Discussion:
False Positives from Yahoo Groups.
Noisy Lurker
2005-02-06 17:25:28 UTC
Permalink
Thanks in advance!!

I am subscribed to a couple of Yahoo groups and getting an annoying
number of what I think are false positives. Here is but one example
(some information replaced by x's):

Return-Path:
<sentto-12814443-282-1107493022-xxx.xxxx=***@returns.groups.yahoo.com>
Delivered-To: spamcop-net-xxxxxxxxxspamcop.net
Received: (qmail 3638 invoked from network); 4 Feb 2005 04:57:03 -0000
Received: from unknown (192.168.1.101)
by blade2.cesmail.net with QMQP; 4 Feb 2005 04:57:03 -0000
Received: from mtiwmxc14.worldnet.att.net (204.127.131.124)
by mailgate.cesmail.net with SMTP; 4 Feb 2005 04:57:03 -0000
Received: from n2a.bulk.scd.yahoo.com ([66.94.237.36])
by worldnet.att.net (mtiwmxc14) with SMTP
id <2005020404570201400nqej7e>; Fri, 4 Feb 2005 04:57:02 +0000
X-Originating-IP: [66.94.237.36]
Received: from [66.218.69.2] by n2.bulk.scd.yahoo.com with NNFMP; 04 Feb
2005 04:57:02 -0000
Received: from [66.218.66.97] by mailer2.bulk.scd.yahoo.com with NNFMP;
04 Feb 2005 04:57:02 -0000
X-Yahoo-Newman-Property: groups-email
X-Sender: xxxxxxxxxxxxxxxxxx
X-Apparently-To: ***@yahoogroups.com
Received: (qmail 69558 invoked from network); 4 Feb 2005 04:57:01 -0000
Received: from unknown (66.218.66.166)
by m14.grp.scd.yahoo.com with QMQP; 4 Feb 2005 04:57:01 -0000
Received: from unknown (HELO lakermmtao05.cox.net) (68.230.240.34)
by mta5.grp.scd.yahoo.com with SMTP; 4 Feb 2005 04:57:00 -0000
Received: from [192.168.1.100] (really [70.185.82.54])
by lakermmtao05.cox.net
(InterMail vM.6.01.04.00 201-2131-117-20041022) with ESMTP
id
<20050204045659.DSDJ17924.lakermmtao05.cox.net@[192.168.1.100]>
for <***@yahoogroups.com>; Thu, 3 Feb 2005 23:56:59 -0500
Message-ID: <***@cox.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2)
Gecko/20040804 Netscape/7.2 (ax)
X-Accept-Language: en-us, en
To: ***@yahoogroups.com
References: <***@aol.com>
<***@houston.rr.com>
In-Reply-To: <***@houston.rr.com>
X-eGroups-Remote-IP: 68.230.240.34
From: "Alan R. Hayes" <xxxxxxx>
X-Yahoo-Profile: xxxxx
MIME-Version: 1.0
Mailing-List: list ***@yahoogroups.com; contact
STXARES-***@yahoogroups.com
Delivered-To: mailing list ***@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:STXARES-***@yahoogroups.com>
Date: Thu, 03 Feb 2005 22:58:02 -0600
Subject: Re: [STXARES] Re: Employees using ham license
Reply-To: ***@yahoogroups.com
Content-Type: multipart/alternative;
boundary="------------000607020706040205010401"
X-Spam-Checker-Version: SpamAssassin 3.0.0 (2004-09-13) on
blade2.cesmail.net
X-Spam-Level:
X-Spam-Status: hits=0.1 tests=HTML_30_40,HTML_MESSAGE,HTML_TITLE_EMPTY
version=3.0.0
X-SpamCop-Checked: 192.168.1.101 204.127.131.124
X-SpamCop-Disposition: Blocked bl.spamcop.net


