Jump to content
Sign in to follow this  
Followers 0
jseymour

Yahoo mailhost list needs expanding(?)

By jseymour, in Mailhost Configuration of your Reporting Account

Recommended Posts

jseymour    0

jseymour
Posted

Some of the messages forwarded from my Yahoo address to Spamcop are not getting parsed via Mailhosts properly. They are coming via the 206.190.36.* IP block - which is apparently not part of the Yahoo mailhost.

Here are a handful of recent samples (all dutifully quick-reported - sorry, Yahoo)

http://www.spamcop.net/sc?id=z518666160zfd...c181059f4c4db5z

from mta168.mail.re2.yahoo.com (206.190.36.164)

http://www.spamcop.net/sc?id=z518666151z7e...746e9d14c7bb38z

from mta154.mail.re2.yahoo.com (206.190.36.150)

http://www.spamcop.net/sc?id=z518497522zed...75c086a1265dfaz

from mta184.mail.re2.yahoo.com (206.190.36.180)

http://www.spamcop.net/sc?id=z518497517ze9...35514ccd33dcbcz

from mta168.mail.re2.yahoo.com (206.190.36.164)

http://www.spamcop.net/sc?id=z518497513z53...edb9c39d788b72z

from mta120.mail.re2.yahoo.com (206.190.36.52)

http://www.spamcop.net/sc?id=z518497506za7...03fee9e5031352z

from mta174.mail.re2.yahoo.com (206.190.36.170)

Share this post

Link to post
Share on other sites

Wazoo    0

Wazoo
Posted

For starters, I've got to point one again to http://forum.spamcop.net/forums/index.php?showtopic=1081 ... pointing out that this Forum is basically "last seen" by the Deputies / Ellen. She's suggested that another issue is that "they" haven't figured out how to add this Forum stuff into their database ... (and perhaps there's something to do with time-keeping, as this side of the house isn't strictly Julian/IronPort????)

Anyway, I personally have not seen the following lines before;

spam Header

Converting X-Received to Received:

Removing X-Yahoo-Forwarded: from x to x

So not sure what all that's supposed to mean, much less if there's some impact there.

Then we run into these lines;

2: Received: from 202.147.58.181 (HELO 67.28.113.11) (202.147.58.181) by mta168.mail.re2.yahoo.com with SMTP; Mon, 14 Jun 2004 11:34:41 -0700

No unique hostname found for source: 202.147.58.181

Possible forgery. Supposed receiving system not associated with any of your mailhosts

Will not trust anything beyond this header

The HELO is a Yahoo server, but ..???

Parsing input: 202.147.58.181

host 202.147.58.181 (getting name) no name

host 202.147.58.181 (getting name) no name

Reporting addresses:

derek.tay[at]asiaglobalcrossing.com

akino[at]gblx.ad.jp

This definitely something that you need to send to Deputies/Ellen for Julian's analysis .... it's too bad that "support" is supposed to be "here" but ... no one "here" has access to anything that matters in this mail-host thing ...

Share this post

Link to post
Share on other sites

jseymour    0

jseymour
Posted
For starters, I've got to point one again to http://forum.spamcop.net/forums/index.php?showtopic=1081 ... pointing out that this Forum is basically "last seen" by the Deputies / Ellen.

Thanks. I've dropped an email to the deputies...

Anyway, I personally have not seen the following lines before;

spam Header

Converting X-Received to Received:

Removing X-Yahoo-Forwarded: from x to x

So not sure what all that's supposed to mean, much less if there's some impact there.

I don't recall seeing the "X-Received" message - but that's probably because it's not bright pink like the other important stuff... :huh:

However, the X-Yahoo-Forwarded message is normal. When you use Yahoo's forwarding, they add that line to indicate the forwarding. Spamcop ignores it as it's not relevant to the parse.

Since I send my reports unmunged, though, I'm not sure if it's merely ignored or actually deleted.

Then we run into these lines;

2: Received: from 202.147.58.181 (HELO 67.28.113.11) (202.147.58.181) by mta168.mail.re2.yahoo.com with SMTP; Mon, 14 Jun 2004 11:34:41 -0700

    [...]

Received line #2 is the line Yahoo added. It shows a spoofed HELO and the true source of the spam. However, the problem I'm reporting is on Received line #1. It indicates that Yahoo sent the message to Spamcop - however the IP address in question is not known to Spamcop's Yahoo mailhost.

