>Is anyone out there whitelisting the yahoogroups.com e-mail?
yeah, can't blacklist them.
> Since headers
>are so easily forgeable, I don't really want to whitelist by using the
>domain?
right, whitelist as little as possible by forgeable from_sender
>Just wondering if anyone had a list of the IP's that
>yahoogroups.com uses to send their subscriber based list e-mail?
Yahoo has bunch of ip's they send mail from. And SAV rejects tons of
obvious spam from their "store" and "bulk" and "scd" ip's. no need to
whitelist or blacklist anything. SAV handles it perfectly, including yahoo
groups.
Here's a command to report on the connections from yahoo PTR's, wraps,
sorted by ip :
awk '/smtpd.* connect from.*yahoo/ {print $8 }' /var/log/maillog | sort -f
| uniq -ic | sort -f -t\[ -k2 | less
.... which gives me this at one ISP I consult for:
1 post3.tpe.yahoo.com[202.1.237.193]
1 post4.tpe.yahoo.com[202.1.237.194]
1 web10411.mail.yahoo.com[216.136.128.125]
1 web9603.mail.yahoo.com[216.136.129.182]
1 web9607.mail.yahoo.com[216.136.129.186]
1 web21304.mail.yahoo.com[216.136.129.190]
1 web9507.mail.yahoo.com[216.136.129.21]
1 web9706.mail.yahoo.com[216.136.129.241]
1 web10507.mail.yahoo.com[216.136.130.157]
1 web10302.mail.yahoo.com[216.136.130.80]
3 e6.member.yahoo.com[216.136.131.120]
1 e10.member.yahoo.com[216.136.131.124]
4 mailer13.bulk.sc5.yahoo.com[216.136.131.144]
6 mailer14.bulk.sc5.yahoo.com[216.136.131.145]
1 web11201.mail.yahoo.com[216.136.131.171]
1 web11202.mail.yahoo.com[216.136.131.184]
1 web11206.mail.yahoo.com[216.136.131.188]
1 web11401.mail.yahoo.com[216.136.131.231]
1 web11408.mail.yahoo.com[216.136.131.238]
1 web10901.mail.yahoo.com[216.136.131.37]
1 web10903.mail.yahoo.com[216.136.131.39]
1 web10907.mail.yahoo.com[216.136.131.43]
1 web10908.mail.yahoo.com[216.136.131.44]
1 web11805.mail.yahoo.com[216.136.172.159]
1 web11807.mail.yahoo.com[216.136.172.161]
2 qmail2.bulk.yahoo.com[216.136.172.234]
2 qmail3.bulk.yahoo.com[216.136.172.243]
6 qmail6.bulk.yahoo.com[216.136.172.246]
1 web11503.mail.yahoo.com[216.136.172.35]
1 web11505.mail.yahoo.com[216.136.172.37]
1 web11507.mail.yahoo.com[216.136.172.39]
1 web12402.mail.yahoo.com[216.136.173.129]
1 mailer17.bulk.sc5.yahoo.com[216.136.173.191]
1 web12502.mail.yahoo.com[216.136.173.194]
1 web12507.mail.yahoo.com[216.136.173.199]
2 web21302.mail.yahoo.com[216.136.173.210]
1 web21310.mail.yahoo.com[216.136.173.211]
1 web14611.mail.yahoo.com[216.136.173.218]
2 web12606.mail.yahoo.com[216.136.173.229]
1 web14305.mail.yahoo.com[216.136.173.81]
1 web12201.mail.yahoo.com[216.136.173.85]
1 smtp018.mail.yahoo.com[216.136.174.115]
1 web13102.mail.yahoo.com[216.136.174.147]
1 web13004.mail.yahoo.com[216.136.174.14]
