| SYSTEM INFORMATION | |
|---|---|
| OS type and version | Ubuntu Linux 24.04.4 |
| Webmin version | 2.621 |
| Usermin version | 2.521 |
| Virtualmin version | 8.1.0 Professional |
| Theme version | 26.22 |
| Apache version | 2.4.58 |
| Package updates | All installed packages are up to date |
Is it just me, or does it seem like sometime in the last month spam email has become very good at defeating the SpamAssasin server in Virtualmin?
I started noticing this about a month ago, and attributed it to all the data hacks happening as well as AI spam.. But a few days ago I was poking around the logs and found warnings in the βvar/log/mail/logβ
2026-03-27T17:05:21.770949-07:00 liberty spamd[463985]: check: dns_block_rule RCVD_IN_ZEN_BLOCKED_OPENDNS hit, creating /root/.spamassassin/dnsblock_zen.spamhaus.org (This means DNSBL blocked you due to too many queries. Set all affected rules score to 0, or use "dns_query_restriction deny zen.spamhaus.org" to disable queries)
β¦for all of the default SpamAssassin dnsbl lists. So after some research I found that adding
dns_server 127.0.0.1
to β/etc/spamassassin/local.cfβ would fix this, which it did absolutely stop all spam email. I said βoh, that was the problemβ.
Then 3 days later all the spam is back now. I re-checked the logs and the original 'dns_block_rule β errors are not there, but the spam is still getting past Spam assassin.
I started looking at the headers of the spam emails, and noticed a few things:
-Their from address, and server is never the same (not a suprise)
-They all pass the βscoreβ and βbayesβ tests
X-Spam-Status: No, score=3.5 required=5.0 tests=BAYES_50,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_PASS,
HTML_FONT_LOW_CONTRAST,HTML_MESSAGE,RCVD_IN_MSPIKE_BL,
RCVD_IN_MSPIKE_ZBI,RCVD_IN_SBL,SPF_HELO_PASS,SPF_PASS,URIBL_SBL_A
They all have a lot of hidden html/text that resembles a email communication chain back and forth between two people. I think this is what is getting it bast the SA filters. Iβve pasted a full header example below.
The majority of what is here is not visible in the email, the only visible part is the email section about Omaha Steaksβ¦
I do not see any settings for SA to stop this other than turning on Bayes. Is there a way to combat this in SA?
Email Header:
Return-Path: <omahasteaksample@yogalevels.com>
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on
server.redacted.com
X-Spam-Level: ***
X-Spam-Status: No, score=3.5 required=5.0 tests=BAYES_50,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_PASS,
HTML_FONT_LOW_CONTRAST,HTML_MESSAGE,RCVD_IN_MSPIKE_BL,
RCVD_IN_MSPIKE_ZBI,RCVD_IN_SBL,SPF_HELO_PASS,SPF_PASS,URIBL_SBL_A
autolearn=no autolearn_force=no version=4.0.0
X-Original-To: email@redacted.com
Delivered-To: email.com@server.redacted.com
Authentication-Results: redacted.com;
dkim=pass (2048-bit key; unprotected) header.d=yogalevels.com header.i=omahasteaksample@yogalevels.com header.a=rsa-sha256 header.s=mtaxjcwx5mpom header.b=kzIYAjot;
dkim-atps=neutral
Received: from mx1.yogalevels.com (legend9025.texasrealestatr.com [202.168.82.50])
by redacted.com (Postfix) with ESMTP id B79216414BC
for <email@redacted.com>; Mon, 30 Mar 2026 11:00:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=mtaxjcwx5mpom; d=yogalevels.com;
h=Date:To:Reply-To:From:List-Unsubscribe:MIME-Version:Subject:Message-ID:
Content-Type; i=omahasteaksample@yogalevels.com;
bh=sjcpvaYqeIxVa5jh4CeY03/VCUx4XC2VJG2RA3uaVcg=;
b=...redacted...
Date: Mon, 30 Mar 2026 14:00:07 -0400
To: email@redacted.com
Reply-To: omahasteaksample@yogalevels.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
From: Omaha Steak Sample <omahasteaksample@yogalevels.com>
List-Unsubscribe: <https://unsubscribe.yogalevels.com/vktxmkst>
MIME-Version: 1.0
Subject: 0maha-Steak's Brings You A Steak SampIer - 0nly 5OO Remaining - This Day 0nly
Message-ID: <aimxyhyfue_770540iaimxyhyfueokstfohvq@yogalevels.com>
Content-Type: multipart/alternative; boundary="----=_HtmlBoundarytstlibcl7244"
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (redacted.com [0.0.0.0]); Mon, 30 Mar 2026 11:00:18 -0700 (PDT)
------=_HtmlBoundarytstlibcl7244
Content-Type: text/plain; charset="UTF-8"
Thanks for asking about the meeting schedule for next week.
