Hi, On Tue, Jun 21, 2016 at 4:04 AM, Merijn van den Kroonenberg <mer...@web2all.nl> wrote: >> Hi, >> >> We've been having a problem with phishing attacks by spoofing the >> MAILFROM and From address. [snip] > >> The message passes DKIM: >> >> -0.1 DKIM_VALID Message has at least one valid DKIM or DK >> signature >> 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not >> necessarily valid >> >> DKIM-Signature: [snip] > >> but running the message through spamassassin again with the whitelist >> entry doesn't actually whitelist the message. > > I notice it doesn't hit DKIM_VALID_AU. Which basically is the thing you > want to check, since it means the message is not just signed by a random > domain, but by the domain of the author.
It didn't hit DKIM_VALID_AU, but I know the message is legitimate. What could that mean? > So I assume the dkim whitelists check this too (against From and mailfrom?). Then it's fair to say that USER_IN_DKIM_WHITELIST only considers DKIM_VALID_AU? If someone could explain how this all goes together, I'd sure appreciate it.
