Rob McEwen skrev den 2023-02-21 23:17:
I dug a little deeper on this. I'm pretty sure that FROM_PAYPAL_SPOOF
is triggered at least in part by __NOT_SPOOFED being set to "false" -
and DKIM failing does (or can) cause __NOT_SPOOFED to be false - and
so in this case a failed DKIM validation, that most likely worked when
the message was originally sent - is what's now causing this chain
reaction. It's highly doubtful that this rule would have hit at the
time the message was received.
grep -r FROM_PAYPAL_SPOOF /path-to-spamassassin-rules-dir/
why not report it to dnswl.org ?, or other low hanging fruts ?
i am not impressive on people that makes spamassassin rules cant use
grep
back to my own problem on not getting any paypal emails :)
