logger.infox("user wants subject modified for tagged mail")
              local sbj = task:get_header('Subject')
              new_sbj = '=?UTF-8?B?' .. tostring(util.encode_base64('[' .. tag .. '] ' .. sbj)) .. '?='
              task:set_milter_reply({
                remove_headers = {
                  ['Subject'] = 1,
                  ['X-Moo-Tag'] = 0
                },
                add_headers = {['Subject'] = new_sbj}
              })
            end
          end

          local redis_ret_subject = rspamd_redis_make_request(task,
            redis_params, body, false, tag_callback_subject, 'HGET', {'RCPT_WANTS_SUBJECT_TAG', body}
          )
          if not redis_ret_subject then
            rspamd_logger.infox(rspamd_config, "cannot make request to load tag handler for rcpt")
            remove_moo_tag()
          end

        end
      end

      if rcpts and #rcpts == 1 then
        for _,rcpt in ipairs(rcpts) do
          local rcpt_split = rspamd_str_split(rcpt['addr'], '@')
          if #rcpt_split == 2 then
            if rcpt_split[1] == 'postmaster' then
              rspamd_logger.infox(rspamd_config, "not expanding postmaster alias")
              remove_moo_tag()
            else
              rspamd_http.request({
                task=task,
                url='http://nginx:8081/aliasexp.php',
                body='',
                callback=http_callback,
                headers={Rcpt=rcpt['addr']},
              })
            end
          end
        end
      end
    else
      remove_moo_tag()
    end
  end,
  priority = 19
})

rspamd_config:register_symbol({
  name = 'BCC',
  type = 'postfilter',
  callback = function(task)
    local util = require("rspamd_util")
    local rspamd_http = require "rspamd_http"
    local rspamd_logger = require "rspamd_logger"

    local from_table = {}
    local rcpt_table = {}

    if task:has_symbol('ENCRYPTED_CHAT') then
      return
    end

    local send_mail = function(task, bcc_dest)
      local lua_smtp = require "lua_smtp"
      local function sendmail_cb(ret, err)
        if not ret then
          rspamd_logger.errx(task, 'BCC SMTP ERROR: %s', err)
        else
          rspamd_logger.infox(rspamd_config, "BCC SMTP SUCCESS TO %s", bcc_dest)
        end
      end
      if not bcc_dest then
        return
      end
      local email_content = tostring(task:get_content())
      email_content = string.gsub(email_content, "\r\n%.", "\r\n..")
      lua_smtp.sendmail({
        task = task,
        host = os.getenv("IPV4_NETWORK") .. '.253',
        port = 591,
        from = task:get_from(stp)[1].addr,
        recipients = bcc_dest,
        helo = 'bcc',
        timeout = 20,
      }, email_content, sendmail_cb)
    end

    local from = task:get_from('smtp')
    if from then
      for _, a in ipairs(from) do
        table.insert(from_table, a['addr'])
        table.insert(from_table, '@' .. a['domain'])
      end
    else
      return
    end

    local rcpts = task:get_recipients('smtp')
    if rcpts then
      for _, a in ipairs(rcpts) do
        table.insert(rcpt_table, a['addr'])
        table.insert(rcpt_table, '@' .. a['domain'])
      end
    else
      return
    end

    local action = task:get_metric_action('default')
    rspamd_logger.infox("metric action now: %s", action)

    local function rcpt_callback(err_message, code, body, headers)
      if err_message == nil and code == 201 and body ~= nil then
        if action == 'no action' or action == 'add header' or action == 'rewrite subject' then
          send_mail(task, body)
        end
      end
    end

    local function from_callback(err_message, code, body, headers)
      if err_message == nil and code == 201 and body ~= nil then
        if action == 'no action' or action == 'add header' or action == 'rewrite subject' then
          send_mail(task, body)
        end
      end
    end

    if rcpt_table then
      for _,e in ipairs(rcpt_table) do
        rspamd_logger.infox(rspamd_config, "checking bcc for rcpt address %s", e)
        rspamd_http.request({
          task=task,
          url='http://nginx:8081/bcc.php',
          body='',
          callback=rcpt_callback,
          headers={Rcpt=e}
        })
      end
    end

    if from_table then
      for _,e in ipairs(from_table) do
        rspamd_logger.infox(rspamd_config, "checking bcc for from address %s", e)
        rspamd_http.request({
          task=task,
          url='http://nginx:8081/bcc.php',
          body='',
          callback=from_callback,
          headers={From=e}
        })
      end
    end

    return true
  end,
  priority = 20
})

rspamd_config:register_symbol({
  name = 'DYN_RL_CHECK',
  type = 'prefilter',
  callback = function(task)
    local util = require("rspamd_util")
    local redis_params = rspamd_parse_redis_server('dyn_rl')
    local rspamd_logger = require "rspamd_logger"
    local envfrom = task:get_from(1)
    local envrcpt = task:get_recipients(1) or {}
    local uname = task:get_user()
    if not envfrom or not uname then
      return false
    end

    local uname = uname:lower()

    if #envrcpt == 1 and envrcpt[1].addr:lower() == uname then
      return false
    end

    local env_from_domain = envfrom[1].domain:lower()

    local function redis_cb_user(err, data)

      if err or type(data) ~= 'string' then
        rspamd_logger.infox(rspamd_config, "dynamic ratelimit request for user %s returned invalid or empty data (\"%s\") or error (\"%s\") - trying dynamic ratelimit for domain...", uname, data, err)

