0

I'm using postfix+dovecot+amavis-new+clamav+spamassassin+postgrey on my Ubuntu based VPS. Since some days i'm receiving a lot of spam, with a low level of spam score in headers. Common for all spam email is:

Authentication-Results: xxx.xxx.xx (amavisd-new);
dkim=pass (1024-bit key) header.d=bivaiatia.com;
domainkeys=fail (1024-bit key)
reason="fail (message has been altered)"
header.from=ewayzptpznfigiel@bivaiatia.com header.d=bivaiatia.com

Domains are changing randomly, but always "domainkeys=fail (1024-bit key) reason="fail (message has been altered)" is present.

I configured my server follwing those instructions: https://www.exratione.com/2019/02/a-mailserver-on-ubuntu-18-04-postfix-dovecot-mysql/

Full headers:

Return-Path: <damianebetjtd@suickjunk.com>
  Delivered-To: my@email.address
  Received: from localhost (localhost [127.0.0.1])
  by my.host (Postfix) with ESMTP id 3178B3F859
  for <my@email.address>; Thu,  5 Sep 2019 02:02:10 +0200 (CEST)
  X-Virus-Scanned: Debian amavisd-new at my.host
  X-Spam-Flag: NO
  X-Spam-Score: 0.838
  X-Spam-Level:
  X-Spam-Status: No, score=0.838 tagged_above=-9999 required=5
  tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
    DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_20=0.7, HTML_MESSAGE=0.001,
    HTML_SHORT_LINK_IMG_3=0.328, NO_RECEIVED=-0.001, NO_RELAYS=-0.001,
    T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001]
    autolearn=no autolearn_force=no
  Authentication-Results: my.host (amavisd-new);
    dkim=pass (1024-bit key) header.d=suickjunk.com;
    domainkeys=fail (1024-bit key)
    reason="fail (message has been altered)"
    header.from=damianebetjtd@suickjunk.com header.d=suickjunk.com
  Received: from my.host ([127.0.0.1])
    by localhost (my.host [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id HBZSDG9Mpc9S for <my@email.address>;
    Thu,  5 Sep 2019 02:02:08 +0200 (CEST)
  Received-SPF: Permerror (mailfrom) identity=mailfrom; client-ip=63.83.73.155; helo=driving.suickjunk.com; envelope-from=damianebetjtd@suickjunk.com; receiver=<UNKNOWN> 
  X-Greylist: delayed 675 seconds by postgrey-1.36 at my.host; Thu, 05 Sep 2019 02:02:07 CEST
  DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dkim; d=suickjunk.com;
  h=Date:From:Message-ID:List-Unsubscribe:MIME-Version:To:Subject:Content-Type:Content-Transfer-Encoding; i=damianebetjtd@suickjunk.com;
  bh=ukoN66cAIBhuG6MFGHB7ssd4v2g=;
  b=AOccOlPGVsgDcCHWP0BzRjCdzYCYn5EesnGqKME8KRHbxlB2FKrP/rZ+yx4WJDhuU9QUgzJjxYud
   S1Jgqk2FEqv3lInKEPXjDyfVBh5HzADQJJ7FMYktU7J8lv4F/59znh4GZ8GQNhPh+IUL4VtpYzEM
   NCpNl13IYZo+q29uVmA=
  DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=dkim; d=suickjunk.com;
  b=lamzIt1CR6acLJGyNXIrmE3KThzEp8GHXtUUVbjEchF3AMzUcCVdwILqfd3Nm8rxwFv+cK3jfaZh
   nbyqvzixMi6DMfzD52rpc8DMQPJX17AxOPEZ0pRivQ651qym0wDU1RSsx5dDB0URF299l02PIdfs
   u1PNsA4oef9GakE+t/E=;
  Date: Thu, 5 Sep 2019 01:48:13 +0200
  From: =?UTF-8?Q?Damian?= <damianebetjtd@suickjunk.com>
  X-Report-Abuse:  <http://suickjunk.com/aa.php?a=7m8f314174206kfypxje3chh5exs33m5g1fusq>
  Message-ID: <910515ibuihzxajpyvvjjnydmgsdlqfc@hx.suickjunk.com>
  List-Unsubscribe:  <http://suickjunk.com/ub.php?b=7m8f314174206kfypxje3chh5exs33m5g1fusq>
  MIME-Version: 1.0
  To:  <my@email.address>
  Subject: =?UTF-8?Q?M=C4=99cz=C4=85_Ci=C4=99_reflektory_aut_w_nocy=3F_Chro=C5=84_oczy,_teraz_masz_te=C5=BC_okulary_przeciws=C5=82oneczne?=
  Precedence: bulk
msc3
  • 1
  • 2

1 Answers1

0

Don't use this chaotic bunch of milters. Use Rspamd - it already has all of the old antispam filters built-in (Bayes analyzer, greylist module, opendkim module, clamav connector) plus a bunch of new (neural network analyzer, DCC, fuzzy module) and nowadays is a new (well, I actually cannot call it new - I am using it for 5 years now) industry standard. Much more straifgtforward in configuration and much more performance-capable. No Perl inside (however, if you want, you can use Lua for custom scripting).

As for SpamAssassin - it's long gone. Still doesn't support UTF-8, thus doesn't support proper Bayesian analysis and self-written custom rules.

drookie
  • 8,625
  • 1
  • 19
  • 29