> On Jan 29, 2025, at 9:23 AM, Alan via users
> wrote:
>
> As far as I can tell, they're valid notifications from PayPal, and probably
> useful for legitimate purposes. What the messages are doing is attempting to
> trigger sufficient anxiety that the recipient calls the phone number in the
Hello Greg,
Thursday, January 30, 2025, 2:45:09 PM, you wrote:
GT> Thanks. I should have looked in current data. People using old
GT> distribution-provided SA is a real problem, but one that doesn't seem
GT> fixable.
Ah, I had the wrong path in crontab to sa-update
This should sort the upda
giova...@paclan.it writes:
> Paypal[.]com has been removed from default WL in November
> (https://github.com/apache/spamassassin/commit/76906e0c7c064391bf832b3eb885ae74aed6c8b5)
> With updated rules USER_IN_DEF_DKIM_WL should not hit.
Thanks. I should have looked in current data. People using
On 1/30/25 1:53 AM, Greg Troxel wrote:
Mark London writes:
Alan, you’ve pointed out the issue with the scam emails. Specifically
with the phone number. Venmo emails are doing something similar. I’m
sure thst PayPal and Venmo will not do anything to stop these. PayPal
knows about it. They h
Niamh Holding writes:
> Hello Greg,
>
> Wednesday, January 29, 2025, 12:28:13 PM, you wrote:
>
> GT> - 1) this email was emitted from paypal's mail system
> GT> - 2) paypal's DKIM signing key is compromised
> GT> - 3) spamassassin is misparsing DKIM
> GT> - 4) something else
>
> GT> I would
Hello Tom,
Thursday, January 30, 2025, 1:47:40 AM, you wrote:
TWvu> Also, I noticed Spamassassin 3.4.6 is being used. Would Spamassassin 4.0
have done a better job at processing these headers?
Under CentOS 9 that's the version one gets with dnf install spamassassin.
--
Best regards,
Niamh
Hello Greg,
Wednesday, January 29, 2025, 12:28:13 PM, you wrote:
GT> - 1) this email was emitted from paypal's mail system
GT> - 2) paypal's DKIM signing key is compromised
GT> - 3) spamassassin is misparsing DKIM
GT> - 4) something else
GT> I would take the message and run it through SA