1 web13007.mail.yahoo.com[216.136.174.17]
1 web12801.mail.yahoo.com[216.136.174.36]
1 sync105.cal.yahoo.com[216.136.174.8]
1 web13609.mail.yahoo.com[216.136.174.9]
1 web13602.mail.yahoo.com[216.136.175.113]
1 web13603.mail.yahoo.com[216.136.175.114]
1 web13607.mail.yahoo.com[216.136.175.118]
1 web14008.mail.yahoo.com[216.136.175.124]
1 web13703.mail.yahoo.com[216.136.175.136]
6 web100.address.sc5.yahoo.com[216.136.175.173]
1 sync106.cal.yahoo.com[216.136.175.1]
2 mailer20.bulk.yahoo.com[216.136.175.242]
1 mailer21.bulk.yahoo.com[216.136.175.243]
1 rem102.cal.yahoo.com[216.136.175.5]
1 web13904.mail.yahoo.com[216.136.175.67]
1 web13907.mail.yahoo.com[216.136.175.70]
1 web14003.mail.yahoo.com[216.136.175.94]
1177 st-mail2.yahoo.com[216.136.224.113]
2 web14802.mail.yahoo.com[216.136.224.218]
2 web14804.mail.yahoo.com[216.136.224.220]
2 web14808.mail.yahoo.com[216.136.224.224]
2 web14311.mail.yahoo.com[216.136.224.61]
2 web14602.mail.yahoo.com[216.136.224.82]
1 st130.store.yahoo.com[216.136.225.130]
1 st131.store.yahoo.com[216.136.225.131]
1 st137.store.yahoo.com[216.136.225.137]
8 st-mail1.yahoo.com[216.136.225.204]
2 web14904.mail.yahoo.com[216.136.225.56]
1 web14907.mail.yahoo.com[216.136.225.59]
1 web20502.mail.yahoo.com[216.136.226.137]
2 web20602.mail.yahoo.com[216.136.226.158]
1 web20801.mail.yahoo.com[216.136.226.190]
1 web20805.mail.yahoo.com[216.136.226.194]
1 web20807.mail.yahoo.com[216.136.226.196]
1 web20808.mail.yahoo.com[216.136.226.197]
1 web20809.mail.yahoo.com[216.136.226.198]
1 web20909.mail.yahoo.com[216.136.226.231]
1 web20204.mail.yahoo.com[216.136.226.59]
1 web20306.mail.yahoo.com[216.136.226.87]
1 web20308.mail.yahoo.com[216.136.226.89]
1 web21101.mail.yahoo.com[216.136.227.103]
3 web21105.mail.yahoo.com[216.136.227.107]
2 web21108.mail.yahoo.com[216.136.227.110]
1 web21403.mail.yahoo.com[216.136.232.73]
1 web21409.mail.yahoo.com[216.136.232.79]
1 web21411.mail.yahoo.com[216.136.232.80]
2 adm2.pers.yahoo.com[216.145.50.193]
64 relay1.scv.yahoo.com[64.41.225.133]
1 web80003.mail.yahoo.com[66.163.168.133]
2 web80011.mail.yahoo.com[66.163.168.141]
1 smtp801.mail.sc5.yahoo.com[66.163.168.180]
1 smtp802.mail.sc5.yahoo.com[66.163.168.181]
1 smtp803.mail.sc5.yahoo.com[66.163.168.182]
2 smtp804.mail.sc5.yahoo.com[66.163.168.183]
5 smtp805.mail.sc5.yahoo.com[66.163.168.184]
2 smtp809.mail.sc5.yahoo.com[66.163.168.188]
1 web21505.mail.yahoo.com[66.163.169.16]
1 web80104.mail.yahoo.com[66.163.169.77]
1 web80105.mail.yahoo.com[66.163.169.78]
1 web80108.mail.yahoo.com[66.163.169.81]
1 web80110.mail.yahoo.com[66.163.169.83]
9 n32.grp.scd.yahoo.com[66.218.66.100]
5 n33.grp.scd.yahoo.com[66.218.66.101]
12 n34.grp.scd.yahoo.com[66.218.66.102]
