jseymour Posted June 14, 2004 Posted June 14, 2004 Some of the messages forwarded from my Yahoo address to Spamcop are not getting parsed via Mailhosts properly. They are coming via the 206.190.36.* IP block - which is apparently not part of the Yahoo mailhost. Here are a handful of recent samples (all dutifully quick-reported - sorry, Yahoo) http://www.spamcop.net/sc?id=z518666160zfd...c181059f4c4db5z from mta168.mail.re2.yahoo.com (206.190.36.164) http://www.spamcop.net/sc?id=z518666151z7e...746e9d14c7bb38z from mta154.mail.re2.yahoo.com (206.190.36.150) http://www.spamcop.net/sc?id=z518497522zed...75c086a1265dfaz from mta184.mail.re2.yahoo.com (206.190.36.180) http://www.spamcop.net/sc?id=z518497517ze9...35514ccd33dcbcz from mta168.mail.re2.yahoo.com (206.190.36.164) http://www.spamcop.net/sc?id=z518497513z53...edb9c39d788b72z from mta120.mail.re2.yahoo.com (206.190.36.52) http://www.spamcop.net/sc?id=z518497506za7...03fee9e5031352z from mta174.mail.re2.yahoo.com (206.190.36.170)
Wazoo Posted June 14, 2004 Posted June 14, 2004 For starters, I've got to point one again to http://forum.spamcop.net/forums/index.php?showtopic=1081 ... pointing out that this Forum is basically "last seen" by the Deputies / Ellen. She's suggested that another issue is that "they" haven't figured out how to add this Forum stuff into their database ... (and perhaps there's something to do with time-keeping, as this side of the house isn't strictly Julian/IronPort????) Anyway, I personally have not seen the following lines before; spam Header Converting X-Received to Received: Removing X-Yahoo-Forwarded: from x to x So not sure what all that's supposed to mean, much less if there's some impact there. Then we run into these lines; 2: Received: from 202.147.58.181 (HELO 67.28.113.11) (202.147.58.181) by mta168.mail.re2.yahoo.com with SMTP; Mon, 14 Jun 2004 11:34:41 -0700 No unique hostname found for source: 202.147.58.181 Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust anything beyond this header The HELO is a Yahoo server, but ..??? Parsing input: 202.147.58.181 host 202.147.58.181 (getting name) no name host 202.147.58.181 (getting name) no name Reporting addresses: derek.tay[at]asiaglobalcrossing.com akino[at]gblx.ad.jp This definitely something that you need to send to Deputies/Ellen for Julian's analysis .... it's too bad that "support" is supposed to be "here" but ... no one "here" has access to anything that matters in this mail-host thing ...
jseymour Posted June 14, 2004 Author Posted June 14, 2004 For starters, I've got to point one again to http://forum.spamcop.net/forums/index.php?showtopic=1081 ... pointing out that this Forum is basically "last seen" by the Deputies / Ellen. Thanks. I've dropped an email to the deputies... Anyway, I personally have not seen the following lines before; spam Header Converting X-Received to Received: Removing X-Yahoo-Forwarded: from x to x So not sure what all that's supposed to mean, much less if there's some impact there. I don't recall seeing the "X-Received" message - but that's probably because it's not bright pink like the other important stuff... However, the X-Yahoo-Forwarded message is normal. When you use Yahoo's forwarding, they add that line to indicate the forwarding. Spamcop ignores it as it's not relevant to the parse. Since I send my reports unmunged, though, I'm not sure if it's merely ignored or actually deleted. Then we run into these lines; 2: Received: from 202.147.58.181 (HELO 67.28.113.11) (202.147.58.181) by mta168.mail.re2.yahoo.com with SMTP; Mon, 14 Jun 2004 11:34:41 -0700 [...] Received line #2 is the line Yahoo added. It shows a spoofed HELO and the true source of the spam. However, the problem I'm reporting is on Received line #1. It indicates that Yahoo sent the message to Spamcop - however the IP address in question is not known to Spamcop's Yahoo mailhost.
jseymour Posted June 16, 2004 Author Posted June 16, 2004 Just to bring some quasi-closure to this issue... I never heard back from the deputies, but I switched my setup so that Spamcop POPs my Yahoo account instead of Yahoo doing the forwarding. This seems to have worked around the problem. I prefer forwarding, but this is an adequate solution for me...
