30.08.2013 12:45, Martin Gregorie kirjoitti: > On Thu, 2013-08-29 at 05:42 -0700, Neil Schwartzman wrote: >> On Aug 29, 2013, at 4:40 AM, RW <rwmailli...@googlemail.com> wrote: >> >>> On Thu, 29 Aug 2013 00:55:29 +0200 >>> Michael Schaap wrote: >>> >>>> On 29-Aug-2013 00:30, John Hardin wrote: >>>>> On Wed, 28 Aug 2013, Michael Schaap wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> I'm getting loads of fake LinkedIn invites, most of which aren't >>>>>> caught by SpamAssassin. >>>>>> Does anyone have a good SpamAssassin rule to catch those, while >>>>>> letting real LinkedIn invites through? >>>>> Do they fail SPF or DKIM? >>>>> >>>> The "From:" header is at linkedin dot com, but the envelope sender is >>>> a random address >>> I'm guessing that legitimate linkedin mail has something other than a >>> random address in its envelope sender. >> >> no need to guess >> > The headers you've sent don't contain an envelope sender (the "From" > header) or a "From:" header. > > What is the domain name in the "Message-ID:" header of a genuine > LinkedIn message? Another possibility would be to reject anything that > claims to be "From:" LinkedIn but doesn't have the appropriate domain > name in its message id. > >> Received: by 10.217.45.68 with SMTP id a46csp19989wew; Wed, 28 Aug 2013 >> 13:57:59 -0700 (PDT) >> Received: from leila.iecc.com (leila6.iecc.com. >> [2001:470:1f07:1126:0:4c:6569:6c61]) by mx.google.com with ESMTPS id >> x3si106237qas.146.1969.12.31.16.00.00 (version=TLSv1 cipher=RC4-SHA >> bits=128/128); Wed, 28 Aug 2013 13:57:58 -0700 (PDT) >> Received: (qmail 12685 invoked by uid 1014); 28 Aug 2013 20:57:57 -0000 >> Received: (qmail 12680 invoked from network); 28 Aug 2013 20:57:57 -0000 >> Received: from mailc-fa.linkedin.com (mailc-fa.linkedin.com >> [199.101.162.77]) by smtp.abuse.net ([64.57.183.109]) with ESMTP via TCP >> port 34167/25 id 539419450; 28 Aug 2013 20:57:53 -0000 >> X-Received: by 10.229.179.137 with SMTP id >> bq9mr10582950qcb.11.1377723478996; Wed, 28 Aug 2013 13:57:58 -0700 (PDT) >> Return-Path: >> <m-pnhvq1bocym0uxg7j38mb1bv9rrmgop7tfdwzeyglxbmrduf...@bounce.linkedin.com> >> Received-Spf: softfail (google.com: domain of transitioning >> m-pnhvq1bocym0uxg7j38mb1bv9rrmgop7tfdwzeyglxbmrduf...@bounce.linkedin.com >> does not designate 2001:470:1f07:1126:0:4c:6569:6c61 as permitted sender) >> client-ip=2001:470:1f07:1126:0:4c:6569:6c61; >> Authentication-Results: mx.google.com; spf=softfail (google.com: domain of >> transitioning >> m-pnhvq1bocym0uxg7j38mb1bv9rrmgop7tfdwzeyglxbmrduf...@bounce.linkedin.com >> does not designate 2001:470:1f07:1126:0:4c:6569:6c61 as permitted sender) >> smtp.mail=m-pnhvq1bocym0uxg7j38mb1bv9rrmgop7tfdwzeyglxbmrduf...@bounce.linkedin.com; >> dkim=pass header.i=@linkedin.com; dmarc=pass (p=REJECT dis=NONE) >> d=linkedin.com >> Authentication-Results: iecc.com; spf=pass >> spf.mailfrom=m-pnhvq1bocym0uxg7j38mb1bv9rrmgop7tfdwzeyglxbmrduf...@bounce.linkedin.com >> spf.helo=mailc-fa.linkedin.com; dkim=pass header.d=linkedin.com >> header.b="yTQxEigD"; dmarc=pass header.from=linkedin.com policy=reject >> X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on leila.iecc.com >> X-Spam-Level: >> X-Spam-Status: No, score=-12.6 required=4.4 tests=DKIM_SIGNED,DKIM_VALID, >> DKIM_VALID_AU,HTML_MESSAGE,RCVD_IN_DNSWL_HI,RCVD_IN_RP_CERTIFIED, >> RCVD_IN_RP_SAFE,RP_MATCHES_RCVD autolearn=unavailable version=3.3.2 >> Domainkey-Signature: q=dns; a=rsa-sha1; c=nofws; s=prod; d=linkedin.com; >> h=DKIM-Signature:Sender:Date:From:To:Message-ID:Subject:MIME-Version:Content-Type:X-LinkedIn-Template:X-LinkedIn-Class:X-LinkedIn-fbl; >> b=LeVz8j1vCA5eInVlQoy1R2cc1m/KJfCNOIy5A2oT9InYxvEtsqqPICJbTROiCnxV >> XhZhEtvh/z/E9qxYnqjrs8jsPNaiPoS3k/2giZoCAviri4PtQUa0ItD2SpYN3iUh >> Dkim-Signature: v=1; a=rsa-sha1; d=linkedin.com; s=proddkim1024; >> c=relaxed/relaxed; q=dns/txt; i=@linkedin.com; t=1377723459; >> h=From:Subject:Date:To:MIME-Version:Content-Type:X-LinkedIn-Class:X-LinkedIn-fbl: >> X-LinkedIn-Template; bh=M1AJY3ogQKLz5Vc1bK3tB2dbd58=; >> b=yTQxEigDySwE9gynJ5UlILn2G6myZ9XiHShT5BhUjukBwllSRqgBaf/7BAiDD4Ku >> 7OPkXtp14RZzykua0KXcIayOc+xpL2EriMQVX5mDkjbriBF5sFGK1kk+WqnGIIjk >> HRgzzsg2CDIY34jlet+qfM9+BiEEs3WYi+q5hmun0m0=; >> Sender: messages-nore...@bounce.linkedin.com >> Message-Id: >> <1271127196.48543013.1377723459176.javamail....@ela4-app2520.prod> >> Mime-Version: 1.0 >> Content-Type: multipart/alternative; >> boundary="----=_Part_48543007_1435785298.1377723459174" >> X-Linkedin-Template: anet_digest_type >> X-Linkedin-Class: GROUPDIGEST >> X-Linkedin-Fbl: m-pNHvq1bOcYM0uxG7j38mb1bv9RRMgop7tfdwzEyGlxBMrDufU1n >> X-Dcc-Iecc-Metrics: leila.iecc.com 1107; Body=1 Fuz1=1 Fuz2=1 >> >> > >
I test DKIM_VALID_AU. It works with Facebook and Linked-in. -- jarif.bit
signature.asc
Description: OpenPGP digital signature