Yep, that's an Optimum online cable modem. They have probably become black listed for being infected with a virus.
No, the lists they were on are dialup-node lists.. not virus or blacklisting related at all.
RCVD_IN_NJABL_DIALUP, which leads to RCVD_IN_NJABL by necessity.
RCVD_IN_DYNABLOCK is hosted by sorbs now, this leads to RCVD_IN_SORBS by necessity.
The reason they false fired is likely a trust-path bug in Steve's SA config.. It's a common problem.
Many slightly-off-norm mailserver configs such as NAT really confuse SA's ability to decide where your network ends, and it starts thinking that an outside mailserver (in this case yahoo) is actually part of your network.. It sees a dialup node dropping mail off to a "trusted" host, and flags it.
A simple trusted_networks command listing only your mailservers will force SA to stop trusting anything but your own MXes and clears things up nicely. (unless of course you need to accept mail directly from dialup nodes, in which case you probably need to turn off these rules, but this isn't one of those cases)