        local function redis_key_cb_domain(err, data)
          if err or type(data) ~= 'string' then
            rspamd_logger.infox(rspamd_config, "dynamic ratelimit request for domain %s returned invalid or empty data (\"%s\") or error (\"%s\")", env_from_domain, data, err)
          else
            rspamd_logger.infox(rspamd_config, "found dynamic ratelimit in redis for domain %s with value %s", env_from_domain, data)
            task:insert_result('DYN_RL', 0.0, data, env_from_domain)
          end
        end

        local redis_ret_domain = rspamd_redis_make_request(task,
          redis_params, env_from_domain, false, redis_key_cb_domain, 'HGET', {'RL_VALUE', env_from_domain}
        )
        if not redis_ret_domain then
          rspamd_logger.infox(rspamd_config, "cannot make request to load ratelimit for domain")
        end
      else
        rspamd_logger.infox(rspamd_config, "found dynamic ratelimit in redis for user %s with value %s", uname, data)
        task:insert_result('DYN_RL', 0.0, data, uname)
      end

    end

    local redis_ret_user = rspamd_redis_make_request(task,
      redis_params, uname, false, redis_cb_user, 'HGET', {'RL_VALUE', uname}
    )
    if not redis_ret_user then
      rspamd_logger.infox(rspamd_config, "cannot make request to load ratelimit for user")
    end
    return true
  end,
  flags = 'empty',
  priority = 20
})

rspamd_config:register_symbol({
  name = 'NO_LOG_STAT',
  type = 'postfilter',
  callback = function(task)
    local from = task:get_header('From')
    if from and (monitoring_hosts:get_key(from) or from == "watchdog@localhost") then
      task:set_flag('no_log')
      task:set_flag('no_stat')
    end
  end
})

rspamd_config:register_symbol({
  name = 'MOO_FOOTER',
  type = 'prefilter',
  callback = function(task)
    local cjson = require "cjson"
    local lua_mime = require "lua_mime"
    local lua_util = require "lua_util"
    local rspamd_logger = require "rspamd_logger"
    local rspamd_http = require "rspamd_http"
    local envfrom = task:get_from(1)
    local uname = task:get_user()
    if not envfrom or not uname then
      return false
    end
    local uname = uname:lower()
    local env_from_domain = envfrom[1].domain:lower()
    local env_from_addr = envfrom[1].addr:lower()

    local function newline(task)
      local t = task:get_newlines_type()
      if t == 'cr' then return '\r' elseif t == 'lf' then return '\n' end
      return '\r\n'
    end

    -- NEW: Analyze MIME structure complexity
    local function analyze_mime_structure(task)
      local parts = task:get_parts()
      if not parts or #parts == 0 then 
        return {simple = true, depth = 0, multipart_types = {}} 
      end

      local max_depth = 0
      local multipart_types = {}
      local has_related = false
      local has_mixed = false
      local has_inline_images = false
      local has_attachments = false

      local function traverse(part, depth)
        if depth > max_depth then max_depth = depth end

        if part:is_multipart() then
          local mtype, msubtype = part:get_type()
          if mtype == 'multipart' then
            table.insert(multipart_types, msubtype)
            if msubtype == 'related' then has_related = true end
            if msubtype == 'mixed' then has_mixed = true end
          end
          
          local children = part:get_parts()
          if children then
            for _, child in ipairs(children) do
              traverse(child, depth + 1)
            end
          end
        elseif part:is_attachment() then
          has_attachments = true
        elseif part:is_image() then
          local cd = part:get_header('Content-Disposition')
          if cd and cd:lower():match('inline') then
            has_inline_images = true
          end
        end
      end

      for _, part in ipairs(parts) do
        traverse(part, 0)
      end

      -- Complex structure = Outlook signature scenario
      local is_complex = (has_related and has_mixed and has_inline_images and has_attachments) or max_depth > 2

      return {
        simple = max_depth <= 1,
        depth = max_depth,
        has_related = has_related,
        has_mixed = has_mixed,
        has_inline_images = has_inline_images,
        has_attachments = has_attachments,
        multipart_types = multipart_types,
        is_complex = is_complex
      }
    end

    local function footer_cb(err_message, code, data, headers)
      if err_message or type(data) ~= 'string' then
        rspamd_logger.infox(rspamd_config, "domain wide footer request for user %s returned invalid or empty data (\"%s\") or error (\"%s\")", uname, data, err_message)
      else
        local footer = cjson.decode(data)
        if not footer then
          rspamd_logger.infox(rspamd_config, "parsing domain wide footer for user %s returned invalid or empty data (\"%s\") or error (\"%s\")", uname, data, err_message)
        else
          if footer and type(footer) == "table" and (footer.html and footer.html ~= "" or footer.plain and footer.plain ~= "")  then
            
            -- NEW: Analyze structure BEFORE processing
            local structure = analyze_mime_structure(task)
            
            rspamd_logger.infox(rspamd_config, "found domain wide footer for user %s: html=%s, plain=%s, vars=%s", uname, footer.html, footer.plain, footer.vars)
            rspamd_logger.infox(rspamd_config, "MIME structure analysis: depth=%d, has_related=%s, has_mixed=%s, has_inline=%s, has_attach=%s, complex=%s", 
              structure.depth, 
              tostring(structure.has_related), 
              tostring(structure.has_mixed), 
              tostring(structure.has_inline_images), 
              tostring(structure.has_attachments),
              tostring(structure.is_complex))

