Re: The nice thing about standards (was Re: Legit Yahoo mail servers list)

On 2/1/2017 12:56 AM, Dave Warren wrote: They publish SPF records and DKIM sign everything for competent SMTP receivers to handle in real-time, AND they publish a HTML version for humans, and yet someone still finds a reason to complain? Dave, After the initial question was raised, it took

Re: The nice thing about standards (was Re: Legit Yahoo mail servers list)

On 2017-01-30 08:06, Dianne Skoll wrote: On Mon, 30 Jan 2017 09:06:34 -0500 Rob McEwen wrote: On 1/30/2017 8:54 AM, Matus UHLAR - fantomas wrote: they do and it has been mentioned: https://help.yahoo.com/kb/SLN23997.html Cool. So Yahoo uses an HTML page that's a pain

Re: The nice thing about standards (was Re: Legit Yahoo mail servers list)

>From: Dianne Skoll   >On Mon, 30 Jan 2017 09:06:34 -0500 >Rob McEwen wrote: >> On 1/30/2017 8:54 AM, Matus UHLAR - fantomas wrote: >> > they do and it has been mentioned: >> > https://help.yahoo.com/kb/SLN23997.html >Yahoo Outbound IP

The nice thing about standards (was Re: Legit Yahoo mail servers list)

On Mon, 30 Jan 2017 09:06:34 -0500 Rob McEwen wrote: > On 1/30/2017 8:54 AM, Matus UHLAR - fantomas wrote: > > they do and it has been mentioned: > > https://help.yahoo.com/kb/SLN23997.html Cool. So Yahoo uses an HTML page that's a pain to process by computer. Microsoft

Re: Legit Yahoo mail servers list

On Mon, 30 Jan 2017 13:40:26 + David Jones wrote: > My goal in whitelisting Yahoo servers is to make sure these > messages get to MailScanner where they are not whitelisted > and are scores based more on content by Spamassassin rather > than sender reputation (DNSBLs). OK,

Re: Legit Yahoo mail servers list

On 1/30/2017 8:54 AM, Matus UHLAR - fantomas wrote: they do and it has been mentioned: https://help.yahoo.com/kb/SLN23997.html I wasn't aware of this page. If it was mentioned before in this thread, I missed it. Thanks! -- Rob McEwen

Re: Legit Yahoo mail servers list

On Mon, 30 Jan 2017 04:47:18 +0100 Reindl Harald wrote: > on postscreen level there is no SPF And that's relevant... how? You use a proper filter to do proper filtering. Regards, Dianne.

Re: Legit Yahoo mail servers list

On Sat, 28 Jan 2017 16:33:24 + David Jones wrote: [deleted] Read back through this thread. I never said their SPF record is invalid. All I said is their SPF record is not common and it makes it very hard for anyone to know what the official Yahoo outbound mail servers are.

Re: Legit Yahoo mail servers list

>From: Rob McEwen >Sent: Sunday, January 29, 2017 10:40 PM >On 1/29/2017 7:42 PM, Dianne Skoll wrote: >> On Sat, 28 Jan 2017 16:33:24 + >> David Jones wrote: >> >>> Read back through this thread. I never said their SPF record is >>> invalid. All I

Re: Legit Yahoo mail servers list

On 1/29/2017 7:42 PM, Dianne Skoll wrote: On Sat, 28 Jan 2017 16:33:24 + David Jones wrote: Read back through this thread. I never said their SPF record is invalid. All I said is their SPF record is not common and it makes it very hard for anyone to know what the official

Re: Legit Yahoo mail servers list

On Sat, 28 Jan 2017 16:33:24 + David Jones wrote: > Read back through this thread. I never said their SPF record is > invalid. All I said is their SPF record is not common and it makes it > very hard for anyone to know what the official Yahoo outbound mail > servers are.

Re: Legit Yahoo mail servers list

>From: Matus UHLAR - fantomas >> Seems to me like >>Yahoo doesn't have a good list of IPs so they took this shortcut >>which is technically legitimate but it's making up for their incompetence >>not having a handle on their mail flow. >That doesn't mean incompetence. using

Re: Legit Yahoo mail servers list

From: Matus UHLAR - fantomas Still no practical difference between using IP ranges or rdns in SPF. On 28.01.17 14:27, David Jones wrote: Most SPF records published are not like this. so... what? Seems to me like Yahoo doesn't have a good list of IPs so they took this

Re: Legit Yahoo mail servers list

>From: Matus UHLAR - fantomas >Still no practical difference between using IP ranges or rdns in SPF. Most SPF records published are not like this. Seems to me like Yahoo doesn't have a good list of IPs so they took this shortcut which is technically legitimate but it's

Re: Legit Yahoo mail servers list

Am 27.01.2017 um 17:57 schrieb David Jones: >if you have trouble to get large providers past postscreen your rbl mix >or scoring is just plain wrong >configure postscreen proper and adjust RBL scores in spamassassin to get >the rest killed, we are using the same DNSBL/DNSWL in postscreen and

Re: Legit Yahoo mail servers list

On Fri, 27 Jan 2017 22:23:55 +0100 Benny Pedersen wrote: > with use of PTR its always up2date, problem is just that none spf > testers are doing FcRDNS checked before saying spf pass Unlikely. The SPF spec says that you must do that, and most SPF libraries probably do the

Re: Legit Yahoo mail servers list

On Fri, 27 Jan 2017 22:23:55 +0100 Benny Pedersen wrote: > Dianne Skoll skrev den 2017-01-27 19:02: > > On Fri, 27 Jan 2017 12:40:16 -0500 > > Rob McEwen wrote: > > > >> While I have Yahoo sending IPs extensively covered in my whitelist, > >> I've been trying to get

