I have postfix/dovecot running with spamassassin on Centos.
PROBLEM:
- The VPS acts as a mail server
- Spamassassin edits the email subject and adds [SPAM}
- Ms. Outlook on Windows moves those emails to the Junk folder
- The above happens ONLY if an email is sent from the VPS to another address on the same VPS machine
- The above problems does NOT happen if I send emails from this VPS to another email account on antoher server that also uses Spamassassin
I have Wordpress blogs with WP_SMTP plugin. And they're configured to use SMTP to send emails.
When I send emails from contact forms on the blogs, I receive emails in the "SPAM" folder. I noticed that the headers are:
spamd[12042]: spamd: result: . 0 - ALL_TRUSTED,DKIM_INVALID,DKIM_SIGNED,HTML_MESSAGE,T_SCC_BODY_TEXT_LINE scantime=30.1,size=3544,user=vmail,uid=994,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=56530,mid=<023501d860a6$aba8e580$02fab080$@mydomain.com>,autolearn=no autolearn_force=no
WP_SMTP has a test feature. I can choose to which email address send a test email.
If I choose one of the email addresses handled by my post server, they also are marked with DKIM_INVALID.
However if I send exactly the same test email to mail-tester.com this is what I get: https://www.mail-tester.com/test-5oyf5qlg5
10/10 and DKIM is fine.
Also dmarcian says DKIM is fine.
When I send an email from my server to a different email on my server (on different domains), they also get DKIM_INVALID.
Can anyone please help to make spamassassin stop marking emails sent from Server X to Server X as spam (DKIM_INVALID)?
Or maybe I can get more info, logs, etc that can help to find an answer to this problem?
IMPORTANT!
The server is using Unbound. I had to use Unbound, because Spamassassin was reporting:
ALL_TRUSTED,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FROM_IN_TO_AND_SUBJ,HTML_MESSAGE,MIME_HTML_ONLY,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED
And I was told that many blacklisting services don’t allow queries from freely available DNS servers, and that includes (or may include) whatever DNS my provider provides me fro DHCP/
As soon as I start to use Unbound and I change
/etc/resolv.conf
options trust-ad
; generated by /usr/sbin/dhclient-script
search localdomain
nameserver 62.149.128.4
nameserver 62.149.132.4
nameserver 2001:4860:4860::8888
to:
nameserver ::1
nameserver 127.0.0.1
options trust-ad
Spamassassin stops adding URIBL_BLOCKED and starts adding DKIM_INVALID
EDIT - new test on dkimvalidator:
DKIM Information:
DKIM Signature
Message contains this DKIM Signature:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=anahatatantra.com;
s=default; t=1651780260;
bh=WOwAVylmbsjOThr0t5u3PrLcNjOVp9SrbUgzVixBh7I=;
h=From:To:Subject:Date;
b=DCJ9L1ik8gcbohyaqB4pXqcmqa32+Y3F7sbSDnqQ7M1S0D/5/MdfEd1b2MIh8HQfB
Mpui8c2TdpbDSmakosk99bgBPjFHe5i3cW1lmxJKrIlT5/wBvRVejg+PtmnIbIre+S
XNakG1D1AzcUmpv2fBVoZGFv+0eT9Hub0LM5ouV4=
Signature Information:
v= Version: 1
a= Algorithm: rsa-sha256
c= Method: relaxed/simple
d= Domain: anahatatantra.com
s= Selector: default
q= Protocol:
bh= WOwAVylmbsjOThr0t5u3PrLcNjOVp9SrbUgzVixBh7I=
h= Signed Headers: From:To:Subject:Date
b= Data: DCJ9L1ik8gcbohyaqB4pXqcmqa32+Y3F7sbSDnqQ7M1S0D/5/MdfEd1b2MIh8HQfB
Mpui8c2TdpbDSmakosk99bgBPjFHe5i3cW1lmxJKrIlT5/wBvRVejg+PtmnIbIre+S
XNakG1D1AzcUmpv2fBVoZGFv+0eT9Hub0LM5ouV4=
Public Key DNS Lookup
Building DNS Query for default._domainkey.anahatatantra.com
Retrieved this publickey from DNS: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCXSuXbbxQjrqMX01rwXL8qMwUxCZrjFPnZokm6TyCj9bY5c96148UKFfiOWcfAhTmIC//pL3f08Pk8scBSM34pRQ8mYQhhjnXR2JMPIeJOZ9eAparHJfxk6PNd/5O/aXzVC+1RFtSWLaUilnA+Jdafkhe/4zZ8/kKMuzxaatGXcwIDAQAB
Validating Signature
result = pass
Details:
The test passes.
Thus seems to me there is no difference to emails sent "outside", for example to mail-tester, or dkimvalidator.
The problem seems to be only server related, when emails are sent from the same server to the same server.