            -- NEW: Skip footer for ultra-complex structures (Outlook signature + attachments)
            if structure.is_complex then
              rspamd_logger.warnx(rspamd_config, "SKIPPING footer for complex MIME structure (likely Outlook signature + attachments) to prevent attachment loss for user %s", uname)
              return
            end

            if footer.skip_replies ~= 0 then
              in_reply_to = task:get_header_raw('in-reply-to')
              if in_reply_to then
                rspamd_logger.infox(rspamd_config, "mail is a reply - skip footer")
                return
              end
            end

            local envfrom_mime = task:get_from(2)
            local from_name = ""
            if envfrom_mime and envfrom_mime[1].name then
              from_name = envfrom_mime[1].name
            elseif envfrom and envfrom[1].name then
              from_name = envfrom[1].name
            end

            local replacements = {
              auth_user = uname,
              from_user = envfrom[1].user,
              from_name = from_name,
              from_addr = envfrom[1].addr,
              from_domain = envfrom[1].domain:lower()
            }
            
            if footer.vars and type(footer.vars) == "string" then
              local footer_vars = cjson.decode(footer.vars)
              if type(footer_vars) == "table" then
                for key, value in pairs(footer_vars) do
                  replacements[key] = value
                end
              end
            end
            
            if footer.html and footer.html ~= "" then
              footer.html = lua_util.jinja_template(footer.html, replacements, true)
            end
            if footer.plain and footer.plain ~= "" then
              footer.plain = lua_util.jinja_template(footer.plain, replacements, true)
            end

            local out = {}
            local rewrite = lua_mime.add_text_footer(task, footer.html, footer.plain) or {}

            local seen_cte
            local newline_s = newline(task)

            local ct = task:get_header('Content-Type', false)
            local is_multipart = ct and ct:lower():match('^multipart/')

            local function has_non_ascii(text)
              if not text or text == "" then return false end
              return text:match('[\128-\255]') ~= nil
            end

            local footer_needs_utf8 = has_non_ascii(footer.html) or has_non_ascii(footer.plain)

            local function rewrite_ct_cb(name, hdr)
              if rewrite.need_rewrite_ct then
                if name:lower() == 'content-type' then
                  local boundary_part = rewrite.new_ct.boundary and
                    string.format('; boundary="%s"', rewrite.new_ct.boundary) or ''

                  local charset_part = ''
                  if not is_multipart then
                    if footer_needs_utf8 then
                      charset_part = '; charset=utf-8'
                      rspamd_logger.infox(rspamd_config, "footer contains non-ASCII characters, forcing UTF-8 charset")
                    else
                      local orig_charset = hdr.raw:match('[Cc][Hh][Aa][Rr][Ss][Ee][Tt]%s*=%s*"?([^;%s"]+)')
                      if orig_charset then
                        charset_part = string.format('; charset=%s', orig_charset)
                      else
                        charset_part = '; charset=utf-8'
                      end
                    end
                  end

                  local nct = string.format('%s: %s/%s%s%s',
                      'Content-Type', rewrite.new_ct.type, rewrite.new_ct.subtype, charset_part, boundary_part)
                  out[#out + 1] = nct
                  task:set_milter_reply({
                    remove_headers = {['Content-Type'] = 0},
                  })
                  task:set_milter_reply({
                    add_headers = {['Content-Type'] = string.format('%s/%s%s%s',
                      rewrite.new_ct.type, rewrite.new_ct.subtype, charset_part, boundary_part)}
                  })
                  return
                elseif name:lower() == 'content-transfer-encoding' then
                  if not is_multipart then
                    out[#out + 1] = string.format('%s: %s',
                        'Content-Transfer-Encoding', 'quoted-printable')
                    task:set_milter_reply({
                      remove_headers = {['Content-Transfer-Encoding'] = 0},
                    })
                    task:set_milter_reply({
                      add_headers = {['Content-Transfer-Encoding'] = 'quoted-printable'}
                    })
                    seen_cte = true
                  else
                    out[#out + 1] = hdr.raw:gsub('\r?\n?$', '')
                  end
                  return
                end
              end
              out[#out + 1] = hdr.raw:gsub('\r?\n?$', '')
            end

            task:headers_foreach(rewrite_ct_cb, {full = true})

            if not seen_cte and rewrite.need_rewrite_ct and not is_multipart then
              out[#out + 1] = string.format('%s: %s', 'Content-Transfer-Encoding', 'quoted-printable')
            end

            out[#out + 1] = newline_s

            if rewrite.out then
              for _,o in ipairs(rewrite.out) do
                out[#out + 1] = o
              end
            else
              out[#out + 1] = task:get_rawbody()
            end

            local out_parts = {}
            for _,o in ipairs(out) do
              if type(o) ~= 'table' then
                out_parts[#out_parts + 1] = o
                out_parts[#out_parts + 1] = newline_s
              else
                local part_content = tostring(o[1])
                if is_multipart then
                  out_parts[#out_parts + 1] = part_content
                else
                  local removePrefix = "--\r\nContent-Type"
                  if string.lower(string.sub(part_content, 1, string.len(removePrefix))) == string.lower(removePrefix) then
                    part_content = string.sub(part_content, string.len("--\r\n") + 1)
                  end
                  out_parts[#out_parts + 1] = part_content
                end
                if o[2] then
                  out_parts[#out_parts + 1] = newline_s
                end
              end
            end
            task:set_message(out_parts)
          else
            rspamd_logger.infox(rspamd_config, "domain wide footer request for user %s returned invalid or empty data (\"%s\")", uname, data)
          end
        end
      end
    end

    rspamd_http.request({
      task=task,
      url='http://nginx:8081/footer.php',
      body='',
      callback=footer_cb,
      headers={Domain=env_from_domain,Username=uname,From=env_from_addr},
    })

    return true
  end,
  priority = 1
})

