header checks and regex issues

[Alex]

Hi,

I'm having a problem with a few different emails with attachments
being rejected due to some pattern in my header checks that I can't
figure out:

Sep 28 09:34:11 mail03 postfix/cleanup[24507]: 31926209EDF9: reject:
header Content-Type: application/vnd.ms-excel;??name="Copy of Net
Commissions Payment sheet 2016 (003).xls" from
mail-by2nam01on0136.outbound.protection.outlook.com[104.47.34.136];
from=<ke...@paymentcompany.com> to=<greenw...@example.com> proto=ESMTP
helo=<NAM01-BY2-obe.outbound.protection.outlook.com>: 5.7.1 message
content rejected

I've run the following to try and identify which rule is blocking it:

# postmap -q 'Content-Type: application/vnd.ms-excel;??name="Copy of
Net Commissions Payment sheet 2016 (003).xls"'
pcre:/etc/postfix/header_checks.pcre

It returns nothing.

How can I modify the lines in my header_checks.pcre file to provide
more info on the specific pattern that's causing the problem instead
of just "message content rejected" the next time the email is
received?

In my main.cf I have the following regarding header checks:

header_checks = pcre:/etc/postfix/header_checks.pcre
        pcre:/etc/postfix/header_checks-jimsun.pcre
mime_header_checks = pcre:/etc/postfix/mime_header_checks

The first one is specifically From and Received headers. The jimsun
file is just the following:

/^Content-(Disposition|Type):\s+.+?(?:file)?name="?.+?\.(386|exe|ad[ept]|app|as[dpx]|ba[st]|bin|btm|cab|cb[lt]|cgi|chm|cil|cla(ss)?|cmd|cp[el]|crt|cs[chs]|cvp|dll|dot|drv|em(ai)?l|ex[_e]|fon|fxp|hlp|ht[ar]|in[fips]|isp|jar|jse?|keyreg|ksh|lib|lnk|md[abetw]|mht(m|ml)?|mp3|ms[ciopt]|nte|nws|obj|ocx|ops|ov.|pcd|pgm|pif|p[lm]|pot|pps|prg|reg|sc[rt]|sh[bs]?|slb|smm|sw[ft]|sys|url|vb[esx]?|vir|vmx|vxd|wm[dsz]|ws[cfh]|xlw|xms|\{[\da-f]{8}(?:-[\da-f]{4}){3}-[\da-f]{12}\})\b/
       REJECT ".$2" file attachment types not allowed
/^Content-(Disposition|Type):\s+.+?(file)?name="?.+?\.com(\.\S{2,4})?(\?=)?"?(;|$)/
    REJECT ".com" file attachment types not allowed
/^Content-(Disposition|Type):\s+.*?(file)?name="?.*?(your_details|application|document|screensaver|movie)\.zip/
 REJECT
/^Content-(Disposition|Type):\s+.+?(file)?name="?.+?\.zip\b/    WARN
/^Content-(Disposition|Type):\s+.+?(file)?name="?.+?\.pdf\.html\b/
 REJECT  pdf.html not allowed

The mime types file is here, in case someone was able to download it
and help me figure this out:

# mime_types
http://pastebin.com/KkMcBRBw

I've also tested it with a few other different reject entries from my
logs, and I can identify how they're being rejected in every case
except this one.

Any help greatly appreciated.
Thanks,
Alex