Whitelisted emails still get defanged (how to whitelist these?)

betsys at well.com betsys at well.com
Fri Oct 24 21:27:16 UTC 2025 

I am in beta with latest Mailscanner and Mailwatch with postfix and
Spamassassin. Is there a way to keep whitelisted messages from being
defanged? 

 

2025-10-24T13:44:25.148402-07:00 sentry MailScanner[55478]: Message
8594084A4F.A876D from x.x.x.x
(0100019a17f71a52-7031ce0b-b836-4d6f-89f8-c143d40cf11d-000000 at spf.ses.auth.a
ws.example.com) is whitelisted

2025-10-24T13:44:25.428061-07:00 sentry MailScanner[55478]: Content Checks:
Detected and have disarmed hidden tags in HTML message in 8594084A4F.A876D
from
0100019a17f71a52-7031ce0b-b836-4d6f-89f8-c143d40cf11d-000000 at spf.ses.auth.aw
s.example.com 

 

(That's the envelope-from , the From: is helpdesk at mycompany.com)

Or is there another way to do this?  Big picture:

 

We use a third-party helpdesk provider.  They send email from
helpdesk at mycompany.com <mailto:helpdesk at mycompany.com>  , via Amazon SES
(with proper SPF and DKIM set up by us)

I have spf.ses.auth.aws.example.com in spam.whitelist.rules. 

 

They add some custom URL's,  like:   X-Example-Account: mycompany

I also know which URL's I'd want to exclude, if excluding specific URL's was
possible

For obvious reasons, I wouldn't want to whitelist
From:helpdesk at mycompany.com or all of Amazon SES

 

Any thoughts? 

Thanks very much
Betsy

--

MailWatch Version: 1.2.23
Operating System Version: Ubuntu 24.04.3 LTS (Noble Numbat)
Postfix Version: 3.8.6
MailScanner Version: 5.5.3
ClamAV Version: 1.4.3
SpamAssassin Version: 4.0.0
PHP Version: 8.3.6
MySQL Version: 10.11.13-MariaDB-0ubuntu0.24.04.1

--

# grep Allow /etc/MailScanner/MailScanner.conf |grep -v ^#

Allow Password-Protected Archives = no

Allowed Sophos Error Messages =

Allow Partial Messages = no

Allow External Message Bodies = no

Allow IFrame Tags = disarm

Allow Form Tags = disarm

Allow Script Tags = disarm

Allow WebBugs = yes

Allow Object Codebase Tags = disarm

Allow Filenames =

Allow Filetypes =

Allow File MIME Types =

Archives: Allow Filenames =

Archives: Allow Filetypes =

Archives: Allow File MIME Types =

Allow Multiple HTML Signatures = no

--

# cat /etc/MailScanner/rules/spam.whitelist.rules |grep -v ^#

From:   /[\@\.]example-outgoing\.mycompany\.com$/         yes

From:   /[\@\.]spf\.ses\.auth\.aws\.example\.com$/         yes

FromOrTo:       default         no

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20251024/60f9cc91/attachment.htm>

More information about the MailScanner mailing list