and this is the one on the PR I will refer too as Document 2

rspamd_config.MAILCOW_AUTH = {
  callback = function(task)
    local uname = task:get_user()
    if uname then
      return 1
    end
  end
}

local monitoring_hosts = rspamd_config:add_map{
  url = "/etc/rspamd/custom/monitoring_nolog.map",
  description = "Monitoring hosts",
  type = "regexp"
}

rspamd_config:register_symbol({
  name = 'SMTP_ACCESS',
  type = 'postfilter',
  callback = function(task)
    local util = require("rspamd_util")
    local rspamd_logger = require "rspamd_logger"
    local rspamd_ip = require 'rspamd_ip'
    local uname = task:get_user()
    local limited_access = task:get_symbol("SMTP_LIMITED_ACCESS")

    if not uname then
      return false
    end

    if not limited_access then
      return false
    end

    local hash_key = 'SMTP_ALLOW_NETS_' .. uname

    local redis_params = rspamd_parse_redis_server('smtp_access')
    local ip = task:get_from_ip()

    if ip == nil or not ip:is_valid() then
      return false
    end

    local from_ip_string = tostring(ip)
    smtp_access_table = {from_ip_string}

    local maxbits = 128
    local minbits = 32
    if ip:get_version() == 4 then
        maxbits = 32
        minbits = 8
    end
    for i=maxbits,minbits,-1 do
      local nip = ip:apply_mask(i):to_string() .. "/" .. i
      table.insert(smtp_access_table, nip)
    end
    local function smtp_access_cb(err, data)
      if err then
        rspamd_logger.infox(rspamd_config, "smtp_access query request for ip %s returned invalid or empty data (\"%s\") or error (\"%s\")", ip, data, err)
        return false
      else
        rspamd_logger.infox(rspamd_config, "checking ip %s for smtp_access in %s", from_ip_string, hash_key)
        for k,v in pairs(data) do
          if (v and v ~= userdata and v == '1') then
            rspamd_logger.infox(rspamd_config, "found ip in smtp_access map")
            task:insert_result(true, 'SMTP_ACCESS', 0.0, from_ip_string)
            return true
          end
        end
        rspamd_logger.infox(rspamd_config, "couldnt find ip in smtp_access map")
        task:insert_result(true, 'SMTP_ACCESS', 999.0, from_ip_string)
        return true
      end
    end
    table.insert(smtp_access_table, 1, hash_key)
    local redis_ret_user = rspamd_redis_make_request(task,
      redis_params, hash_key, false, smtp_access_cb, 'HMGET', smtp_access_table
    )
    if not redis_ret_user then
      rspamd_logger.infox(rspamd_config, "cannot check smtp_access redis map")
    end
  end,
  priority = 10
})

rspamd_config:register_symbol({
  name = 'POSTMASTER_HANDLER',
  type = 'prefilter',
  callback = function(task)
    local rcpts = task:get_recipients('smtp')
    local rspamd_logger = require "rspamd_logger"
    local lua_util = require "lua_util"
    local from = task:get_from(1)

    if rcpts and #rcpts == 1 then
      for _,rcpt in ipairs(rcpts) do
        local rcpt_split = rspamd_str_split(rcpt['addr'], '@')
        if #rcpt_split == 2 then
          if rcpt_split[1] == 'postmaster' then
            task:set_pre_result('accept', 'whitelisting postmaster smtp rcpt', 'postmaster')
            return
          end
        end
      end
    end

    if from then
      for _,fr in ipairs(from) do
        local fr_split = rspamd_str_split(fr['addr'], '@')
        if #fr_split == 2 then
          if fr_split[1] == 'postmaster' and task:get_user() then
            task:insert_result(true, 'POSTMASTER_FROM', -2500.0)
            return
          end
        end
      end
    end
  end,
  priority = 10
})

rspamd_config:register_symbol({
  name = 'KEEP_SPAM',
  type = 'prefilter',
  callback = function(task)
    local util = require("rspamd_util")
    local rspamd_logger = require "rspamd_logger"
    local rspamd_ip = require 'rspamd_ip'
    local uname = task:get_user()

    if uname then
      return false
    end

    local redis_params = rspamd_parse_redis_server('keep_spam')
    local ip = task:get_from_ip()

    if ip == nil or not ip:is_valid() then
      return false
    end

    local from_ip_string = tostring(ip)
    ip_check_table = {from_ip_string}

    local maxbits = 128
    local minbits = 32
    if ip:get_version() == 4 then
        maxbits = 32
        minbits = 8
    end
    for i=maxbits,minbits,-1 do
      local nip = ip:apply_mask(i):to_string() .. "/" .. i
      table.insert(ip_check_table, nip)
    end
    local function keep_spam_cb(err, data)
      if err then
        rspamd_logger.infox(rspamd_config, "keep_spam query request for ip %s returned invalid or empty data (\"%s\") or error (\"%s\")", ip, data, err)
        return false
      else
        for k,v in pairs(data) do
          if (v and v ~= userdata and v == '1') then
            rspamd_logger.infox(rspamd_config, "found ip in keep_spam map, setting pre-result")
            task:set_pre_result('accept', 'ip matched with forward hosts', 'keep_spam')
          end
        end
      end
    end
    table.insert(ip_check_table, 1, 'KEEP_SPAM')
    local redis_ret_user = rspamd_redis_make_request(task,
      redis_params, 'KEEP_SPAM', false, keep_spam_cb, 'HMGET', ip_check_table
    )
    if not redis_ret_user then
      rspamd_logger.infox(rspamd_config, "cannot check keep_spam redis map")
    end
  end,
  priority = 19
})

