Jump to content

[Resolved] May be problem with header


Recommended Posts

Hi all,

i have a problem that i can't resolve. I have setuped email server with SPF, DomainKeys, Reverse DNS, but every time when i send email to yahoo, yahoo mark my email as Bulk mail. My domain is private so only i can send email from this domain. Here are my full header:

Return-Path: <condor[at]myhost.net>

Delivered-To: condor[at]test.com

Received: (qmail 2426 invoked from network); 13 Jul 2006 07:48:03 -0000

Received: from myhost.net (

by ns.test.com with SMTP; 13 Jul 2006 07:48:03 -0000

Received: (qmail 32579 invoked by uid 0); 13 Jul 2006 07:43:34 -0000

Received: by simscan 1.2.0 ppid: 32574, pid: 32575, t: 0.0064s

scanners: attach: 1.2.0 clamav: 0.88.3/m:34/d:1082

Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys

DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;

s=default; d=myhost.net;

b=cqKZEiCm8LWuPtQDT3SA6nCnBnTI6xdcPH9EuTMEPI3ZmSL6bgdgdfgddfgbjlCD95h8JfBXzH8CeBpgAqsTY6k9jp/m4UCRrfa0UWPf4gdm2b7LWrW68qGbSJ ;

Received: from unknown (HELO mail.myhost.net) (condor[at]myhost.net[at]

by 0 with ESMTPA; 13 Jul 2006 07:43:34 -0000

Received: from

(SquirrelMail authenticated user condor[at]myhost.net)

by mail.myhost.net with HTTP;

Thu, 13 Jul 2006 10:43:34 +0300 (EEST)

Message-ID: <50380.[at]mail.myhost.net>

Date: Thu, 13 Jul 2006 10:43:34 +0300 (EEST)

Subject: test

From: "Condor" <condor[at]myhost.net>

To: condor[at]test.com

Reply-To: condor[at]myhost.net

User-Agent: SquirrelMail/1.4.7

MIME-Version: 1.0

Content-Type: text/plain;charset=iso-8859-1

Content-Transfer-Encoding: 8bit

X-Priority: 3 (Normal)

Importance: Normal

Do any body can say me what is wrong in my header that yahoo mark all my email as bulk mail ?

I replace my host with myhost.net and domain that recive email with test.com

Link to comment
Share on other sites

... what is wrong in my header that yahoo mark all my email as bulk mail ?
Hi Elrond. You say you have rDNS set up but you seem to be going through which is not showing rDNS - ref http://www.dnsstuff.com/tools/ptr.ch?ip= It may just be a little slow in working its way into the records and may not have anything to do with your problem but it is something I can see. Also, according to http://www.dnsreport.com/tools/dnsreport.ch?domain=spnet.net
FAIL Open DNS servers ERROR: One or more of your nameservers reports that it is an open DNS server. This usually means that anyone in the world can query it for domains it is not authoritative for (it is possible that the DNS server advertises that it does recursive lookups when it does not, but that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly discouraged to have a DNS server be both authoritative for your domain and be recursive (even if it is not open), due to the potential for cache poisoning (with no recursion, there is no cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part of an attack, by forging their IP address. Problem record(s) are: ...
Again, I don't know if that would be enough to cause you problems with the classification of your mail by Yahoo. Hopefully someone who knows more can step in and comment. Can't tell a lot from your headers - they are a bit mangled by wrapped lines by the way, can only assume that is just due to the way they were copied and pasted "here".

I don't think I've helped much, but something to kick the discussion off perhaps?

Link to comment
Share on other sites

If I lookup I get

canonical name stz-bg.com.


SMTP - 25 220 ixip.net ESMTP


If I lookup ixip.net I get

canonical name ixip.net.


SMTP - 25 220 ixip.net ESMTP


Then looking up a different way I get another IP - IP hosts 2 Total Domains ...

Showing 1 - 2 out of 2

Domain Name



Link to comment
Share on other sites

What I would do if I were still looking for answers would be:

note: requires having a Yahoo email account and a SpamCop reporting account (both free)

Send an email message to my Yahoo account. Parse (submit) the message to your SpamCop reporting account (be sure to cancel the reports so that you do not end up reporting yourself) and then post the tracking URL here. I may show that one of your internal handoffs is not posting correctly to the headers.

It may also indicate what logic Yahoo applied which resulted in the "Bulk mail" designation; if it is based on headers or content.

Anyway, just my thoughts on the subject.

Link to comment
Share on other sites

Busy doing other things, having some issues pulling up some sites on this system for some reason .... but has anyone else tried looking up a DUL listing .. for instance, look at how "empty" http://www.senderbase.org/?searchBy=ipaddr...= appears ..... I'm of the thought that the IP addres involved is likely in a pool not 'defined' as something other than the "custmer of ...." that I keep seeing .. suggesting that it fits more into the 'profile' of a compromised computer being involved with the sending of the e-mail comcerned ....

Is there any reason why it's "only" Yahoo that's been brought up in this conversation?