Wazoo Posted June 16, 2004 Posted June 16, 2004 I never heard back from the deputies I don't know what to tell you, but this comment seems to be coming up a lot recently. The address I have showing is Deputies <at> admin.spamcop.net .... but I see listings that show Deputies <at> spamcop.net ... I'd trust that both of these are mapped to the same InBox, but ...???? I know that in the past, they've made complaints of being three or four days behind (yet continue to ask for more <g>) ... but this doesn't address these "no response" remarks. Also, did the subject line include the Mail-Host reference? (and even if so, that seems to more than likely limit the exposure and response to Ellen ...) As I don't use the e-mail side of the house and have refrained from jumping into the mail-host thing (based on it's interference with my researching other's posted issues), I'm going to take advantage of my ignorance and ask the stupid question ... would these additional Yahoo servers you describe be picked up if you run through the Mail-Host configuration procedures again? I know, the next level seems to go back to the waivers and such, which also goes back to e-mail the Deputies ... I'm just a bit buffalo'd, thinking that there must be a slew of other Yahoo users that have these servers in their chain, and as that database is more than a bit "shared" ... I'm having a hard time "guessing" as to why they don't seem to be collected up already ...
jseymour Posted June 16, 2004 Author Posted June 16, 2004 I never heard back from the deputies I don't know what to tell you, but this comment seems to be coming up a lot recently. The address I have showing is Deputies <at> admin.spamcop.net .... but I see listings that show Deputies <at> spamcop.net ... I'd trust that both of these are mapped to the same InBox, but ...???? Hmmm.... I sent it to deputies <at> spamcop.net - just like Ellen's post said to. would these additional Yahoo servers you describe be picked up if you run through the Mail-Host configuration procedures again? They might - but it's hit and miss. The majority of messages forwarded from Yahoo seem to come from a known server. However, some (perhaps about a third) come from the "new" IP's that Spamcop doesn't know about. If I get ambitious, I'll do some experimentation...
turetzsr Posted June 16, 2004 Posted June 16, 2004 I never heard back from the deputies I don't know what to tell you, but this comment seems to be coming up a lot recently. The address I have showing is Deputies <at> admin.spamcop.net .... but I see listings that show Deputies <at> spamcop.net ... I'd trust that both of these are mapped to the same InBox, but ...???? Hmmm.... I sent it to deputies <at> spamcop.net - just like Ellen's post said to. <snip> ...FWIW, I've had responses from Ellen to e-mails I've sent to both deputies addresses.
Ellen Posted June 16, 2004 Posted June 16, 2004 I never heard back from the deputies I don't know what to tell you, but this comment seems to be coming up a lot recently. The address I have showing is Deputies <at> admin.spamcop.net .... but I see listings that show Deputies <at> spamcop.net ... I'd trust that both of these are mapped to the same InBox, but ...???? Hmmm.... I sent it to deputies <at> spamcop.net - just like Ellen's post said to. <snip> ...FWIW, I've had responses from Ellen to e-mails I've sent to both deputies addresses. Ok everyone needs to sit down for this news: I was gone/away/not here/sans computer for more than 24 hours as remarkable as that may seem. That being the case I have no idea what we are discussing in this thread and if we are still discussing it -- someone remind me ... and yes either [at]admin.spamcop.net or [at]spamcop.net works for the deputies -- and if one of y'all wrote and we missed the email tell me when, the subject line and you might as well tell me what you said also ....
jseymour Posted June 16, 2004 Author Posted June 16, 2004 and if one of y'all wrote and we missed the email tell me when, the subject line and you might as well tell me what you said also .... Ah, yes. That would be me. I sent a message on Monday at 3:57pm Pacific Time with a Subject of "mailhosts: New IP's being used by Yahoo (?)" It contained essentially the same content as my first post in this thread.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.