On Sun, 07 May 2017 23:31:49 -0400 Lyle Evans wrote: > At 03:45 PM 5/7/2017, you wrote: > >Hi, > > > >Would someone help me confirm this is an FP for FORGED_YAHOO_RCVD? It > >does indeed go through yahoo, but his then passed through spamcow.com > >before passing through interwrx.com, then through ours (example.com): > > > >https://pastebin.com/5WgWLBiB
What's happened is that this header Received: from sonic.gate.mail.ne1.yahoo.com by sonic312.consmr.mail.bf2.yahoo.com with HTTP; Tue, 2 May 2017 18:58:45 +0000 doesn't match any of the received header patterns. The reason it hasn't been more of a problem is that it's been substantially mitigated by a check for trusted yahoo rDNS. This example was forwarded. > > Looks like it is to me. The email has the header that cause > problems with the stock SA rules: > > X-Mailer: WebService/1.1.9539 YahooMailNeo Mozilla/5.0 (Windows NT > 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) > Chrome/57.0.2987.133 Safari/537.36 You are confusing it with FORGED_MUA_MOZILLA.
