[Mailman-Users] Yahoo spam detection

Mark Sapiro mark at msapiro.net
Tue Dec 23 04:36:54 CET 2014 

On 12/22/2014 03:18 PM, Steven D'Aprano wrote:
> 
> One of the Yahoo subscribers kindly forwarded me the full headers and I 
> can see these which appear relevant:
> 
> 
> X-YahooFilteredBulk:
>     150.101.137.129
> Received-SPF:
>     pass (domain of pearwood.info designates 150.101.137.129 as 
>     permitted sender)
> X-Originating-IP:
>     [150.101.137.129]
> Authentication-Results:
>     mta1310.mail.bf1.yahoo.com from=pearwood.info; domainkeys=neutral 
>     (no sig); from=pearwood.info; dkim=neutral (no sig)
> X-IronPort-Anti-Spam-Filtered:
>     true
> X-IronPort-Anti-Spam-Result:
>     AqD1AA1PlVR20UxqPGdsb2JhbABBGoNYWIMEs1KFGUqBUIYAhFwBgQKCMQMgdBc
>     BAQEBAQYBAQEBODuEDgYZAQgREgMFAgYYCgQDAQIGAiQCBRYHCAIBBgMCAQIBDx
>     AICgQeBQYCAgEUAQIBAgKHdwMQCTy6DYFwhGOJUQ2Fa4EhgWqGfwGCOYJMCgQDA
>     QKEfgWDfTAGhB8rgjCDBYJSSYF/gUGCDXQwgjOCBgwhgzaCH4IZgmyCfoFzKjEB
>     AQkBdwkXgSABAQE
> X-IronPort-SPAM:
>     SPAM



Looking more closely, I see issues here. First, none of the mail I
receive at yahoo.com has any X-Ironport-* headers. This is not Yahoo
using an IronPort appliance. It may be your outgoing MTA or some other
MTA in the delivery chain. Where are these headers in the context of the
Received: headers. That will tell you which MTA added them.

It appears your domain is pearwood.info and the IP address of the
sending server is 150.101.137.129.

There may be configuration issues around this.

A server sending mail should have a rDNS PTR record pointing to a domain
and that domain should have an A record with the IP address of the
server. See
<http://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS>. The
absence of this is a big red flag for many ISPs

pearwood.info has no A record. the rDNS PTR for IP 150.101.137.129 is
ipmail06.adl2.internode.on.net which does have an A record with IP
150.101.137.129 so maybe this is OK, but it is something to think about.

Note that it is not necessary that the server's canonical name be the
domain of the list. It helps if SPF permits the server for the domain
and it does in your case, but if I had to guess, I'd guess the

> X-YahooFilteredBulk:
>     150.101.137.129

is the relevant header and it means Yahoo doesn't like your IP for some
reason.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list