rspamd_config:register_symbol({
  name = 'TLS_HEADER',
  type = 'postfilter',
  callback = function(task)
    local rspamd_logger = require "rspamd_logger"
    local tls_tag = task:get_request_header('TLS-Version')
    if type(tls_tag) == 'nil' then
      task:set_milter_reply({
        add_headers = {['X-Last-TLS-Session-Version'] = 'None'}
      })
    else
      task:set_milter_reply({
        add_headers = {['X-Last-TLS-Session-Version'] = tostring(tls_tag)}
      })
    end
  end,
  priority = 12
})

rspamd_config:register_symbol({
  name = 'TAG_MOO',
  type = 'postfilter',
  callback = function(task)
    local util = require("rspamd_util")
    local rspamd_logger = require "rspamd_logger"
    local redis_params = rspamd_parse_redis_server('taghandler')
    local rspamd_http = require "rspamd_http"
    local rcpts = task:get_recipients('smtp')
    local lua_util = require "lua_util"

    local tagged_rcpt = task:get_symbol("TAGGED_RCPT")
    local mailcow_domain = task:get_symbol("RCPT_MAILCOW_DOMAIN")

    local function remove_moo_tag()
      local moo_tag_header = task:get_header('X-Moo-Tag', false)
      if moo_tag_header then
        task:set_milter_reply({
          remove_headers = {['X-Moo-Tag'] = 0},
        })
      end
      return true
    end

    if tagged_rcpt and tagged_rcpt[1].options and mailcow_domain then
      local tag = tagged_rcpt[1].options[1]
      rspamd_logger.infox("found tag: %s", tag)
      local action = task:get_metric_action('default')
      rspamd_logger.infox("metric action now: %s", action)

      if action ~= 'no action' and action ~= 'greylist' then
        rspamd_logger.infox("skipping tag handler for action: %s", action)
        remove_moo_tag()
        return true
      end

      local function http_callback(err_message, code, body, headers)
        if body ~= nil and body ~= "" then
          rspamd_logger.infox(rspamd_config, "expanding rcpt to \"%s\"", body)

          local function tag_callback_subject(err, data)
            if err or type(data) ~= 'string' then
              rspamd_logger.infox(rspamd_config, "subject tag handler rcpt %s returned invalid or empty data (\"%s\") or error (\"%s\") - trying subfolder tag handler...", body, data, err)

              local function tag_callback_subfolder(err, data)
                if err or type(data) ~= 'string' then
                  rspamd_logger.infox(rspamd_config, "subfolder tag handler for rcpt %s returned invalid or empty data (\"%s\") or error (\"%s\")", body, data, err)
                  remove_moo_tag()
                else
                  rspamd_logger.infox("Add X-Moo-Tag header")
                  task:set_milter_reply({
                    add_headers = {['X-Moo-Tag'] = 'YES'}
                  })
                end
              end

              local redis_ret_subfolder = rspamd_redis_make_request(task,
                redis_params, body, false, tag_callback_subfolder, 'HGET', {'RCPT_WANTS_SUBFOLDER_TAG', body}
              )
              if not redis_ret_subfolder then
                rspamd_logger.infox(rspamd_config, "cannot make request to load tag handler for rcpt")
                remove_moo_tag()
              end

            else
              rspamd_logger.infox("user wants subject modified for tagged mail")
              local sbj = task:get_header('Subject')
              new_sbj = '=?UTF-8?B?' .. tostring(util.encode_base64('[' .. tag .. '] ' .. sbj)) .. '?='
              task:set_milter_reply({
                remove_headers = {
                  ['Subject'] = 1,
                  ['X-Moo-Tag'] = 0
                },
                add_headers = {['Subject'] = new_sbj}
              })
            end
          end

          local redis_ret_subject = rspamd_redis_make_request(task,
            redis_params, body, false, tag_callback_subject, 'HGET', {'RCPT_WANTS_SUBJECT_TAG', body}
          )
          if not redis_ret_subject then
            rspamd_logger.infox(rspamd_config, "cannot make request to load tag handler for rcpt")
            remove_moo_tag()
          end

        end
      end

      if rcpts and #rcpts == 1 then
        for _,rcpt in ipairs(rcpts) do
          local rcpt_split = rspamd_str_split(rcpt['addr'], '@')
          if #rcpt_split == 2 then
            if rcpt_split[1] == 'postmaster' then
              rspamd_logger.infox(rspamd_config, "not expanding postmaster alias")
              remove_moo_tag()
            else
              rspamd_http.request({
                task=task,
                url='http://nginx:8081/aliasexp.php',
                body='',
                callback=http_callback,
                headers={Rcpt=rcpt['addr']},
              })
            end
          end
        end
      end
    else
      remove_moo_tag()
    end
  end,
  priority = 19
})

rspamd_config:register_symbol({
  name = 'BCC',
  type = 'postfilter',
  callback = function(task)
    local util = require("rspamd_util")
    local rspamd_http = require "rspamd_http"
    local rspamd_logger = require "rspamd_logger"

    local from_table = {}
    local rcpt_table = {}

    if task:has_symbol('ENCRYPTED_CHAT') then
      return
    end

    local send_mail = function(task, bcc_dest)
      local lua_smtp = require "lua_smtp"
      local function sendmail_cb(ret, err)
        if not ret then
          rspamd_logger.errx(task, 'BCC SMTP ERROR: %s', err)
        else
          rspamd_logger.infox(rspamd_config, "BCC SMTP SUCCESS TO %s", bcc_dest)
        end
      end
      if not bcc_dest then
        return
      end
      local email_content = tostring(task:get_content())
      email_content = string.gsub(email_content, "\r\n%.", "\r\n..")
      lua_smtp.sendmail({
        task = task,
        host = os.getenv("IPV4_NETWORK") .. '.253',
        port = 591,
        from = task:get_from(stp)[1].addr,
        recipients = bcc_dest,
        helo = 'bcc',
        timeout = 20,
      }, email_content, sendmail_cb)
    end

