I would like to turn the phishing fraud detection off on one domain (the "MailScanner has detected a possible fraud attempt from ..." message). How can I do this?

There are two ways to do this. You can either create a ruleset for the phishing scanning and turn it off for a single domain, or you can add specific sites to the Phishing Safe Sites File so they do not get highlighted by the phishing scanning.

A. To turn off phishing for a single domain do the following:

1. First create a ruleset file in /usr/mailscanner/etc/rules. You might call it "phishing.rules" for instance. In that file put the following lines (or something like them).

From: *@domain.com no
FromOrTo: default yes

The example above would set it to NOT scan for phishing in emails FROM the domain listed. If you want to turn off the phishing scan for emails sent both to and from the domain, change it to FromOrTo:.

2. In WHM > Add-ons > MailScanner > MailScanner Configuration, search for "Find Phishing Fraud". Enter the name of the file you created in step one here, scroll down and click Change.

B. To add sites to the safe sites file, edit /usr/mailscanner/etc/phishing.safe.sites.conf and add the full hostname or IP address of the link destination to this file.

  • 1 Users Found This Useful
Was this answer helpful?

Related Articles

cPanel MailScanner Install/Upgrade Package

Please read this whole page before downloading the package Through our experience of...

Mailscanner front end

cd /usr/src/rm -fv msfe*wget http://www.configserver.com/free/msfeinstaller.tgz tar -xzf...

How can I get the MailScanner configuration to appear in the Xmail cPanel theme?

Do the following steps: cd /usr/local/cpanel/base/frontend/xmail ln -s ../x/cells/ pico -w...

How can I filter spam by blackhole lists such as spamcop.net?

In WHM > MailScanner > MailScanner Configuration you will find a setting for 'Spam List =...

What does the {Disarmed?} tag mean and can I disable it?

The {Disarmed} tag is added by MailScanner when it has detected and disarmed potentially...