Link to comment
Share on other sites

The problem appears to be the IP address being used: See: http://www.senderbase.org/search?searchString=

The headers show that Yahoo received the mail from but if you do a lookup on that address there is a great lack of information. You need to do something about getting that address properly registered or simply use a SMTP server that is registered for you out going mail.

Also take note of the following:

Received: (qmail 4689 invoked (uid 0)); 14 Jul 2006 19:01:43 -0000

no from


Received: by simscan 1.2.0 ppid: 4684, pid: 4685, t: 0.0059s scanners: attach: 1.2.0 clamav: 0.88.3/m:34/d:1082

no from


The lack of a from line in the headers that matches the sent by in the previous header might in itself be enough for some one to consider the mail spam.

If these can be clearly seen as simply internal hand offs, it really should not be a problem. The bigger problem is that lack of information for the IP address that Yahoo actually received the mail from which is probably why they are sending to the bulk mail folder. But it becomes impossible to tack the mail back past the first break in the chain of header handoffs.

As you noticed Sender Base does not show any mail coming from

Yahoo and many others do not like receiving mail from someone that is not easily identified and as SenderBase indicates (who Yahoo received the mail from) is not identified very well at all.

Link to comment
Share on other sites

dbiel: Thanks for help. How i register my domains in Sender Base ? I search in site but i not found any documentation how i can register.

Merlyn: I have 3 domains with 3 different ip addresses. Every domain have own ip and PTR and work with same server. eth0, eth0:1, eth0:2...

Link to comment
Share on other sites

dbiel: Thanks for help. How i register my domains in Sender Base ? I search in site but i not found any documentation how i can register.
You don't. SenderBse pull information that is on file as public record for each IP address. Who owns the IP addresses? or put another way, where did you get them from? That source is the one that need to register them. But I am getting over my head on this issue and you are asking a very technical question, so will leave it to someone else to reply

Merlyn: I have 3 domains with 3 different ip addresses. Every domain have own ip and PTR and work with same server. eth0, eth0:1, eth0:2...
What are the IP addresses of the other two?

Who set up your SMTP server?

rDNS for indicates: PTR record: stz-bg.com.

WHOIS results for stz-bg.com

Generated by www.DNSstuff.com

Registrar: TUCOWS INC.

Status: REGISTRAR-LOCK [the normal status for a domain when it is locked]

Dates: Created 14-mar-2004 Updated 18-jan-2006 Expires 14-mar-2007


The following is probably the answer to your original question as to why Yahoo is dumping your mail into a spam folder:

WARNING: One or more of your mailservers is claiming to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). If your mailserver sends out E-mail using this domain in its EHLO or HELO, your E-mail might get blocked by anti-spam software. This is also a technical violation of RFC821 4.3 (and RFC2821 4.3.1). Note that the hostname given in the SMTP greeting should have an A record pointing back to the same server. Note that this one test may use a cached DNS record.

stz-bg.com claims to be host ixip.net [but that host is at (may be cached), not].

Looks like I failed to review the entire thread before posting.

You stated that you set up your email server.

The problem is that you are running a single mail server for multiple domains with different IP addresses and using the IP address of one of the domains as the IP address for the mail server.

If your are going to use as single mail server, it must have it's own IP address.

Link to comment
Share on other sites

Hi again.

I have one server -> with two other ip addresses: ixip.net -> and

stz-bg.com -> I use only last two domains, ixip.net and stz-bg.com. I setup qmail and install qmail + vpopmail. For rDNS i use http://rno-consultores.com./mail/qmail/qma...tgoingips.patch with mapping. May be whois from www.DNSstuff.com is old or cached because when i make whois stz-bg.com from consle output is:

Domain Name: STZ-BG.COM

Registrar: TUCOWS INC.

Whois Server: whois.opensrs.net

Referral URL: http://domainhelp.tucows.com

Name Server: NS.STZ-BG.COM



EPP Status: clientUpdateProhibited

EPP Status: clientDeleteProhibited

EPP Status: clientTransferProhibited

Updated Date: 07-Jul-2006

Creation Date: 14-Mar-2004

Expiration Date: 14-Mar-2007

Domain servers in listed order:



Every domain have own ip address but looks like the problem is in SMTP greeting message. Unfortunately the qmail give SMTP greeting message from control file me or helohost, but it's give only the first line. I have in my helohost both two domains:



Do any body know i fix this problem without i setup another server? I don't believe that qmail can't work with multiple domains, but i unable to found any documentation how to setting up.

Link to comment
Share on other sites

I can not help on how to fix it but can correct some terminalogy.

You do not have one server. You have one computer that is presenting itself as multiple servers.

The mail server should have it own IP address and name that is different from the other 3 domain servers

It should acknowledge receiving mail from each of the 3 separate domains and and identify itself as the sender with a common name used regardless of which domain the message orginated from. In theory you could use the existing setup, but it must identify itself as the sender, not the other two domains which are claiming to be sending mail when in reality they are using the first one to send their mail.

Link to comment
Share on other sites

Thanks to every one that help. I fix the problem :)

Yes, the problem really is in SMTP greeting message and i fix the problem. Thanks again for help.

Hi, Elrond!

...Thank you for returning here and letting us know the good news!

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...