<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:12.0pt;
font-family:"Calibri",sans-serif;
mso-ligatures:standardcontextual;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style></head><body lang=EN-US link="#0563C1" vlink="#954F72" style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt'>I am in beta with latest Mailscanner and Mailwatch with postfix and Spamassassin. Is there a way to keep whitelisted messages from being defanged? <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>2025-10-24T13:44:25.148402-07:00 sentry MailScanner[55478]: Message 8594084A4F.A876D from x.x.x.x (0100019a17f71a52-7031ce0b-b836-4d6f-89f8-c143d40cf11d-000000@spf.ses.auth.aws.example.com) is whitelisted<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>2025-10-24T13:44:25.428061-07:00 sentry MailScanner[55478]: Content Checks: Detected and have disarmed hidden tags in HTML message in 8594084A4F.A876D from 0100019a17f71a52-7031ce0b-b836-4d6f-89f8-c143d40cf11d-000000@spf.ses.auth.aws.example.com <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>(That’s the envelope-from , the From: is helpdesk@mycompany.com)<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Or is there another way to do this? Big picture:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>We use a third-party helpdesk provider. They send email from <a href="mailto:helpdesk@mycompany.com">helpdesk@mycompany.com</a> , via Amazon SES (with proper SPF and DKIM set up by us)<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>I have spf.ses.auth.aws.example.com in spam.whitelist.rules. <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>They add some custom URL’s, like: X-Example-Account: mycompany<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>I also know which URL’s I’d want to exclude, if excluding specific URL’s was possible<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>For obvious reasons, I wouldn’t want to whitelist From:helpdesk@mycompany.com or all of Amazon SES<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Any thoughts? <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Thanks very much<br>Betsy<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>--<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>MailWatch Version: 1.2.23<br>Operating System Version: Ubuntu 24.04.3 LTS (Noble Numbat)<br>Postfix Version: 3.8.6<br>MailScanner Version: 5.5.3<br>ClamAV Version: 1.4.3<br>SpamAssassin Version: 4.0.0<br>PHP Version: 8.3.6<br>MySQL Version: 10.11.13-MariaDB-0ubuntu0.24.04.1<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>--<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'># grep Allow /etc/MailScanner/MailScanner.conf |grep -v ^#<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Allow Password-Protected Archives = no<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Allowed Sophos Error Messages =<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Allow Partial Messages = no<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Allow External Message Bodies = no<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Allow IFrame Tags = disarm<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Allow Form Tags = disarm<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Allow Script Tags = disarm<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Allow WebBugs = yes<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Allow Object Codebase Tags = disarm<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Allow Filenames =<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Allow Filetypes =<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Allow File MIME Types =<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Archives: Allow Filenames =<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Archives: Allow Filetypes =<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Archives: Allow File MIME Types =<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Allow Multiple HTML Signatures = no<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>--<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'># cat /etc/MailScanner/rules/spam.whitelist.rules |grep -v ^#<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>From: /[\@\.]example-outgoing\.mycompany\.com$/ yes<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>From: /[\@\.]spf\.ses\.auth\.aws\.example\.com$/ yes<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>FromOrTo: default no<o:p></o:p></span></p></div></body></html>