I start to investigate the spam issue I have with #Yunohost
1) Rspamd is running correctly
2) None of the spam have Headers with a score
3) The spam has been analysed by rspamd
4) My spams have all a corrupt DKIM header ( not even an invalid sign )
I my first thought, i need to push higher the DKIM score check.
The current score is 3.45 for this spam. I think the threshold is 4 for graylist and 8 for add header.
I don't even know what I'm doing
Investigation and learning rspamd continue, I ssh port forward the webui of rspam it's cool. I know how dkim signing work but I haven't a clue about what symbol to change ... HELP HELP
Further investigation demonstrate that my spams are signed correctly with DKIM. So I will attack another angle : NIKER LES SPAMMEURS ALA RACINE🔥 🔥 🔥 🔥 🔥 🔥
Currently regrouping the pieces of shit, and export it and we will play few grep and stuff to extract some interesting information
Extract from mail text sources (.eml) IP address
grep -rhoP 'Received: from .+' . | sed "s/.*\[\(.\+\)\].*/\1/" | sort | uniq
#SpamStory I investigate in depth one spam html ( the amazon one ), you got there at the end of 50 clicks and forms https://playallhere.com/fr/gateway.html
#SpamStory they even do silly A/B testing random redirection
With the same link
First I got Iphone for 2$
Second time I got here https://www.machance-fra.com/fr/
#SpamStory continue I found 2 IPs ranges and contact abuse email but I havn't a lot of faith about that, then I will investigate in the content of each email and extract base64 encodind then investigate the HTML body, extract links, domains, whois and stuff