    local from = task:get_from('smtp')
    if from then
      for _, a in ipairs(from) do
        table.insert(from_table, a['addr'])
        table.insert(from_table, '@' .. a['domain'])
      end
    else
      return
    end

    local rcpts = task:get_recipients('smtp')
    if rcpts then
      for _, a in ipairs(rcpts) do
        table.insert(rcpt_table, a['addr'])
        table.insert(rcpt_table, '@' .. a['domain'])
      end
    else
      return
    end

    local action = task:get_metric_action('default')
    rspamd_logger.infox("metric action now: %s", action)

    local function rcpt_callback(err_message, code, body, headers)
      if err_message == nil and code == 201 and body ~= nil then
        if action == 'no action' or action == 'add header' or action == 'rewrite subject' then
          send_mail(task, body)
        end
      end
    end

    local function from_callback(err_message, code, body, headers)
      if err_message == nil and code == 201 and body ~= nil then
        if action == 'no action' or action == 'add header' or action == 'rewrite subject' then
          send_mail(task, body)
        end
      end
    end

    if rcpt_table then
      for _,e in ipairs(rcpt_table) do
        rspamd_logger.infox(rspamd_config, "checking bcc for rcpt address %s", e)
        rspamd_http.request({
          task=task,
          url='http://nginx:8081/bcc.php',
          body='',
          callback=rcpt_callback,
          headers={Rcpt=e}
        })
      end
    end

    if from_table then
      for _,e in ipairs(from_table) do
        rspamd_logger.infox(rspamd_config, "checking bcc for from address %s", e)
        rspamd_http.request({
          task=task,
          url='http://nginx:8081/bcc.php',
          body='',
          callback=from_callback,
          headers={From=e}
        })
      end
    end

    return true
  end,
  priority = 20
})

rspamd_config:register_symbol({
  name = 'DYN_RL_CHECK',
  type = 'prefilter',
  callback = function(task)
    local util = require("rspamd_util")
    local redis_params = rspamd_parse_redis_server('dyn_rl')
    local rspamd_logger = require "rspamd_logger"
    local envfrom = task:get_from(1)
    local envrcpt = task:get_recipients(1) or {}
    local uname = task:get_user()
    if not envfrom or not uname then
      return false
    end

    local uname = uname:lower()

    if #envrcpt == 1 and envrcpt[1].addr:lower() == uname then
      return false
    end

    local env_from_domain = envfrom[1].domain:lower()

    local function redis_cb_user(err, data)

      if err or type(data) ~= 'string' then
        rspamd_logger.infox(rspamd_config, "dynamic ratelimit request for user %s returned invalid or empty data (\"%s\") or error (\"%s\") - trying dynamic ratelimit for domain...", uname, data, err)

        local function redis_key_cb_domain(err, data)
          if err or type(data) ~= 'string' then
            rspamd_logger.infox(rspamd_config, "dynamic ratelimit request for domain %s returned invalid or empty data (\"%s\") or error (\"%s\")", env_from_domain, data, err)
          else
            rspamd_logger.infox(rspamd_config, "found dynamic ratelimit in redis for domain %s with value %s", env_from_domain, data)
            task:insert_result('DYN_RL', 0.0, data, env_from_domain)
          end
        end

        local redis_ret_domain = rspamd_redis_make_request(task,
          redis_params, env_from_domain, false, redis_key_cb_domain, 'HGET', {'RL_VALUE', env_from_domain}
        )
        if not redis_ret_domain then
          rspamd_logger.infox(rspamd_config, "cannot make request to load ratelimit for domain")
        end
      else
        rspamd_logger.infox(rspamd_config, "found dynamic ratelimit in redis for user %s with value %s", uname, data)
        task:insert_result('DYN_RL', 0.0, data, uname)
      end

    end

    local redis_ret_user = rspamd_redis_make_request(task,
      redis_params, uname, false, redis_cb_user, 'HGET', {'RL_VALUE', uname}
    )
    if not redis_ret_user then
      rspamd_logger.infox(rspamd_config, "cannot make request to load ratelimit for user")
    end
    return true
  end,
  flags = 'empty',
  priority = 20
})

rspamd_config:register_symbol({
  name = 'NO_LOG_STAT',
  type = 'postfilter',
  callback = function(task)
    local from = task:get_header('From')
    if from and (monitoring_hosts:get_key(from) or from == "watchdog@localhost") then
      task:set_flag('no_log')
      task:set_flag('no_stat')
    end
  end
})

rspamd_config:register_symbol({
  name = 'MOO_FOOTER',
  type = 'prefilter',
  callback = function(task)
    local cjson = require "cjson"
    local lua_mime = require "lua_mime"
    local lua_util = require "lua_util"
    local rspamd_logger = require "rspamd_logger"
    local rspamd_http = require "rspamd_http"
    local envfrom = task:get_from(1)
    local uname = task:get_user()
    if not envfrom or not uname then
      return false
    end
    local uname = uname:lower()
    local env_from_domain = envfrom[1].domain:lower()
    local env_from_addr = envfrom[1].addr:lower()

    local function newline(task)
      local t = task:get_newlines_type()
      if t == 'cr' then return '\r' elseif t == 'lf' then return '\n' end
      return '\r\n'
    end

