I start to investigate the spam issue I have with #Yunohost
1) Rspamd is running correctly
2) None of the spam have Headers with a score
3) The spam has been analysed by rspamd
4) My spams have all a corrupt DKIM header ( not even an invalid sign )
I my first thought, i need to push higher the DKIM score check.
The current score is 3.45 for this spam. I think the threshold is 4 for graylist and 8 for add header.
I don't even know what I'm doing
Extract from mail text sources (.eml) IP address
grep -rhoP 'Received: from .+' . | sed "s/.*\[\(.\+\)\].*/\1/" | sort | uniq
#SpamStory I investigate in depth one spam html ( the amazon one ), you got there at the end of 50 clicks and forms https://playallhere.com/fr/gateway.html
#SpamStory they even do silly A/B testing random redirection
With the same link
First I got Iphone for 2$
Second time I got here https://www.machance-fra.com/fr/
#SpamStory continue I found 2 IPs ranges and contact abuse email but I havn't a lot of faith about that, then I will investigate in the content of each email and extract base64 encodind then investigate the HTML body, extract links, domains, whois and stuff