Le 13/03/2023 à 22:28, Slavko via Exim-users a écrit :
All 3 lines seem to me to relate to receiving the message. I don’t see a line
that is about sending the message, or signing it.
Yes, received. The line has no DKIM= field, which is logged by default,
thus seems that message had not valid
On 3/14/23 08:07, Jeremy Harris via Exim-users wrote:
> Only authentication methods which are self-encrypted should be used on a
> cleartext channel.
Further, I'm not aware of clients which have the specific behavior of switching
to TLS after authentication.
While we're at it, will Exim or
On 3/14/23 08:07, Jeremy Harris via Exim-users wrote:
> On 13/03/2023 23:43, Gedalya via Exim-users wrote:
>> 4. On ports 587, authentication should not be advertised before STARTTLS is
>> issued.
>
> A slight suggested relaxation of that rule: Only authentication methods
> which are
On 13/03/2023 23:43, Gedalya via Exim-users wrote:
4. On ports 587, authentication should not be advertised before STARTTLS is
issued.
A slight suggested relaxation of that rule: Only authentication methods
which are self-encrypted should be used on a cleartext channel.
That mean the same
On 3/14/23 05:57, Yves via Exim-users wrote:
> Yes, it is just that most emails I receive are sent through ISPs or from
> commercial companies, and go through a bunch of internal relays. Although
> completely standard, such direct emails are rare enough for me that I noticed…
Spam is very
Thank you Gedalya for answering.
On 13/03/2023 12:02, Gedalya via Exim-users wrote:
On 3/13/23 05:34, Yves via Exim-users wrote:
— This email went through very few intermediaries to reach my server
(yalis.fr). Apparently, it actually came directly from the sender (a
Palestinian ISP).
> Why
Hi,
Dňa 13. marca 2023 19:12:20 UTC používateľ Yves via Exim-users
napísal:
>which returned nothing, and $?==0. So the signature is valid!
I never used OpenDKIM, thus i cannot comment.
>I checked per your advice on the server:
>
>[root@seuil3 etc]# journalctl --grep 640E42D8.7020207
>mars 12
On 3/14/23 03:12, Yves via Exim-users wrote:
> Could it be that the message is signed when I receive it
Try to run:
exim -bV
See if the output includes a line resembling --
Configuration file is /etc/exim4/exim4.conf
Examine the file and look for lines containing "dkim_private_key",
On 3/14/23 03:12, Yves via Exim-users wrote:
>
> opendkim-testmsg <./"Hey, what's up? - - 2023-03-12 2223.eml"
>
> which returned nothing, and $?==0. So the signature is valid!
>
> [root@seuil3 etc]# journalctl --grep 640E42D8.7020207
> mars 12 20:23:47 seuil3 spamd[522247]: spamd: checking
Thank you Slavko for your answer.
On 13/03/2023 10:28, Slavko via Exim-users wrote:
Dňa 12. 3. o 22:34 Yves via Exim-users napísal(a):
[…]
— There is a DKIM signature done by my own server (d=yalis.fr), which
includes the From header, and that header is @yalis.fr.
Can be DKIM replay, it can
> From: exi.ml @ yalis.fr
>
> I just received a SPAM (I hope), but the headers retained my attention;
> here they are, in full:
An infected Windows sent this common fraudulent spam with the same
email address in From: and envelope-from as the recipient.
And the same domain in Message-ID.
>
On 3/13/23 05:34, Yves via Exim-users wrote:
>
> I am surprised by a few things:
>
> — This email went through very few intermediaries to reach my server
> (yalis.fr). Apparently, it actually came directly from the sender (a
> Palestinian ISP).
Why would that surprise you? They just did exactly
Dňa 12. 3. o 22:34 Yves via Exim-users napísal(a):
I have no solution for you, but some comments:
— This email went through very few intermediaries to reach my server
(yalis.fr). Apparently, it actually came directly from the sender (a
Palestinian ISP).
Received: headers can be faked,
I just received a SPAM (I hope), but the headers retained my attention;
here they are, in full:
Return-Path:
Delivered-To: y...@yalis.fr
Received: from seuil3 ([192.168.1.201])
by sphinx3 with LMTP
id UARXHdImDmQdcBQAMvrXhg
(envelope-from )
for ; Sun, 12 Mar
14 matches
Mail list logo