    -- NEW: Analyze MIME structure complexity
    local function analyze_mime_structure(task)
      local parts = task:get_parts()
      if not parts or #parts == 0 then 
        return {simple = true, depth = 0, is_complex = false} 
      end
      local max_depth = 0
      local has_related = false
      local has_mixed = false
      local has_inline_images = false
      local has_attachments = false
      for _, part in ipairs(parts) do
        if part:is_multipart() then
          local _, msubtype = part:get_type()
          if msubtype == 'related' then has_related = true end
          if msubtype == 'mixed' then has_mixed = true end
        end
        if part:is_attachment() then
          has_attachments = true
        end
        if part:is_image() then
          local cd = part:get_header('Content-Disposition')
          if cd and cd:lower():match('inline') then
            has_inline_images = true
          end
        end
      end
      local is_complex = (has_related and has_mixed and has_attachments)
      return {
        has_related = has_related,
        has_mixed = has_mixed,
        has_inline_images = has_inline_images,
        has_attachments = has_attachments,
        is_complex = is_complex
      }
    end

    local function footer_cb(err_message, code, data, headers)
      if err_message or type(data) ~= 'string' then
        rspamd_logger.infox(rspamd_config, "domain wide footer request for user %s returned invalid or empty data (\"%s\") or error (\"%s\")", uname, data, err_message)
      else
        local footer = cjson.decode(data)
        if not footer then
          rspamd_logger.infox(rspamd_config, "parsing domain wide footer for user %s returned invalid or empty data (\"%s\") or error (\"%s\")", uname, data, err_message)
        else
          if footer and type(footer) == "table" and (footer.html and footer.html ~= "" or footer.plain and footer.plain ~= "")  then
            
            -- NEW: Analyze structure BEFORE processing
            local structure = analyze_mime_structure(task)
            
            rspamd_logger.infox(rspamd_config, "found domain wide footer for user %s: html=%s, plain=%s, vars=%s", uname, footer.html, footer.plain, footer.vars)
            rspamd_logger.infox(rspamd_config, "MIME structure analysis: depth=%d, has_related=%s, has_mixed=%s, has_inline=%s, has_attach=%s, complex=%s", 
              structure.depth, 
              tostring(structure.has_related), 
              tostring(structure.has_mixed), 
              tostring(structure.has_inline_images), 
              tostring(structure.has_attachments),
              tostring(structure.is_complex))

            -- NEW: Skip footer for ultra-complex structures (Outlook signature + attachments)
            if structure.is_complex then
              rspamd_logger.warnx(rspamd_config, "SKIPPING footer for complex MIME structure (likely Outlook signature + attachments) to prevent attachment loss for user %s", uname)
              return
            end

            if footer.skip_replies ~= 0 then
              in_reply_to = task:get_header_raw('in-reply-to')
              if in_reply_to then
                rspamd_logger.infox(rspamd_config, "mail is a reply - skip footer")
                return
              end
            end

            local envfrom_mime = task:get_from(2)
            local from_name = ""
            if envfrom_mime and envfrom_mime[1].name then
              from_name = envfrom_mime[1].name
            elseif envfrom and envfrom[1].name then
              from_name = envfrom[1].name
            end

            local replacements = {
              auth_user = uname,
              from_user = envfrom[1].user,
              from_name = from_name,
              from_addr = envfrom[1].addr,
              from_domain = envfrom[1].domain:lower()
            }
            
            if footer.vars and type(footer.vars) == "string" then
              local footer_vars = cjson.decode(footer.vars)
              if type(footer_vars) == "table" then
                for key, value in pairs(footer_vars) do
                  replacements[key] = value
                end
              end
            end
            
            if footer.html and footer.html ~= "" then
              footer.html = lua_util.jinja_template(footer.html, replacements, true)
            end
            if footer.plain and footer.plain ~= "" then
              footer.plain = lua_util.jinja_template(footer.plain, replacements, true)
            end

            local out = {}
            local rewrite = lua_mime.add_text_footer(task, footer.html, footer.plain) or {}

            local seen_cte
            local newline_s = newline(task)

            local ct = task:get_header('Content-Type', false)
            local is_multipart = ct and ct:lower():match('^multipart/')

            local function has_non_ascii(text)
              if not text or text == "" then return false end
              return text:match('[\128-\255]') ~= nil
            end

            local footer_needs_utf8 = has_non_ascii(footer.html) or has_non_ascii(footer.plain)

            local function rewrite_ct_cb(name, hdr)
              if rewrite.need_rewrite_ct then
                if name:lower() == 'content-type' then
                  local boundary_part = rewrite.new_ct.boundary and
                    string.format('; boundary="%s"', rewrite.new_ct.boundary) or ''

                  local charset_part = ''
                  if not is_multipart then
                    if footer_needs_utf8 then
                      charset_part = '; charset=utf-8'
                      rspamd_logger.infox(rspamd_config, "footer contains non-ASCII characters, forcing UTF-8 charset")
                    else
                      local orig_charset = hdr.raw:match('[Cc][Hh][Aa][Rr][Ss][Ee][Tt]%s*=%s*"?([^;%s"]+)')
                      if orig_charset then
                        charset_part = string.format('; charset=%s', orig_charset)
                      else
                        charset_part = '; charset=utf-8'
                      end
                    end
                  end