--------------000607020706040205010401
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Jeff G.
2005-02-06 17:50:46 UTC
Permalink
Post by Noisy Lurker
Thanks in advance!!
I am subscribed to a couple of Yahoo groups and getting an annoying
number of what I think are false positives. Here is but one example
<sentto-12814443-282-1107493022-xxx.xxxx=***@returns.groups
.yahoo.com>
Post by Noisy Lurker
Delivered-To: spamcop-net-xxxxxxxxxspamcop.net
Received: (qmail 3638 invoked from network); 4 Feb 2005 04:57:03 -0000
Received: from unknown (192.168.1.101)
by blade2.cesmail.net with QMQP; 4 Feb 2005 04:57:03 -0000
Received: from mtiwmxc14.worldnet.att.net (204.127.131.124)
by mailgate.cesmail.net with SMTP; 4 Feb 2005 04:57:03 -0000
Received: from n2a.bulk.scd.yahoo.com ([66.94.237.36])
by worldnet.att.net (mtiwmxc14) with SMTP
id <2005020404570201400nqej7e>; Fri, 4 Feb 2005 04:57:02
+0000 X-Originating-IP: [66.94.237.36]
Received: from [66.218.69.2] by n2.bulk.scd.yahoo.com with NNFMP; 04
Feb 2005 04:57:02 -0000
Received: from [66.218.66.97] by mailer2.bulk.scd.yahoo.com with
NNFMP; 04 Feb 2005 04:57:02 -0000
X-Yahoo-Newman-Property: groups-email
X-Sender: xxxxxxxxxxxxxxxxxx
Received: (qmail 69558 invoked from network); 4 Feb 2005 04:57:01
-0000 Received: from unknown (66.218.66.166)
by m14.grp.scd.yahoo.com with QMQP; 4 Feb 2005 04:57:01 -0000
Received: from unknown (HELO lakermmtao05.cox.net) (68.230.240.34)
by mta5.grp.scd.yahoo.com with SMTP; 4 Feb 2005 04:57:00 -0000
Received: from [192.168.1.100] (really [70.185.82.54])
by lakermmtao05.cox.net
(InterMail vM.6.01.04.00 201-2131-117-20041022) with ESMTP
id
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2)
Gecko/20040804 Netscape/7.2 (ax)
X-Accept-Language: en-us, en
X-eGroups-Remote-IP: 68.230.240.34
From: "Alan R. Hayes" <xxxxxxx>
X-Yahoo-Profile: xxxxx
MIME-Version: 1.0
Precedence: bulk
Date: Thu, 03 Feb 2005 22:58:02 -0600
Subject: Re: [STXARES] Re: Employees using ham license
Content-Type: multipart/alternative;
boundary="------------000607020706040205010401"
X-Spam-Checker-Version: SpamAssassin 3.0.0 (2004-09-13) on
blade2.cesmail.net
X-Spam-Status: hits=0.1 tests=HTML_30_40,HTML_MESSAGE,HTML_TITLE_EMPTY
version=3.0.0
X-SpamCop-Checked: 192.168.1.101 204.127.131.124
X-SpamCop-Disposition: Blocked bl.spamcop.net
--------------000607020706040205010401
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Have you tried whitelisting
"xxx.xxxx=***@returns.groups.yahoo.com" without quotes but
with your address replacing "xxx.xxxx"?
--
Thanks and Best Regards, Jeff G.
I have been a SpamCop User/Member/Customer since 1999 and am a
Moderator of the new web-based forums (now the primary method for
getting help, http://forum.spamcop.net). Please reply via Forum, Group,
or List only.
RW
2005-02-07 05:15:33 UTC
Permalink
Post by Noisy Lurker
Thanks in advance!!
I am subscribed to a couple of Yahoo groups and getting an annoying number
of what I think are false positives. Here is but one example (some
X-SpamCop-Checked: 192.168.1.101 204.127.131.124
X-SpamCop-Disposition: Blocked bl.spamcop.net
This wasn't blocked because the Yahoo.groups server was listed, the block
occurred because 204.127.131.124 was listed. 204.127.131.124 is your
receiving server. The CESmail server checking stops when it hits an IP that
is listed in one of the bl's you have set your account to use.

The listing of 204.127.131.124 was caused by you reporting your own mail
server as the source of the spam you were reporting. SC picked the IP up as
the source because of a dns/rdns mismatch on the AT&T server. You did not
catch this and reported your server as the spam source 25 times over a few
days.

We did catch this on Friday and put the AT&T server in our trusted relay
table, so spam you have reported since then has been getting to the right
source.

Richard

Loading...