Re: Spam DKIM signed by Paypal coming from their Microsoft Tenant?

On 11/14/22 21:14, Shawn Iverson wrote: How do I stop this? paypal.com is in the default DKIM whitelist! Does this work on your sample ? The body you posted is only partial. uri__URI_IMG_PAYPAL

Re: PBL and rejects

Hi, > > > I'm hoping I can ask this question here. Somehow the PBL considered the > IP > > addresses given to us by our ISP (I can share this if needed) as > ineligible > > to send email, resulting in any recipient domain that checks the PBL to > > reject our email, > > AIUI, PBL is supposed to

Re: PBL and rejects

Alex writes: > I'm hoping I can ask this question here. Somehow the PBL considered the IP > addresses given to us by our ISP (I can share this if needed) as ineligible > to send email, resulting in any recipient domain that checks the PBL to > reject our email, AIUI, PBL is supposed to be for

PBL and rejects

Hi, I'm hoping I can ask this question here. Somehow the PBL considered the IP addresses given to us by our ISP (I can share this if needed) as ineligible to send email, resulting in any recipient domain that checks the PBL to reject our email, including every email sent to a Microsoft 365

Re: Spam DKIM signed by Paypal coming from their Microsoft Tenant?

On Mon, 2022-11-14 at 15:14 -0500, Shawn Iverson wrote: > How do I stop this?  paypal.com is in the default DKIM whitelist! > I'd treat it as spam because the domain name in the From header doesn't match the domain name in the Message-ID header.  That works for me, with virtually no false mail

Re: Spam DKIM signed by Paypal coming from their Microsoft Tenant?

Corrected... Default Whitelist Exceptions handling -- SJI 11/14/22 shortcircuit USER_IN_DKIM_WHITELIST off score USER_IN_DKIM_WHITELIST 0 score USER_IN_DEF_DKIM_WL 0 header CUSTOM_FROM_PAYPAL From:addr =~ /paypal\.com/ metaCUSTOM_DKIM_WL_EXCEPTIONS USER_IN_DKIM_WHITELIST &&

Re: Spam DKIM signed by Paypal coming from their Microsoft Tenant?

For those fighting the same battles... # Default Whitelist Exceptions handling -- SJI 11/14/22 shortcircuit USER_IN_DKIM_WHITELIST off score USER_IN_DKIM_WHITELIST 0 score USER_IN_DEF_DKIM_WL 0 header CUSTOM_FROM_PAYPAL From:addr =~ /paypal\.com/ metaCUSTOM_DKIM_WL_EXCEPTIONS

Re: Spam DKIM signed by Paypal coming from their Microsoft Tenant?

Oh yeah? [@x~]$ grep DEF_WHITELIST /var/lib/spamassassin/3.004006/updates_spamassassin_org/* /var/lib/spamassassin/3.004004/updates_spamassassin_org/30_text_de.cf:lang de describe USER_IN_DEF_WHITELIST Absenderadresse steht in der allgemeinen weien Liste

RE: Spam DKIM signed by Paypal coming from their Microsoft Tenant?

There is no such thing as a default whitelist. > >> > >> How do I stop this? paypal.com is in the > default > >> DKIM whitelist! > >> > > > > > > score USER_IN_DKIM_WHITELIST 0 > > would affect *every* mail in the default whitelist and so be a knee-jerk > reaction without

Re: Spam DKIM signed by Paypal coming from their Microsoft Tenant?

I have also seen the PayPal ecosystem being abused by bad actors sending things like fake invoices. I am also +1 to remove the domain from the dkim wl. Regards, KAM On Mon, Nov 14, 2022, 16:01 Shawn Iverson wrote: > Bottom line is I don't think paypal deserves to be default whitelisted in >

Re: Spam DKIM signed by Paypal coming from their Microsoft Tenant?

Bottom line is I don't think paypal deserves to be default whitelisted in recent history. I've received a lot of spam actually from paypal and judiciously report it to phish...@paypal.com with no apparent action or response. On Mon, Nov 14, 2022 at 3:56 PM Shawn Iverson wrote: > So what I'm

Re: Spam DKIM signed by Paypal coming from their Microsoft Tenant?

So what I'm going to do is turn shortcircuit off for USER_IN_DKIM_WHITELIST Create a meta to catch papal.com as the from address and score appropriately Create a counter meta to score other deserving DKIM-signers appropriately On Mon, Nov 14, 2022 at 3:43 PM Alan Hodgson wrote: > On Mon,

Re: Spam DKIM signed by Paypal coming from their Microsoft Tenant?

The DKIM signature looks valid. On Mon, Nov 14, 2022 at 3:43 PM Alan Hodgson wrote: > On Mon, 2022-11-14 at 15:14 -0500, Shawn Iverson wrote: > > How do I stop this? paypal.com is in the default DKIM whitelist! > > > > That message really looks like it came from Paypal and then was > forwarded

Re: Spam DKIM signed by Paypal coming from their Microsoft Tenant?

Are you asking me to rescore these back to 0? That will take some effort to do, but if that's what it takes... On Mon, Nov 14, 2022 at 3:42 PM Marc wrote: > > > > How do I stop this? paypal.com is in the default > > DKIM whitelist! > > > > > > > score

Re: Spam DKIM signed by Paypal coming from their Microsoft Tenant?

On Mon, 2022-11-14 at 15:14 -0500, Shawn Iverson wrote: > How do I stop this?  paypal.com is in the default DKIM whitelist! > That message really looks like it came from Paypal and then was forwarded by Microsoft to your server. Was it really a fake? That's a lot of headers to fake if so. If it

RE: Spam DKIM signed by Paypal coming from their Microsoft Tenant?

> > How do I stop this? paypal.com is in the default > DKIM whitelist! > > score USER_IN_DKIM_WHITELIST 0 ?

Spam DKIM signed by Paypal coming from their Microsoft Tenant?

How do I stop this? paypal.com is in the default DKIM whitelist! X-Spam-Status: No, score=-107.7 required=6.0 tests=DKIM_VALID,DKIM_VALID_AU, ,FREEMAIL_FROM,SHORTCIRCUIT,SPF_HELO_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DKIM_WHITELIST shortcircuit=ham autolearn=disabled version=3.4.4

Re: How to incorporate network blocks

On 11/11/22 10:10 AM, Bill Cole wrote: From my bashrc... # type cidrcon cidrcon is a function cidrcon () { for a in $*; do echo $a; done | perl -e "use Net::CIDR::Lite; \$cidr = Net::CIDR::Lite->new(<>) ; \$_ = join (\"\n\",\$cidr->list) ; print \"\$_\n\";" } Oh ...