Hi Alex,
There is a plugin that may help in here...
https://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Plugin_URIDetail.html
so a rule like this as a first protoype may help:
uri_detail FAKE_URL_FILE_TYPE text =~ /\.pdf\b/i cleaned =~
/\.(zip|docx)\b/i
Hi, I received an email that was tagged as spam for other reasons, but
I'd like to write a rule that catches the attempt to present a ZIP as
a PDF file.
href="https://securesite.fdsit.net/uu/Propuesta-estrategia.zip;
rel="noopener noreferrer"
No, because DKIM is verifying the unmodified header/body (more complicated
than that).
--
Kevin A. McGrail
Asst. Treasurer & VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171
On Mon, Mar 19, 2018 at 11:55 AM,
On 19/03/18 15:53, Bill Cole wrote:
On 19 Mar 2018, at 11:29, Sebastian Arcus wrote:
I've been seeing a number of false positives recently from
T_DKIM_INVALID with Gmail emails. Are some Gmail servers
misconfigured, or could something be going on at my end? The DKIM
record which is flagged
On 19 Mar 2018, at 11:29, Sebastian Arcus wrote:
I've been seeing a number of false positives recently from
T_DKIM_INVALID with Gmail emails. Are some Gmail servers
misconfigured, or could something be going on at my end? The DKIM
record which is flagged as invalid is below:
DKIM-Signature:
What glue are you using for SA?
DKIM is pretty fragile depending on the signature and implementation. One
\n\r changed to \n for example which some SMTP transports will do can cause
a failure.
I pretty much consider DKIM a 100% if it works and generally worthless if
it fails technology right
I've been seeing a number of false positives recently from
T_DKIM_INVALID with Gmail emails. Are some Gmail servers misconfigured,
or could something be going on at my end? The DKIM record which is
flagged as invalid is below:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
