Has anyone else noticed that if they get a message with:
Received: from [41.184.9.153] by web80007.mail.sp1.yahoo.com via HTTP; Sat, 06
Nov 2010 09:52:53 PDT
i.e. from the 41.0.0.0/8 CIDR block from Africa, and the transport was HTTP, to
anything ending with yahoo.com that 100% of the time it's SPAM?
I see that Plugin/HeaderEval.pm contains:
if ($rcvd =~ /by web\S+\.mail\S*\.yahoo\.com via HTTP/) { return 0; }
which is part of it. And Message/Metadata/Received.pm contains:
# Received: from [193.220.176.134] by web40310.mail.yahoo.com via HTTP;
# Wed, 12 Feb 2003 14:22:21 PST
if (/ via HTTP$/&&/^\[(${IP_ADDRESS})\] by (\S+) via HTTP$/) {
$ip = $1; $by = $2; goto enough;
}
(I note that HTTP$ seldom matches, by the way, since all of my examples have "via
HTTP;<date>" instead.)
Is it worth having an explicit rule for this?
Thanks,
-Philip
