Re: [exim] Is that SPAM? Or am I compromised?

2023-03-13 Thread Gedalya via Exim-users
On 3/14/23 08:07, Jeremy Harris via Exim-users wrote: > Only authentication methods which are self-encrypted should be used on a  > cleartext channel. Further, I'm not aware of clients which have the specific behavior of switching to TLS after authentication. While we're at it, will Exim or

Re: [exim] Is that SPAM? Or am I compromised?

2023-03-13 Thread Gedalya via Exim-users
On 3/14/23 08:07, Jeremy Harris via Exim-users wrote: > On 13/03/2023 23:43, Gedalya via Exim-users wrote: >> 4. On ports 587, authentication should not be advertised before STARTTLS is >> issued. > > A slight suggested relaxation of that rule:  Only authentication methods > which are

Re: [exim] Is that SPAM? Or am I compromised?

2023-03-13 Thread Jeremy Harris via Exim-users
On 13/03/2023 23:43, Gedalya via Exim-users wrote: 4. On ports 587, authentication should not be advertised before STARTTLS is issued. A slight suggested relaxation of that rule: Only authentication methods which are self-encrypted should be used on a cleartext channel. That mean the same

Re: [exim] expansion error in OAuth2 client authenticator

2023-03-13 Thread Victor Ustugov via Exim-users
Jeremy Harris via Exim-users wrote on 14.03.2023 00:00: > On 12/03/2023 21:51, Victor Ustugov via Exim-users wrote: >> Rather, the lack of SNI support does not prevent me from getting >> response to access token refresh request. But Exim puts certificate >> verification error message into the

Re: [exim] Is that SPAM? Or am I compromised?

2023-03-13 Thread Gedalya via Exim-users
On 3/14/23 05:57, Yves via Exim-users wrote: > Yes, it is just that most emails I receive are sent through ISPs or from > commercial companies, and go through a bunch of internal relays. Although > completely standard, such direct emails are rare enough for me that I noticed… Spam is very

Re: [exim] expansion error in OAuth2 client authenticator

2023-03-13 Thread Jeremy Harris via Exim-users
On 12/03/2023 21:51, Victor Ustugov via Exim-users wrote: Rather, the lack of SNI support does not prevent me from getting response to access token refresh request. But Exim puts certificate verification error message into the logs. Having found a way of doing basic functionality testing of

Re: [exim] Is that SPAM? Or am I compromised?

2023-03-13 Thread Yves via Exim-users
Thank you Gedalya for answering. On 13/03/2023 12:02, Gedalya via Exim-users wrote: On 3/13/23 05:34, Yves via Exim-users wrote: — This email went through very few intermediaries to reach my server (yalis.fr). Apparently, it actually came directly from the sender (a Palestinian ISP). > Why

Re: [exim] Is that SPAM? Or am I compromised?

2023-03-13 Thread Slavko via Exim-users
Hi, Dňa 13. marca 2023 19:12:20 UTC používateľ Yves via Exim-users napísal: >which returned nothing, and $?==0. So the signature is valid! I never used OpenDKIM, thus i cannot comment. >I checked per your advice on the server: > >[root@seuil3 etc]# journalctl --grep 640E42D8.7020207 >mars 12

Re: [exim] Is that SPAM? Or am I compromised?

2023-03-13 Thread Gedalya via Exim-users
On 3/14/23 03:12, Yves via Exim-users wrote: > Could it be that the message is signed when I receive it Try to run: exim -bV See if the output includes a line resembling -- Configuration file is /etc/exim4/exim4.conf Examine the file and look for lines containing "dkim_private_key",

Re: [exim] Is that SPAM? Or am I compromised?

2023-03-13 Thread Gedalya via Exim-users
On 3/14/23 03:12, Yves via Exim-users wrote: > > opendkim-testmsg <./"Hey, what's up? - - 2023-03-12 2223.eml" > > which returned nothing, and $?==0. So the signature is valid! > > [root@seuil3 etc]# journalctl --grep 640E42D8.7020207 > mars 12 20:23:47 seuil3 spamd[522247]: spamd: checking

Re: [exim] Is that SPAM? Or am I compromised?

2023-03-13 Thread Yves via Exim-users
Thank you Slavko for your answer. On 13/03/2023 10:28, Slavko via Exim-users wrote: Dňa 12. 3. o 22:34 Yves via Exim-users napísal(a): […] — There is a DKIM signature done by my own server (d=yalis.fr), which includes the From header, and that header is @yalis.fr. Can be DKIM replay, it can

Re: [exim] Is that SPAM? Or am I compromised?

2023-03-13 Thread Lena--- via Exim-users
> From: exi.ml @ yalis.fr > > I just received a SPAM (I hope), but the headers retained my attention; > here they are, in full: An infected Windows sent this common fraudulent spam with the same email address in From: and envelope-from as the recipient. And the same domain in Message-ID. >

Re: [exim] Is that SPAM? Or am I compromised?

2023-03-13 Thread Gedalya via Exim-users
On 3/13/23 05:34, Yves via Exim-users wrote: > > I am surprised by a few things: > > — This email went through very few intermediaries to reach my server > (yalis.fr). Apparently, it actually came directly from the sender (a > Palestinian ISP). Why would that surprise you? They just did exactly

Re: [exim] Is that SPAM? Or am I compromised?

2023-03-13 Thread Slavko via Exim-users
Dňa 12. 3. o 22:34 Yves via Exim-users napísal(a): I have no solution for you, but some comments: — This email went through very few intermediaries to reach my server (yalis.fr). Apparently, it actually came directly from the sender (a Palestinian ISP). Received: headers can be faked,