Jump to content

Configuring Yahoo mailhosts


Recommended Posts

I'm not sure if something has changed at Yahoo's end or at Spamcop's end, but previously functioning mailhost configuration for a couple of Yahoo's email accounts I have seems to be causing a problem.

On the assumption that something might have changed at Yahoo's end, I deleted the mailhosts for the Yahoo accounts and tried reconfiguring, only to be informed as follows:

Hello SpamCop user,

Sorry, but SpamCop has encountered errors:

The email sample you submitted for <email redacted>

appears to traverse more than one domain.

Please ensure that you configure each mailhost individually and in order.

Proceed here:

<http://www.spamcop.net/mcgi?mhc2=["secret" redatced]>

Following the link results in the following being displayed:

No problems found - problem has already been resolved?

Currently no sign of the Yahoo-based mailhost. The email domans affected are yahoo.co.nz, xtra.co.nz and ymail.com

edit: mutter mutter, messed up BBCODE tags! :D

Link to comment
Share on other sites

>- appears to traverse more than one domain.

That's the key to the problem.

The resolution is to click on the link and request a Mailhost waiver so that a staff member can review the submission and make any necessary adjustments.

It looks like you did that and I processed the waiver. Yahoo is now registered as a host on your account.

Mail hosts are global. They apply to all SpamCop users. It doesn't do any good to delete a host from your account. When you try to register the address again, you will simply get the same host back.

If you're having trouble with a host, just let me know and I'll be happy to look into it.

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

Link to comment
Share on other sites

I reported another spam message and received the same response:

Mailhost configuration problem, identified internal IP as source

Mailhost:

Please correct this situation - register every email address where you receive spam

No source IP address found, cannot proceed.

Add/edit your mailhost configuration

Finding full email headers

Submitting spam via email (may work better)

Example: What spam headers should look like

Nothing to do.

Link to comment
Share on other sites

I'm getting the same error as moreofless.

I also tried removing Yahoo as a mailhost, but it didn't work: I still got the same error.

Would you please look into this since I get a lot of spam at my Yahoo address and I enjoy reporting them. :)

Thank you

Link to comment
Share on other sites

For about the last week, any spam sent to one of my Yahoo accounts is being rejected by SpamCop with messages similar to

Host 10.200.25.11 (checking ip) IP not found ; 10.200.25.11 discarded as fake.

Sorry, SpamCop has encountered errors:

The email sample you submitted for xxxxx[at]yahoo.co.uk

appears to traverse more than one domain.

Please ensure that you configure each mailhost individually and in order.

Has something changed at Yahoo?

I have tried reprocessing my mailhosts on spamcop but when I send back the spamcop generated test email I get

The header sample for maaial[at]yahoo.co.uk shows more than one new mail host. This seems to indicate that your email is being forwarded through another account. SpamCop needs to identify each account individually.

SpamCop could not automatically identify any additional email accounts from this sample. The most common reason for this is that the email account you have configured is being forwarded to another mail host. Each mail host must be configured individually (click "try again" and enter the email address of the final destination account).

I am not forwarding any mail to another host (as far as I know)

Any ideas?

Link to comment
Share on other sites

>- appears to traverse more than one domain.

That's the key to the problem.

The resolution is to click on the link and request a Mailhost waiver so that a staff member can review the submission and make any necessary adjustments.

It looks like you did that and I processed the waiver. Yahoo is now registered as a host on your account.

Mail hosts are global. They apply to all SpamCop users. It doesn't do any good to delete a host from your account. When you try to register the address again, you will simply get the same host back.

If you're having trouble with a host, just let me know and I'll be happy to look into it.

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

I did a mailhost reconfigure, requested and received a waiver, but still getting the error. I have a bellsouth.net account hosted by yahoo.

Link to comment
Share on other sites

For about the last week, any spam sent to one of my Yahoo accounts is being rejected by SpamCop with messages similar to

Host 10.200.25.11 (checking ip) IP not found ; 10.200.25.11 discarded as fake.