8 n35.grp.scd.yahoo.com[66.218.66.103]
12 n36.grp.scd.yahoo.com[66.218.66.104]
13 n37.grp.scd.yahoo.com[66.218.66.105]
7 n38.grp.scd.yahoo.com[66.218.66.106]
10 n39.grp.scd.yahoo.com[66.218.66.107]
16 n40.grp.scd.yahoo.com[66.218.66.108]
17 n1.grp.scd.yahoo.com[66.218.66.64]
3 n10.grp.scd.yahoo.com[66.218.66.65]
13 n11.grp.scd.yahoo.com[66.218.66.66]
8 n12.grp.scd.yahoo.com[66.218.66.67]
8 n13.grp.scd.yahoo.com[66.218.66.68]
8 n14.grp.scd.yahoo.com[66.218.66.69]
7 n15.grp.scd.yahoo.com[66.218.66.70]
10 n16.grp.scd.yahoo.com[66.218.66.71]
22 n17.grp.scd.yahoo.com[66.218.66.72]
18 n18.grp.scd.yahoo.com[66.218.66.73]
7 n19.grp.scd.yahoo.com[66.218.66.74]
16 n2.grp.scd.yahoo.com[66.218.66.75]
11 n20.grp.scd.yahoo.com[66.218.66.76]
15 n21.grp.scd.yahoo.com[66.218.66.77]
13 n22.grp.scd.yahoo.com[66.218.66.78]
17 n23.grp.scd.yahoo.com[66.218.66.79]
9 n24.grp.scd.yahoo.com[66.218.66.80]
11 n25.grp.scd.yahoo.com[66.218.66.81]
20 n26.grp.scd.yahoo.com[66.218.66.82]
15 n27.grp.scd.yahoo.com[66.218.66.83]
9 n28.grp.scd.yahoo.com[66.218.66.84]
9 n29.grp.scd.yahoo.com[66.218.66.85]
9 n3.grp.scd.yahoo.com[66.218.66.86]
9 n30.grp.scd.yahoo.com[66.218.66.87]
9 n4.grp.scd.yahoo.com[66.218.66.88]
22 n5.grp.scd.yahoo.com[66.218.66.89]
10 n6.grp.scd.yahoo.com[66.218.66.90]
6 n7.grp.scd.yahoo.com[66.218.66.91]
9 n8.grp.scd.yahoo.com[66.218.66.92]
13 n9.grp.scd.yahoo.com[66.218.66.93]
16 n31.grp.scd.yahoo.com[66.218.66.99]
5 mailer10.bulk.scd.yahoo.com[66.218.69.10]
4 mailer11.bulk.scd.yahoo.com[66.218.69.11]
2 mailer12.bulk.scd.yahoo.com[66.218.69.12]
2 mailer24.bulk.scd.yahoo.com[66.218.69.15]
1 mailer26.bulk.scd.yahoo.com[66.218.69.17]
2 mailer29.bulk.scd.yahoo.com[66.218.69.20]
1 mailer32.bulk.scd.yahoo.com[66.218.69.23]
1 mailer33.bulk.scd.yahoo.com[66.218.69.24]
1 mailer34.bulk.scd.yahoo.com[66.218.69.25]
2 mailer35.bulk.scd.yahoo.com[66.218.69.26]
1 mailer36.bulk.scd.yahoo.com[66.218.69.27]
1 mailer2.bulk.scd.yahoo.com[66.218.69.2]
1 mailer7.bulk.scd.yahoo.com[66.218.69.7]
3 mailer9.bulk.scd.yahoo.com[66.218.69.9]
2 mailer89.bulk.scd.yahoo.com[66.218.72.109]
2 mailer82.bulk.scd.yahoo.com[66.218.72.122]
2 mailer84.bulk.scd.yahoo.com[66.218.72.124]
1 mailer51.bulk.scd.yahoo.com[66.218.73.33]
1 mailer53.bulk.scd.yahoo.com[66.218.73.35]
1 mailer56.bulk.scd.yahoo.com[66.218.73.38]
2 web40404.mail.yahoo.com[66.218.78.101]
1 web40506.mail.yahoo.com[66.218.78.123]
1 web40508.mail.yahoo.com[66.218.78.125]
1 web40509.mail.yahoo.com[66.218.78.126]
1 web40701.mail.yahoo.com[66.218.78.158]
1 web40704.mail.yahoo.com[66.218.78.161]
2 web40801.mail.yahoo.com[66.218.78.178]
1 web40802.mail.yahoo.com[66.218.78.179]
1 web40803.mail.yahoo.com[66.218.78.180]
1 web40811.mail.yahoo.com[66.218.78.188]