I checked the room list this morning, and the small conference room is open on Tuesday and Thursday after lunch. If that works for everyone, I think Tuesday would be smoother because Sam said he needs Wednesday to finish the draft notes. We should also leave a little extra time at the start since people usually trickle in with questions from the earlier session.
As for the outline, I would keep it simple: quick introductions, recap of the pending items, then a short walkthrough of the updated checklist. I can bring the printed agenda if you want, and I can also jot down action items while everyone talks. If you want me to send reminders, just tell me whether morning or late afternoon is better for the group, and I will put something together that feels clear and easy to follow.
Omaha Steaks
Hand-selected cuts, prepared with care
Your Omaha Steaks sampler details
Recipients may receive a gourmet steak sampler provided at no charge. Omaha Steaks is making 500 gourmet boxes available, one sampler per household, and this offer ends Tomorrow.
See whatΓ’β¬β’s included
This message confirms that participants may receive an Omaha Steaks Gourmet Sampler, with each box normally priced over $600 and covered by the program for this offer. If you use this email, you will not be billed for the sampler, and quantities are determined by program allocation.
Each cut is hand-selected and flash-frozen to lock in exceptional flavor. Please note that only one sampler may be sent to each household, and the available allocation is set at 500 boxes for this announcement period ending Tomorrow.
Inside Your Box
6 Top Sirloins
4 Filet Mignons
4 New York Strips
4 Ribeyes
Availability is based on the stated program allocation and household limit.
Thanks for taking a moment to review this announcement.
Γ
I meant to answer your question about the workshop plan in more detail.
Yes, a shorter session would probably work better, especially if the main goal is to gather input rather than cover every topic at once. I would start with the practical items first, like who is bringing materials, who is greeting people at the door, and whether we need extra chairs pulled in before everyone arrives. That usually keeps things calm and avoids a rushed start.
For the discussion portion, I think it helps to keep each section focused on one problem at a time. If the team jumps between ideas too quickly, the notes become hard to sort later. I can organize the talking points into three small sections and leave room at the end for follow-up questions. If you want, send me the rough timing you had in mind and I can turn it into a clean outline with easy transitions so it feels orderly without being too formal.
------=_HtmlBoundarytstlibcl7244
Content-Type: text/html; charset="UTF-8"
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="x-ua-compatible" content="ie=edge">
</head>
<body style="margin:0; padding:0; background-color:#faf6f0; font-family:Arial, Helvetica, sans-serif; color:#2f2f2f;">
<div style="clip-path: inset(100%); clip: rect(1px, 1px, 1px, 1px); height: 1px; overflow: hidden; position: absolute; white-space: nowrap; width: 1px; font-family: 'Arial Black', Gadget, sans-serif;">
Thanks for asking about the meeting schedule for next week.<br>
I checked the room list this morning, and the small conference room is open on Tuesday and Thursday after lunch. If that works for everyone, I think Tuesday would be smoother because Sam said he needs Wednesday to finish the draft notes. We should also leave a little extra time at the start since people usually trickle in with questions from the earlier session.<br>
As for the outline, I would keep it simple: quick introductions, recap of the pending items, then a short walkthrough of the updated checklist. I can bring the printed agenda if you want, and I can also jot down action items while everyone talks. If you want me to send reminders, just tell me whether morning or late afternoon is better for the group, and I will put something together that feels clear and easy to follow.
