On 2/5/2015 4:51 PM, Alex Regan wrote:
>
>
> On 02/05/2015 11:11 AM, Axb wrote:
>>
>> adding FTR:
>
> Can you explain FTR?
>
>> Received: from [238.10.216.99] by web122903.mail.ne1.yahoo.com
>> via HTTP;
>> Thu, 05 Feb 2015 xx:xx:xx PST
>>
>> Received: from [238.185.80.95] by web87801.mail.ir2.yahoo.com via
>> HTTP;
>> Thu, 05 Feb 2015 xx:xx:xx GMT
>
> Is there a way to limit this to only yahoo, such that the
> RCVD_ILLEGAL_IP isn't abused?
There isn't much abuse to worry about. The rule is to catch
stupidly-forged Received: headers, which are fairly rare (for me
anyway), can't contribute to a positive score, and aren't seen by
the end-user.
totally untested...
header __L_FROM_Y1 From:addr =~ m{[@.]yahoo\.com$}i
header __L_FROM_Y2 From:addr =~ m{\@yahoo\.com\.(ar|br|cn|hk|my|sg)$}i
header __L_FROM_Y3 From:addr =~ m{\@yahoo\.co\.(id|in|jp|nz|uk)$}i
header __L_FROM_Y4 From:addr =~
m{\@yahoo\.(ca|de|dk|es|fr|gr|ie|it|pl|se)$}i
header __L_FROM_Y5 From:addr =~
m{\@(att|bellsouth|rogers|talk21)\.(com|net)$}i
meta __L_FROM_YAHOO __L_FROM_Y1 || __L_FROM_Y2 || __L_FROM_Y3 ||
__L_FROM_Y4 || __L_FROM_Y5
meta L_YAHOO_BROKEN_RCVD (__L_FROM_YAHOO && __DKIM_VALID_AU &&
RCVD_ILLEGAL_IP)
score L_YAHOO_BROKEN_RCVD -4
> I haven't seen any yahoo entries thus far that use the multicast
> range, but please do let us know when you feel yahoo has fixed
> their mistake.
>
Our low-volume server today received several from bellsouth.net
(hosted by yahoo). Most recent about an hour ago.
-- Noel