Share this post

Link to post
Share on other sites

jseymour    0

jseymour
Posted

Just to bring some quasi-closure to this issue...

I never heard back from the deputies, but I switched my setup so that Spamcop POPs my Yahoo account instead of Yahoo doing the forwarding. This seems to have worked around the problem.

I prefer forwarding, but this is an adequate solution for me...

Share this post

Link to post
Share on other sites

Wazoo    0

Wazoo
Posted
I never heard back from the deputies

I don't know what to tell you, but this comment seems to be coming up a lot recently. The address I have showing is Deputies <at> admin.spamcop.net .... but I see listings that show Deputies <at> spamcop.net ... I'd trust that both of these are mapped to the same InBox, but ...???? I know that in the past, they've made complaints of being three or four days behind (yet continue to ask for more <g>) ... but this doesn't address these "no response" remarks. Also, did the subject line include the Mail-Host reference? (and even if so, that seems to more than likely limit the exposure and response to Ellen ...)

As I don't use the e-mail side of the house and have refrained from jumping into the mail-host thing (based on it's interference with my researching other's posted issues), I'm going to take advantage of my ignorance and ask the stupid question ... would these additional Yahoo servers you describe be picked up if you run through the Mail-Host configuration procedures again? I know, the next level seems to go back to the waivers and such, which also goes back to e-mail the Deputies ... I'm just a bit buffalo'd, thinking that there must be a slew of other Yahoo users that have these servers in their chain, and as that database is more than a bit "shared" ... I'm having a hard time "guessing" as to why they don't seem to be collected up already ...

Share this post

Link to post
Share on other sites

jseymour    0

jseymour
Posted (edited)
I never heard back from the deputies

I don't know what to tell you, but this comment seems to be coming up a lot recently. The address I have showing is Deputies <at> admin.spamcop.net .... but I see listings that show Deputies <at> spamcop.net ... I'd trust that both of these are mapped to the same InBox, but ...????

Hmmm.... I sent it to deputies <at> spamcop.net - just like Ellen's post said to.

would these additional Yahoo servers you describe be picked up if you run through the Mail-Host configuration procedures again?

They might - but it's hit and miss. The majority of messages forwarded from Yahoo seem to come from a known server. However, some (perhaps about a third) come from the "new" IP's that Spamcop doesn't know about.

If I get ambitious, I'll do some experimentation...

Edited by jseymour

Share this post

Link to post
Share on other sites

turetzsr    0

turetzsr
Posted (edited)
I never heard back from the deputies

I don't know what to tell you, but this comment seems to be coming up a lot recently. The address I have showing is Deputies <at> admin.spamcop.net .... but I see listings that show Deputies <at> spamcop.net ... I'd trust that both of these are mapped to the same InBox, but ...????

Hmmm.... I sent it to deputies <at> spamcop.net - just like Ellen's post said to.

<snip>

...FWIW, I've had responses from Ellen to e-mails I've sent to both deputies addresses.

Edited by turetzsr

Share this post

Link to post
Share on other sites

Ellen    0

Ellen
Posted
I never heard back from the deputies

I don't know what to tell you, but this comment seems to be coming up a lot recently. The address I have showing is Deputies <at> admin.spamcop.net .... but I see listings that show Deputies <at> spamcop.net ... I'd trust that both of these are mapped to the same InBox, but ...????

Hmmm.... I sent it to deputies <at> spamcop.net - just like Ellen's post said to.

<snip>

...FWIW, I've had responses from Ellen to e-mails I've sent to both deputies addresses.

Ok everyone needs to sit down for this news: I was gone/away/not here/sans computer for more than 24 hours as remarkable as that may seem. That being the case I have no idea what we are discussing in this thread and if we are still discussing it -- someone remind me ...

and yes either [at]admin.spamcop.net or [at]spamcop.net works for the deputies -- and if one of y'all wrote and we missed the email tell me when, the subject line and you might as well tell me what you said also ....

Share this post

Link to post
Share on other sites

jseymour    0

jseymour
Posted
and if one of y'all wrote and we missed the email tell me when, the subject line and you might as well tell me what you said also ....

Ah, yes. That would be me.

I sent a message on Monday at 3:57pm Pacific Time with a Subject of "mailhosts: New IP's being used by Yahoo (?)"

It contained essentially the same content as my first post in this thread.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Mailhost Configuration of your Reporting Account
×