                  local nct = string.format('%s: %s/%s%s%s',
                      'Content-Type', rewrite.new_ct.type, rewrite.new_ct.subtype, charset_part, boundary_part)
                  out[#out + 1] = nct
                  task:set_milter_reply({
                    remove_headers = {['Content-Type'] = 0},
                  })
                  task:set_milter_reply({
                    add_headers = {['Content-Type'] = string.format('%s/%s%s%s',
                      rewrite.new_ct.type, rewrite.new_ct.subtype, charset_part, boundary_part)}
                  })
                  return
                elseif name:lower() == 'content-transfer-encoding' then
                  if not is_multipart then
                    out[#out + 1] = string.format('%s: %s',
                        'Content-Transfer-Encoding', 'quoted-printable')
                    task:set_milter_reply({
                      remove_headers = {['Content-Transfer-Encoding'] = 0},
                    })
                    task:set_milter_reply({
                      add_headers = {['Content-Transfer-Encoding'] = 'quoted-printable'}
                    })
                    seen_cte = true
                  else
                    out[#out + 1] = hdr.raw:gsub('\r?\n?$', '')
                  end
                  return
                end
              end
              out[#out + 1] = hdr.raw:gsub('\r?\n?$', '')
            end

            task:headers_foreach(rewrite_ct_cb, {full = true})

            if not seen_cte and rewrite.need_rewrite_ct and not is_multipart then
              out[#out + 1] = string.format('%s: %s', 'Content-Transfer-Encoding', 'quoted-printable')
            end

            out[#out + 1] = newline_s

            if rewrite.out then
              for _,o in ipairs(rewrite.out) do
                out[#out + 1] = o
              end
            else
              out[#out + 1] = task:get_rawbody()
            end

            local out_parts = {}
            for _,o in ipairs(out) do
              if type(o) ~= 'table' then
                out_parts[#out_parts + 1] = o
                out_parts[#out_parts + 1] = newline_s
              else
                local part_content = tostring(o[1])
                if is_multipart then
                  out_parts[#out_parts + 1] = part_content
                else
                  local removePrefix = "--\r\nContent-Type"
                  if string.lower(string.sub(part_content, 1, string.len(removePrefix))) == string.lower(removePrefix) then
                    part_content = string.sub(part_content, string.len("--\r\n") + 1)
                  end
                  out_parts[#out_parts + 1] = part_content
                end
                if o[2] then
                  out_parts[#out_parts + 1] = newline_s
                end
              end
            end
            task:set_message(out_parts)
          else
            rspamd_logger.infox(rspamd_config, "domain wide footer request for user %s returned invalid or empty data (\"%s\")", uname, data)
          end
        end
      end
    end

    rspamd_http.request({
      task=task,
      url='http://nginx:8081/footer.php',
      body='',
      callback=footer_cb,
      headers={Domain=env_from_domain,Username=uname,From=env_from_addr},
    })

    return true
  end,
  priority = 1
})

Key Difference Between the Two Files

One function, one logic change:
The analyze_mime_structure function in the MOO_FOOTER section

Document 1 (Complex): Use for MS Outlook 2016 or later or other Email Clients.

Recursively analyzes the email structure tree
Calculates how deep the structure is nested
Skips footer if: (related + mixed + inline images + attachments) OR depth > 2

Document 2 (Simplified): Use this for legacy MS 2003-2013 (or update your email client)

Flat loop through email parts (no recursion)
Doesn’t calculate depth at all
Skips footer if: (related + mixed + attachments) only

Document 1 says “skip footers if the email looks complex OR is deeply nested,” while Document 2 says “skip footers ONLY if we see the specific Outlook signature+attachment pattern.”

The OR depth > 2 check in Document 1 was triggering on Legacy Outlook emails, causing footers to be skipped unnecessarily. Document 2 removes that check, allowing footers on more legitimate emails while still protecting against the actual problematic case.

Everything else in both files is identical.

If they are not going to add the PR and skip around the BIG issue then I can do anymore to help. Never relised that some coders will refuse to swallow their pride and accept a community member is trying to fix an issue. If you really want to use Mailcow then I would suggest one of the above documents that works for your evironment. I myself am using the latter as Thunderbird does not give a hoot and just works. The more people who onboard with Thunderbird and get away from MS products the world will be a better place. I will not contribute more of my time to Mailcow developers but will help the community where required.

CK_beats

shaneodoo
I have to give a little update on this:
Apparently the code from your “Document 1” differs from this code: function1983 .
Suddenly the domain-wide footers were missing from all emails.
I went back to the “old” rspamd.local.lua code and the footer worked again.
MS Outlook 2013 was always used as the client.
Just for information.

CK_beats

Does your “document 1” correspond to the latest version from here https://community.mailcow.email/d/4773-attachment-issue-after-updating-to-mailcow-2025-03a/140 ?
Or have there been any further changes here?
The aforementioned version works perfectly in our environment with Outlook 2016 as a client!

I also think it’s a shame that the programmers in the community don’t let you help them. That’s exactly the idea behind open source software. This is not good for the spirit of open source.

Once again a huge thank you for helping us here! Since the domain-wide footer can be used together with your script, everything is happy here! That’s exactly how it has to be! 😊😊😊👍👍

If the footer is missing from time to time, that’s not a problem. All attachments and graphic inlets are available!

shaneodoo

CK_beats yes Doc 1 is from here and doc two is the running one in the PR. It would be nice to know which works best for people so I can push it out and remove the PR that’s not going anywhere_

CK_beats

shaneodoo
Here we use “Document 1”, which you published together with @function1983 .
Since then, all attachments or embedded graphics have been present.
It’s not even noticeable that the footer is occasionally missing.
Since we don’t use a version older than Outlook 2013, I unfortunately can’t say anything about “Document 2”.

Have a nice Sunday everyone!

« Previous Page