Re: Legit Yahoo mail servers list

Dianne Skoll skrev den 2017-01-27 19:02: On Fri, 27 Jan 2017 12:40:16 -0500 Rob McEwen wrote: While I have Yahoo sending IPs extensively covered in my whitelist, I've been trying to get their complete official list of sending IPs for years. Yahoo might want the

Re: Legit Yahoo mail servers list

the SPF record can change too, so that makes no difference. On 27.01.17 16:57, David Jones wrote: We have to assume that a competent mail sysadmin would make that SPF record change. It has to be trusted since that's the whole point of SPF. The easy workaround is to put ptr: into the SPF

Re: Legit Yahoo mail servers list

On Fri, 27 Jan 2017 12:40:16 -0500 Rob McEwen wrote: > While I have Yahoo sending IPs extensively covered in my whitelist, > I've been trying to get their complete official list of sending IPs > for years. Yahoo might want the flexibility to change this list on a regular

Re: Legit Yahoo mail servers list

While I have Yahoo sending IPs extensively covered in my whitelist, I've been trying to get their complete official list of sending IPs for years. I'm amazed that Yahoo doesn't participate in these conversations - or that nobody ever says, "I'll ask my colleague over at Yahoo" seems very

Re: Legit Yahoo mail servers list

>the SPF record can change too, so that makes no difference. We have to assume that a competent mail sysadmin would make that SPF record change. It has to be trusted since that's the whole point of SPF. >MailScanner can still (and its SA plugin will) use the results described >above. I know

Re: Legit Yahoo mail servers list

On 26.01.17 19:53, David Jones wrote: Their SPF record can really only be evaluated by the MTA during the SMTP conversation. From: Matus UHLAR - fantomas SPF records can be perfectly parser by SA or other software at different time. On 27.01.17 12:43, David Jones

Re: Legit Yahoo mail servers list

>From: Matus UHLAR - fantomas >Sent: Thursday, January 26, 2017 2:15 PM   >On 26.01.17 19:53, David Jones wrote: >>I  understand what their SPF record means and how it works >>but what they are publishing in their SPF record is not common. >>Normally this would expand out to

Re: Legit Yahoo mail servers list

On 01/26/2017 02:53 PM, David Jones wrote: > > I understand what their SPF record means and how it works > but what they are publishing in their SPF record is not common. > Normally this would expand out to a list of IPs and CIDRs or DNS > records that can be turned into IPs that postwhite can

Re: Legit Yahoo mail servers list

On 26.01.17 19:53, David Jones wrote: I understand what their SPF record means and how it works but what they are publishing in their SPF record is not common. Normally this would expand out to a list of IPs and CIDRs or DNS records that can be turned into IPs that postwhite can use to build a

Re: Legit Yahoo mail servers list

Following up on myself: > IMO, the SPF spec should have specified that a PTR mechanism MUST be > ignored nuless FCrDNS matches. (Maybe it does... too lazy to look it > up. :)) Indeed, the SPF spec does say this. So a PTR mechanism isn't completely useless after all. Regards, Dianne.

Re: Legit Yahoo mail servers list

On Thu, 26 Jan 2017 19:53:42 + David Jones wrote: > I think they publish their SPF like this because they have no good > list of outbound mail servers themselves so they take the lazy > approach. Yahoo invented (or was one of the main inventors) of DKIM, so it could also be

Re: Legit Yahoo mail servers list

>On 01/26/2017 01:29 PM, Reindl Harald wrote: >> >> SPF_NEUTRAL will NEVER hit SPF_PASS and that's the problem with ?all >> >SPF mechanisms are evaluated in order, and each one has a result type >associated with it. The default result is "+" for "pass". Another type >of result is "?" for

Re: Legit Yahoo mail servers list

On 01/26/2017 01:29 PM, Reindl Harald wrote: > > SPF_NEUTRAL will NEVER hit SPF_PASS and that's the problem with ?all > SPF mechanisms are evaluated in order, and each one has a result type associated with it. The default result is "+" for "pass". Another type of result is "?" for "neutral."

Re: Legit Yahoo mail servers list

Michael Orlitzky skrev den 2017-01-26 19:24: The OP is looking for a way to whitelist so the "?all" is irrelevant. Does the sending IP pass the SPF check? If so, whitelist it. PTR in spf is very hard to forge treat it as ip4:0.0.0.0/0 -all yahoo do not want to reject based on spf, but still

Re: Legit Yahoo mail servers list

On 01/26/2017 12:59 PM, Reindl Harald wrote: > > > Am 26.01.2017 um 18:51 schrieb Michael Orlitzky: >> On 01/26/2017 12:22 PM, David Jones wrote: >>> ... >>> They don't publish a good SPF record so I am not able to add >>> them to my postwhite list. >>> >> >> Isn't that what their SPF record

Re: Legit Yahoo mail servers list

On 01/26/2017 12:22 PM, David Jones wrote: > Anyone know how to get a list of legit mail servers for Yahoo? > They don't publish a good SPF record so I am not able to add > them to my postwhite list. > > # dig yahoo.com txt +short > "v=spf1 redirect=_spf.mail.yahoo.com" > # dig

Legit Yahoo mail servers list

Anyone know how to get a list of legit mail servers for Yahoo? They don't publish a good SPF record so I am not able to add them to my postwhite list. # dig yahoo.com txt +short "v=spf1 redirect=_spf.mail.yahoo.com" # dig _spf.mail.yahoo.com txt +short "v=spf1 ptr:yahoo.com ptr:yahoo.net ?all"