GFI Support Home Start a conversation Sign in
Start a conversation
  1. GFI MailEssentials
  2. GFI MailEssentials - MailEssentials Dashboard
  3. Public Articles

Resolving HTML Sanitizer Issues in GFI MailEssentials

Overview

This article helps you troubleshoot scenarios where the HTML Sanitizer removes HTML scripts/links (or other active content) even though you believe the sender (or sending server) should be excluded.

  • The email arrives, but expected links/buttons/scripts are missing.
  • You already added an entry under Email Security > HTML Sanitizer, but the message is still being sanitized.
  • You expected whitelist/exclusion entries to appear inside scrubconfig.xml, but they do not.

Solution

  1. Confirm how the HTML Sanitizer is configured.

    Open the MailEssentials Configuration UI and navigate to GFI MailEssentials > Email Security > HTML Sanitizer. Ensure the HTML Sanitizer is enabled and that you are modifying the correct tab:

    • Whitelist: excludes specific senders (email address, domain, or subdomain patterns).
    • Domain/IP Exclusions: excludes messages based on the connecting IP address or by resolving the domain’s MX/SPF at runtime.

  2. Understand what scrubconfig.xml controls.

    The file <GFI MailEssentials installation path>\GFI\MailEssentials\EmailSecurity\Data\scrubconfig.xml is where the HTML Sanitizer reads its allowed tags/attributes rules. It is not intended to store your sender whitelist or Domain/IP Exclusions entries.

  3. Enable tracing (debug logging), then reproduce the issue.

    The HTML Sanitizer’s actions are recorded in debug logs, but those logs require tracing to be enabled. Use the Switchboard to enable tracing, reproduce the issue, then disable tracing after collecting the logs to avoid unnecessary disk usage/performance impact.

  4. Open the HTML Sanitizer debug log.

    Review the log file:

    <GFI MailEssentials installation path>\GFI\MailEssentials\EmailSecurity\DebugLogs\Html Script Removal.gfi_log.txt

    Search for the affected message using its Message-ID (from the email’s headers) to find the relevant block of entries for that email.

  5. Whitelist the exact sender identity that is being checked.

    Mail systems can legitimately use different sender identities during transmission (for example, SMTP envelope sender vs the visible MIME From: address). Because of this, the domain you initially whitelisted may not match what is being evaluated at scan time.

    Use the sender information observed in Html Script Removal.gfi_log.txt to decide what to add:

    • If the sender is on a subdomain, whitelist that subdomain (example: *@mail.example.com), not only *@example.com.
    • If the connecting IP is not the one you expected, consider excluding by domain (MX/SPF resolution) in Domain/IP Exclusions instead of trying to keep up with individual IP changes.

  6. Apply the configuration change and re-test.

    After updating the relevant tab (Whitelist or Domain/IP Exclusions), click Apply, then send a fresh test email. Re-check Html Script Removal.gfi_log.txt to confirm that the email is now excluded from HTML Sanitizer processing.

Frequently Asked Questions

What should I do if my whitelisted emails are still being sanitized?
Verify that the correct domain and IP address are added to the HTML Sanitizer Whitelist. Check the logs to ensure the domain is correctly identified and added.
How can I confirm that a domain is correctly whitelisted?
Check the logs for entries indicating that the sender domain is whitelisted and that HTML Sanitizer scanning is skipped for emails from that domain.
What information should I provide if the issue persists?
Provide a screenshot of the HTML Sanitizer Whitelist, a copy of the filtered email, and fresh troubleshooting logs to assist in further investigation.
Choose files or drag and drop files
ai_initiated
atlas_studio
kb_automation
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted

Comments