Sorry, SpamCop has encountered errors:

The email sample you submitted for xxxxx[at]yahoo.co.uk

appears to traverse more than one domain.

Please ensure that you configure each mailhost individually and in order.

Has something changed at Yahoo?

I have tried reprocessing my mailhosts on spamcop but when I send back the spamcop generated test email I get

The header sample for [username][at]yahoo.co.uk shows more than one new mail host. This seems to indicate that your email is being forwarded through another account. SpamCop needs to identify each account individually.

SpamCop could not automatically identify any additional email accounts from this sample. The most common reason for this is that the email account you have configured is being forwarded to another mail host. Each mail host must be configured individually (click "try again" and enter the email address of the final destination account).

I am not forwarding any mail to another host (as far as I know)

Any ideas?

I'm getting that exact same error, also for a [at]yahoo.co.uk email account, when trying to reconfigure my Yahoo mailhost after getting the following at the bottom of the spam reporting page, http://www.spamcop.net/sc?id=z5892590348z3...6a36aca4192385z

Parsing header:

0: Received: from 188.125.68.138 (188.125.68.138) by 188.125.84.121(188.125.84.121); Thu, 22 May 2014 15:21:56 +0000

Hostname verified: web28813.mail.ir2.yahoo.com

Possible forgery. Supposed receiving system not associated with any of your mailhosts

Will not trust this Received line.

Mailhost configuration problem, identified internal IP as source

Mailhost:

Please correct this situation - register every email address where you receive spam

No source IP address found, cannot proceed.

Add/edit your mailhost configuration

Finding full email headers

Submitting spam via email (may work better)

Example: What spam headers should look like

Nothing to do.

Until I read Don's post above, what detained me from requesting a waiver (which I'll try now) is the last sentence in the "explanation" paragraph for the waiver procedure: “Until this process is complete, you cannot report spam.†Well, I suppose that I'll just have to let my [at]belgacom.net and [at]gmail.com spam accumulate while the problem with my [at]yahoo.co.uk account is being resolved… (Most of the spam I get is for my [at]belgacom.net and [at]skynet.be accounts, which use the same mailhosts; the rest is usually [at]gmail.com; I've been getting a couple of spam messages at [at]yahoo.co.uk recently but it's a kind of novelty.)

Link to comment
Share on other sites

Hi, Tony,

...Did you miss my earlier post 88557[/snapback] or did I not understand yours and the one I referenced in mine is not relevant to your situation?

I had missed it, or at least not followed the link in it. When coming back to the computer a few minutes ago, I found an email "Mailhost waiver granted" from Don, and I also read that thread about Yahoo headers.

Let's hope the Yahoo and SpamCop admins find a solution soon.

Link to comment
Share on other sites

Same problem here, even after the waiver.

http://www.spamcop.net/sc?id=z5893492432z7...7c9679d2d6b742z

yeah, me too, for a new message: http://www.spamcop.net/sc?id=z5893888384ze...10a064749fae8az

I guess there is now a new loophole for spammers: "Send from Yahoo, it won't be reported". :ph34r:

Well, let's hope Don and the Yahoo engineers find a solution. In the meantime, is it any use reporting tracking URLs for Yahoo spam here, or should we just dump them down the trash?

Here are the Received lines in that spam:

Received: from 188.125.68.154 (188.125.68.154) by 188.125.85.148(188.125.85.148); Sun, 25 May 2014 16:08:35 +0000

Received: from 127.0.0.1 (HELO smelektronik.de) (EHLO mta1051.mail.ir2.yahoo.com) (190.100.82.179)

by mta1051.mail.ir2.yahoo.com with SMTP; Sun, 25 May 2014 16:08:35 +0000

The topmost (most recent) one seems to be Yahoo-to-Yahoo but not from something known by SC as "YahooMain" (though 188.125.84.186, which comes close, is known). The other (earlier) one seems to come from 127.0.0.1 which is not routable. There are no other Received lines but two lines above them there is

X-Originating-IP: [190.100.82.179]

which might be the point where the spam entered the net via HTTP webmail. It resolves to something to be reported to italo.sambuceti[at]vtr.cl which is definitely not Yahoo. The same IP appears (with no brackets) even higher in the headers, namely in the "X-YahooFilteredBulk" and "Received-SPF" headers.

