Corrected... Default Whitelist Exceptions handling -- SJI 11/14/22 shortcircuit USER_IN_DKIM_WHITELIST off score USER_IN_DKIM_WHITELIST 0 score USER_IN_DEF_DKIM_WL 0
header CUSTOM_FROM_PAYPAL From:addr =~ /paypal\.com/ meta CUSTOM_DKIM_WL_EXCEPTIONS USER_IN_DKIM_WHITELIST && CUSTOM_FROM_PAYPAL describe CUSTOM_DKIM_WL_EXCEPTIONS Exception for paypal in DKIM whitelisting score CUSTOM_DKIM_WL_EXCEPTIONS 0.001 meta CUSTOM_DKIM_OK USER_IN_DKIM_WHITELIST && !CUSTOM_DKIM_WL_EXCEPTIONS describe CUSTOM_DKIM_OK All other whitelisted senders score CUSTOM_DKIM_OK -100 On Mon, Nov 14, 2022 at 4:38 PM Shawn Iverson <shawniver...@gmail.com> wrote: > For those fighting the same battles... > > # Default Whitelist Exceptions handling -- SJI 11/14/22 > shortcircuit USER_IN_DKIM_WHITELIST off > score USER_IN_DKIM_WHITELIST 0 > score USER_IN_DEF_DKIM_WL 0 > > header CUSTOM_FROM_PAYPAL From:addr =~ /paypal\.com/ > meta CUSTOM_DKIM_WL_EXCEPTIONS USER_IN_DKIM_WHITELIST && > ENA_FROM_PAYPAL > describe CUSTOM_DKIM_WL_EXCEPTIONS Exception for paypal in DKIM > whitelisting > score CUSTOM_DKIM_WL_EXCEPTIONS 0.001 > > meta CUSTOM_DKIM_OK USER_IN_DKIM_WHITELIST && > !CUSTOM_DKIM_WL_EXCEPTIONS > describe CUSTOM_DKIM_OK All other whitelisted senders > score CUSTOM_DKIM_OK -100 > > On Mon, Nov 14, 2022 at 3:56 PM Shawn Iverson <shawniver...@gmail.com> > wrote: > >> So what I'm going to do is turn shortcircuit off for >> USER_IN_DKIM_WHITELIST >> >> Create a meta to catch papal.com as the from address and score >> appropriately >> Create a counter meta to score other deserving DKIM-signers appropriately >> >> On Mon, Nov 14, 2022 at 3:43 PM Alan Hodgson <ahodg...@lists.simkin.ca> >> wrote: >> >>> On Mon, 2022-11-14 at 15:14 -0500, Shawn Iverson wrote: >>> > How do I stop this? paypal.com is in the default DKIM whitelist! >>> > >>> >>> That message really looks like it came from Paypal and then was >>> forwarded by Microsoft to your server. Was it really a fake? That's a >>> lot of headers to fake if so. >>> >>> If it was really fake and that paypal-supplied DKIM signature doesn't >>> validate (I didn't check that), then checking DMARC when you receive >>> mail and rejecting on p=reject failures would block it. >>> >>