[Mailman-Users] Yahoo spam detection

Steven D'Aprano steve at pearwood.info
Fri Dec 26 02:04:31 CET 2014


On Mon, Dec 22, 2014 at 07:36:54PM -0800, Mark Sapiro wrote:
> On 12/22/2014 03:18 PM, Steven D'Aprano wrote:
> > 
> > One of the Yahoo subscribers kindly forwarded me the full headers and I 
> > can see these which appear relevant:
> > 
> > 
> > X-YahooFilteredBulk:
> >     150.101.137.129
> > Received-SPF:
> >     pass (domain of pearwood.info designates 150.101.137.129 as 
> >     permitted sender)
> > X-Originating-IP:
> >     [150.101.137.129]
> > Authentication-Results:
> >     mta1310.mail.bf1.yahoo.com from=pearwood.info; domainkeys=neutral 
> >     (no sig); from=pearwood.info; dkim=neutral (no sig)
> > X-IronPort-Anti-Spam-Filtered:
> >     true
> > X-IronPort-Anti-Spam-Result:
> >     AqD1AA1PlVR20UxqPGdsb2JhbABBGoNYWIMEs1KFGUqBUIYAhFwBgQKCMQMgdBc
> >     BAQEBAQYBAQEBODuEDgYZAQgREgMFAgYYCgQDAQIGAiQCBRYHCAIBBgMCAQIBDx
> >     AICgQeBQYCAgEUAQIBAgKHdwMQCTy6DYFwhGOJUQ2Fa4EhgWqGfwGCOYJMCgQDA
> >     QKEfgWDfTAGhB8rgjCDBYJSSYF/gUGCDXQwgjOCBgwhgzaCH4IZgmyCfoFzKjEB
> >     AQkBdwkXgSABAQE
> > X-IronPort-SPAM:
> >     SPAM
> 
> 
> 
> Looking more closely, I see issues here. First, none of the mail I
> receive at yahoo.com has any X-Ironport-* headers. This is not Yahoo
> using an IronPort appliance. It may be your outgoing MTA or some other
> MTA in the delivery chain. Where are these headers in the context of the
> Received: headers. That will tell you which MTA added them.

The Received headers look like this:

Received:
    from 127.0.0.1 (EHLO ipmail06.adl2.internode.on.net) 
    (150.101.137.129) by mta1310.mail.bf1.yahoo.com with SMTP;
    Sat, 20 Dec 2014 10:32:13 +0000
X-IronPort-Anti-Spam-Filtered:
    true
X-IronPort-Anti-Spam-Result:
    [gibberish removed]
X-IronPort-SPAM:
    SPAM
Received:
    from ppp118-209-76-106.lns20.mel4.internode.on.net (HELO 
    pearwood.info) ([118.209.76.106]) by
    ipmail06.adl2.internode.on.net with ESMTP; 20 Dec 2014 21:01:15 +1030
Received:
    from ando.pearwood.info (localhost.localdomain [127.0.0.1]) by 
    pearwood.info (Postfix) with ESMTP id B67FE120737; Sat, 20 Dec 2014 
    21:11:52 +1100 (EST)


Internode is my ISP, and I shall talk to them, but I don't see any sign 
that they are adding X-IronPort-* headers to my outgoing mail. I 
subscribe my work email address, and they don't get any IronPort headers.

 
> It appears your domain is pearwood.info and the IP address of the
> sending server is 150.101.137.129.

Yes, my domain is pearwood.info. 150.101.137.129 appears to be (one of?) 
my ISP's mail server(s). I have been advised that because I have a 
dynamic IP address, I should have my outgoing mail go via my ISP's mail 
server. So I have this in my postfix config:

myhostname = pearwood.info
mydomain = pearwood.info
relayhost = mail.internode.on.net

 
> There may be configuration issues around this.
> 
> A server sending mail should have a rDNS PTR record pointing to a domain
> and that domain should have an A record with the IP address of the
> server. See
> <http://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS>. The
> absence of this is a big red flag for many ISPs
> 
> pearwood.info has no A record. the rDNS PTR for IP 150.101.137.129 is
> ipmail06.adl2.internode.on.net which does have an A record with IP
> 150.101.137.129 so maybe this is OK, but it is something to think about.

Do you think I should set up an A record for pearwood.info?

 
> Note that it is not necessary that the server's canonical name be the
> domain of the list. It helps if SPF permits the server for the domain
> and it does in your case, but if I had to guess, I'd guess the
> 
> > X-YahooFilteredBulk:
> >     150.101.137.129
> 
> is the relevant header and it means Yahoo doesn't like your IP for some
> reason.

I shall certainly talk to my ISP. Is it worth trying to talk to Yahoo? 
Are they likely to care? I've been told by some Yahoo users that Yahoo's 
unofficial policy seems to be that *all* bulk email not originating from 
Yahoo itself is treated as ipso facto spam.

Thanks very much for your help, and may you have a great Christmas and 
New Year.



-- 
Steven


More information about the Mailman-Users mailing list