<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <p>Hi,</p>
    <p>Double check that your "site.com" string is not also somehow
      matched in the master bad phishing sites conf file that is
      downloaded.  I had a similar issue sometime in the past and wrote
      my own program to process the safe and bad master files and remove
      anything from bad that seemed to also be matched in safe.<br>
    </p>
    <p>For example, this is in safe:</p>
    <p>*.google.com</p>
    <p>and these are in bad:</p>
    <p>drive.google.com<br>
      plus.google.com<br>
      <a class="moz-txt-link-abbreviated" href="http://www.sites.google.com">www.sites.google.com</a><br>
      chrome.google.com<br>
      play.google.com<br>
      appengine.google.com<br>
    </p>
    I guess it all depends on which one you want to take precedence but
    I remove the above from the bad master based on the "*.google.com"
    safe entry since it seemed like the bad list was taking precedence.<br>
    <br>
    <br>
    --tom<br>
    <br>
    <div class="moz-cite-prefix">On 07/26/2018 10:11 AM, Pramod Daya
      wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:DB3PR0402MB3836F78FC5E8AE7EDCB50435F72B0@DB3PR0402MB3836.eurprd04.prod.outlook.com">
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
      <meta name="Generator" content="Microsoft Word 15 (filtered
        medium)">
      <style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
        {mso-style-name:msonormal;
        mso-margin-top-alt:auto;
        margin-right:0cm;
        mso-margin-bottom-alt:auto;
        margin-left:0cm;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
span.EmailStyle18
        {mso-style-type:personal-reply;
        font-family:"Calibri",sans-serif;
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri",sans-serif;
        mso-fareast-language:EN-US;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
      <div class="WordSection1">
        <p class="MsoNormal"><span style="mso-fareast-language:EN-US">Ver
            5.0.3-7<o:p></o:p></span></p>
        <p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
        <p class="MsoNormal"><b><span lang="EN-US">From:</span></b><span
            lang="EN-US"> MailScanner
<a class="moz-txt-link-rfc2396E" href="mailto:mailscanner-bounces+pramod=mindspring.co.za@lists.mailscanner.info"><mailscanner-bounces+pramod=mindspring.co.za@lists.mailscanner.info></a>
            <b>On Behalf Of </b>Shawn Iverson<br>
            <b>Sent:</b> Thursday, 26 July 2018 15:47<br>
            <b>To:</b> MailScanner Discussion
            <a class="moz-txt-link-rfc2396E" href="mailto:mailscanner@lists.mailscanner.info"><mailscanner@lists.mailscanner.info></a><br>
            <b>Subject:</b> Re: Phishing Whitelisting entries not
            working<o:p></o:p></span></p>
        <p class="MsoNormal"><o:p> </o:p></p>
        <div>
          <p class="MsoNormal">Version of mailscanner?<o:p></o:p></p>
        </div>
        <p class="MsoNormal"><o:p> </o:p></p>
        <div>
          <div>
            <p class="MsoNormal">On Thu, Jul 26, 2018, 3:03 AM Pramod
              Daya <<a href="mailto:pramod@mindspring.co.za"
                moz-do-not-send="true">pramod@mindspring.co.za</a>>
              wrote:<o:p></o:p></p>
          </div>
          <blockquote style="border:none;border-left:solid #CCCCCC
            1.0pt;padding:0cm 0cm 0cm
            6.0pt;margin-left:4.8pt;margin-right:0cm">
            <div>
              <div>
                <p class="MsoNormal"
                  style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Hi,<o:p></o:p></p>
                <p class="MsoNormal"
                  style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
                <p class="MsoNormal"
                  style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">I’m
                  using the latest version of ms-update-phishing to
                  download phishing lists, and putting whitelisted sites
                  into /etc/MailScanner/phishing.safe.sites.custom.  
                  They get merged with phishing.safe.sites.conf when
                  ms-update-phishing runs. <o:p></o:p></p>
                <p class="MsoNormal"
                  style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
                <p class="MsoNormal"
                  style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">However,
                  email from sites that I whitelist still get a
                  {Disarmed} tag. <o:p></o:p></p>
                <p class="MsoNormal"
                  style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
                <p class="MsoNormal"
                  style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">I’ve
                  tried adding <a href="mailto:user@site.com"
                    target="_blank" moz-do-not-send="true">user@site.com</a>,
                  .<a href="http://site.com" target="_blank"
                    moz-do-not-send="true">site.com</a>, *.<a
                    href="http://site.com" target="_blank"
                    moz-do-not-send="true">site.com</a>, but I’m not
                  winning. <o:p></o:p></p>
                <p class="MsoNormal"
                  style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
                <p class="MsoNormal"
                  style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Any
                  pearls of wisdom, please ? <o:p></o:p></p>
                <p class="MsoNormal"
                  style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
                <p class="MsoNormal"
                  style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Tnx,<o:p></o:p></p>
                <p class="MsoNormal"
                  style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Pramod
                  <o:p></o:p></p>
                <p class="MsoNormal"
                  style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
              </div>
            </div>
            <p class="MsoNormal" style="margin-bottom:12.0pt"><br>
              <br>
              -- <br>
              MailScanner mailing list<br>
              <a href="mailto:mailscanner@lists.mailscanner.info"
                target="_blank" moz-do-not-send="true">mailscanner@lists.mailscanner.info</a><br>
              <a
                href="http://lists.mailscanner.info/mailman/listinfo/mailscanner"
                target="_blank" moz-do-not-send="true">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><o:p></o:p></p>
          </blockquote>
        </div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">

</pre>
    </blockquote>
    <br>
  </body>
</html>