After writing all this, I finally notice that that entry point is staring me in the face at the very end of the second Received line.

Link to comment
Share on other sites

I've noticed several emails arriving via Yahoo that have the "Received: from 127.0.0.1" and that seem to be a bit off. If it's Yahoo putting those lines in, should they really be referring to 127.0.0.1, which I interpret to mean "received via Yahoo", when other information in the line suggests "received from someone other than Yahoo"?

Link to comment
Share on other sites

Yeah, at best they are abbreviating/leaving out an awful lot, at worst it is all from within Yahoo and includes a forged "Received:" line (though that shouldn't really be possible).

Here is Tony's example in a non-mailhosted parse:

http://www.spamcop.net/sc?id=z5893949010ze...3bf946020ffbbfz

That "washes its hands" of the whole mess and allocates blame to Yahoo.

What else can we say? smelektronik.de uses mailfilter-gw.via.de [62.104.45.191] as Mail Exchange (inwards) then to mail.via.de [62.104.45.9] and many more outgoing servers of Good or Neutral reputation but, with none of its IP addresses reported in the headers, it doesn't look to be involved at all whereas smelektronik.de's SPF record is v=spf1 +all which looks a trifle promiscuous to me ;) and should never be used for Received-SPF: IMO!

190.100.82.179 is pc-179-82-100-190.cm.vtr.net is in Chile and vtr.net does indeed have a vile reputation for its dynamic addresses. How come "Received-SPF: pass (domain of smelektronik.de designates 190.100.82.179 as permitted sender)"? pc-179-82-100-190.cm.vtr.net's SPF record is v=spf1 mx ip4:190.160.0.128/26 ip4:200.83.2.210 ip4:200.83.2.211 ip4:200.83.2.212 ip4:200.83.2.213 ip4:200.83.2.214 ip4:200.83.2.215 -all. The HELO is bodgy, and of course smelektronik.de designates the entire universe as "permitted sender". Anyway, 190.100.82.179 is in the CBL because "It appears to be infected with a spam sending trojan, proxy or some other form of botnet." and appears to be an excellent candidate for the true source and - FWIW - appears to be the Yahoo designated sender even if the parser thinks it could be a forgery.

In any event, with the gaps in the evident transitioning chain, Yahoo deserves to wear the blame, but of course would say "It's all smelektronik.de's fault (or vtr.net's)," but to everyone else it is fairly clearly theirs (as nescient dupes, at the very best). But if they're in your mailhosting then, indeed, they're "home free", at least to their own satisfaction.

Link to comment
Share on other sites

Apologies for not understanding all the technical talk, but is there a an expected time for when this issue will be resolved? Or should we give up trying to report Yahoo spam?

In the meantime, like the other poster said, this issue gives spammers free rein since they know (or will soon know) that spam going through Yahoo can't be reported to the upstream mail services.

Or (conspiracy theory time) maybe Yahoo doesn't want their spam to be reported since other mail providers will realize (or have already realized) just how much spam comes from them.

Link to comment
Share on other sites

Hi, JHoagland,

...My suggestion would be to watch the Forum topic at the link I mentioned earlier: 88557[/snapback]; until that known issue is resolved, you could, if so inclined, try to report Yahoo spam but just give up if any errors occur.

Link to comment
Share on other sites

  • 2 weeks later...

I just reported one Yahoo spam message a few minutes ago, after getting "500 Internal Server Error, please wait for some time and retry" a few times.

Pessimistic hypothesis: I've just been lucky to get a message whose Received line was already in the YahooMain list of mailhost servers.

Optimistic hypothesis: the Internal Server Error was because of a software overhaul, and the parser can now puzzle out the new Yahoo headers.

Time will tell. ;-)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...