For those fighting the same battles... # Default Whitelist Exceptions handling -- SJI 11/14/22 shortcircuit USER_IN_DKIM_WHITELIST off score USER_IN_DKIM_WHITELIST 0 score USER_IN_DEF_DKIM_WL 0
header CUSTOM_FROM_PAYPAL From:addr =~ /paypal\.com/ meta CUSTOM_DKIM_WL_EXCEPTIONS USER_IN_DKIM_WHITELIST && ENA_FROM_PAYPAL describe CUSTOM_DKIM_WL_EXCEPTIONS Exception for paypal in DKIM whitelisting score CUSTOM_DKIM_WL_EXCEPTIONS 0.001 meta CUSTOM_DKIM_OK USER_IN_DKIM_WHITELIST && !CUSTOM_DKIM_WL_EXCEPTIONS describe CUSTOM_DKIM_OK All other whitelisted senders score CUSTOM_DKIM_OK -100 On Mon, Nov 14, 2022 at 3:56 PM Shawn Iverson <shawniver...@gmail.com> wrote: > So what I'm going to do is turn shortcircuit off for USER_IN_DKIM_WHITELIST > > Create a meta to catch papal.com as the from address and score > appropriately > Create a counter meta to score other deserving DKIM-signers appropriately > > On Mon, Nov 14, 2022 at 3:43 PM Alan Hodgson <ahodg...@lists.simkin.ca> > wrote: > >> On Mon, 2022-11-14 at 15:14 -0500, Shawn Iverson wrote: >> > How do I stop this? paypal.com is in the default DKIM whitelist! >> > >> >> That message really looks like it came from Paypal and then was >> forwarded by Microsoft to your server. Was it really a fake? That's a >> lot of headers to fake if so. >> >> If it was really fake and that paypal-supplied DKIM signature doesn't >> validate (I didn't check that), then checking DMARC when you receive >> mail and rejecting on p=reject failures would block it. >> >