</div>
<table role="presentation" cellpadding="0" cellspacing="0" border="0" width="100%" style="background-color:#faf6f0; margin:0; padding:0;">
<tr>
<td align="center" style="padding:24px 12px 32px 12px;">
<table role="presentation" cellpadding="0" cellspacing="0" border="0" width="620" style="width:100%; max-width:620px; background-color:#ffffff; border:1px solid #e3dbd2;">
<tr>
<td style="padding:0;">
<table role="presentation" cellpadding="0" cellspacing="0" border="0" width="100%">
<tr>
<td align="center" style="padding:30px 24px 14px 24px; border-bottom:1px solid #d9d1c8;">
<div style="font-size:34px; line-height:38px; font-weight:700; color:#8d191f; letter-spacing:0.4px;">
<span style="color:#8d191f;">Omaha</span> <span style="color:#8d191f;">Steaks</span>
</div>
<div style="font-size:14px; line-height:22px; color:#6f6f6f; padding-top:8px;">Hand-selected cuts, prepared with care</div>
</td>
</tr>
<tr>
<td style="padding:26px 28px 10px 28px;">
<table role="presentation" cellpadding="0" cellspacing="0" border="0" width="100%">
<tr>
<td style="border-left:4px solid #c9a046; padding:2px 0 2px 14px;">
<div style="font-size:28px; line-height:36px; font-weight:700; color:#2a2a2a;">Your Omaha Steaks sampler details</div>
<div style="font-size:16px; line-height:25px; color:#5f5f5f; padding-top:8px;">Recipients may receive a gourmet steak sampler provided at no charge. Omaha Steaks is making 500 gourmet boxes available, one sampler per household, and this offer ends Tomorrow.</div>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td align="center" style="padding:16px 28px 8px 28px;">
<table role="presentation" cellpadding="0" cellspacing="0" border="0">
<tr>
<td align="center" bgcolor="#8d191f" style="border-radius:8px; box-shadow:0 2px 6px rgba(0,0,0,0.10);">
<a href="http://www.yogalevels.com/stepahead_main/6xoet5fy" style="display:inline-block; padding:14px 24px; font-size:16px; line-height:18px; font-weight:700; color:#ffffff; text-decoration:none; border-radius:8px;">See whatΓ’β¬β’s included</a>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td style="padding:12px 28px 0 28px;">
<div style="font-size:15px; line-height:24px; color:#3a3a3a;">This message confirms that participants may receive an Omaha Steaks Gourmet Sampler, with each box normally priced over $600 and covered by the program for this offer. If you use this email, you will not be billed for the sampler, and quantities are determined by program allocation.</div>
</td>
</tr>
<tr>
<td style="padding:14px 28px 0 28px;">
<div style="font-size:15px; line-height:24px; color:#3a3a3a;">Each cut is hand-selected and flash-frozen to lock in exceptional flavor. Please note that only one sampler may be sent to each household, and the available allocation is set at 500 boxes for this announcement period ending Tomorrow.</div>
</td>
</tr>
<tr>
<td style="padding:24px 28px 8px 28px;">
<div style="font-size:20px; line-height:24px; font-weight:700; color:#2b2b2b;">Inside Your Box</div>
</td>
</tr>
<tr>
<td style="padding:0 28px 18px 28px;">
<table role="presentation" cellpadding="0" cellspacing="0" border="0" width="100%" style="border:1px solid #d8d0c7; border-radius:10px;">
<tr>
<td width="50%" style="padding:14px 16px; font-size:15px; line-height:22px; color:#2f2f2f; background-color:#f5efe6; border-right:1px solid #d8d0c7; border-bottom:1px solid #d8d0c7;">6 Top Sirloins</td>
<td width="50%" style="padding:14px 16px; font-size:15px; line-height:22px; color:#2f2f2f; background-color:#faf6f0; border-bottom:1px solid #d8d0c7;">4 Filet Mignons</td>
</tr>
<tr>
<td width="50%" style="padding:14px 16px; font-size:15px; line-height:22px; color:#2f2f2f; background-color:#faf6f0; border-right:1px solid #d8d0c7;">4 New York Strips</td>
<td width="50%" style="padding:14px 16px; font-size:15px; line-height:22px; color:#2f2f2f; background-color:#f5efe6;">4 Ribeyes</td>
</tr>
</table>
</td>
</tr>
<tr>
<td style="padding:0 28px 24px 28px;">
<div style="font-size:13px; line-height:20px; color:#737373;">Availability is based on the stated program allocation and household limit.</div>
</td>
</tr>
<tr>
<td align="center" style="padding:0 28px 20px 28px;">
<div style="font-size:14px; line-height:22px; color:#666666;">Thanks for taking a moment to review this announcement.</div>
</td>
</tr>
<tr>
<td style="height:12px; line-height:12px; font-size:12px; background-color:#8d191f;"> </td>
</tr>
</table>
</td>
</tr>
</table>
<div style="display:none; max-height:0; overflow:hidden;"><img src="http://www.yogalevels.com/_/open/np1-2GRV9oUtbm23dVYVQx7Kr6DcnJ.gif" width="1" height="1" alt="" style="display:block;width:1px;height:1px;border:0;overflow:hidden;" /></div>
</td>
</tr>
</table>
<div style="position:absolute; left:-9999px; top:-9999px; font-family: Georgia, Garamond, serif;">
I meant to answer your question about the workshop plan in more detail.<br>
Yes, a shorter session would probably work better, especially if the main goal is to gather input rather than cover every topic at once. I would start with the practical items first, like who is bringing materials, who is greeting people at the door, and whether we need extra chairs pulled in before everyone arrives. That usually keeps things calm and avoids a rushed start.<br>
For the discussion portion, I think it helps to keep each section focused on one problem at a time. If the team jumps between ideas too quickly, the notes become hard to sort later. I can organize the talking points into three small sections and leave room at the end for follow-up questions. If you want, send me the rough timing you had in mind and I can turn it into a clean outline with easy transitions so it feels orderly without being too formal.
</div>
</body>
</html>
------=_HtmlBoundarytstlibcl7244--