1 web40006.mail.yahoo.com[66.218.78.24]
1 web40210.mail.yahoo.com[66.218.78.71]
1 web40305.mail.yahoo.com[66.218.78.84]
2 web80202.mail.yahoo.com[66.218.79.37]
3 web80203.mail.yahoo.com[66.218.79.38]
3 web80206.mail.yahoo.com[66.218.79.41]
2 web80207.mail.yahoo.com[66.218.79.42]
2 web80208.mail.yahoo.com[66.218.79.43]
2 web80209.mail.yahoo.com[66.218.79.44]
1 mx01.hj.scd.yahoo.com[66.218.84.41]
2 mx02.hj.scd.yahoo.com[66.218.84.42]
4 mx03.hj.scd.yahoo.com[66.218.84.43]
2 mx04.hj.scd.yahoo.com[66.218.84.44]
1 mx06.hj.scd.yahoo.com[66.218.84.46]
14 mta1.wss.scd.yahoo.com[66.218.85.32]
22 mta2.wss.scd.yahoo.com[66.218.85.33]
12 mta3.wss.scd.yahoo.com[66.218.85.34]
6 mta4.wss.scd.yahoo.com[66.218.85.35]
1 web41001.mail.yahoo.com[66.218.93.0]
1 web41301.mail.yahoo.com[66.218.93.186]
2 web41105.mail.yahoo.com[66.218.93.21]
2 web41005.mail.yahoo.com[66.218.93.4]
1 web41302.mail.yahoo.com[66.218.93.51]
1 web41304.mail.yahoo.com[66.218.93.53]
1 web41307.mail.yahoo.com[66.218.93.56]
1 web41403.mail.yahoo.com[66.218.93.69]
2 web41501.mail.yahoo.com[66.218.93.84]
1 web41502.mail.yahoo.com[66.218.93.85]
1 web41503.mail.yahoo.com[66.218.93.86]
1 web41510.mail.yahoo.com[66.218.93.93]
2 web41511.mail.yahoo.com[66.218.93.94]
now, SAV is your very close friend, and SAV helps sorting out the crap from
these big, frequently forged ISPs coming from anywhere, and it even cuts
the forged spam when the mail comes from ISP ip's.
I find that SAV doesn't block yahoo groups nor @yahoo.com email, but it
does block a ton a crap their "store" customers, who are huge spammers and
forgers of from_sender addresses.
This yahoo situation is exactly the same with forged spam from Earthlink,
AOL, MSN, Hotmail, charter, rr, adephia, etc. Before SAV, you had to
whitelist their ip's when your really wanted to blacklist them due to so
much abuse, but couldn't blacklist because their was too much legit
mail. Now, with SAV, you have a much more effective, finely grained
defense. Un-whitelist all biggies, and let SAV do the defense.
I can't emphasize how huge an advance SAV is, and it's not even "official"
yet. and
If you want to add SAV, but are still a little wary of DLing postfix
source, compiling in PCRE (also highly recommended), upgrading, and doing
all the mods to be compatible with postfix 2.0 and SAV, contact me off list.
and while Wietse doesn't want SAV used for production, it works fine:
on one site:
Verified: 50482
Not verifiable: 6888
Not deliverable: 49146
on another site:
Verified: 309574
Not verifiable: 67839
Not deliverable: 100076
So it's very scaleable and stable. If the numbers get too large, Wietse
says just rm the .db once a week to keep in smaller.
Len
