[SpamCop.net - protecting the internet through technology]

[SC-Help] Re: SpamCop doesn't parse routing info correctly

Mike Easter MikeE at ster.invalid
Fri Apr 14 06:14:54 EDT 2006 

Tristan Miller wrote:

> Here is the version my employer received which SpamCop doesn't
> correctly parse.

> X-Original-To: spgb at worldsocialism.org
> Delivered-To: spgb at randymail-mx1.dreamhost.com

There's something about those headers I don't understand.

worldsocialism.org has MXes

  fltr-in1.mail.dreamhost.com A (Address) 66.33.206.230
  fltr-in2.mail.dreamhost.com A (Address) 66.33.206.231

... which call themselves enforcer and deathwish

So it would seem that the yahoo server should send to mail.dreamhost
[enforcer or deathwish] instead of using the btconnect.

The item goes from source 128 > mud.yahoo > btconnect > dreamhost -- 
specifically...

  Abbreviated partial Received tracelines *comment changed
  from hesl01uker.he.local (smtpout.btconnect.com [213.123.26.90]) by
enforcer.dreamhost.com *serves recipient, funky helo
  from c2bthimr02.btconnect.com ([194.73.73.202]) by hesl01uker.he.local
*serves yahoo, funky line
  from (web35715.mail.mud.yahoo.com [66.163.179.169]) by
c2bthimr02.btconnect.com *serves yahoo
  from [128.196.165.21] by web35715.mail.mud.yahoo.com *sourceline

... so the btconnect belongs to yahoo, as part of its output route;  not
the recipient as I had *commented earlier.

I don't understand why yahoo is sending to that btconnect or rather
'using' that btconnect to reach the dreamhost.

nothingisreal.com has MXes

  mx1.balanced.randy.mail.dreamhost.com. A  208.97.132.30
  mx2.balanced.randy.mail.dreamhost.com. A  208.97.132.31

In the mail which went from mud.yahoo to the nothingisreal, the headers
are as expected for randymail

  Abbreviated partial Received tracelines *comment
  from (web35715.mail.mud.yahoo.com [66.163.179.169]) by
randymail-mx2.dreamhost.com *serves you
  from [128.196.165.21] by web35715.mail.mud.yahoo.com *sourceline

source 128 > mud.yahoo > randymail-mx2.dreamhost.com

So, for worldsocialism.org I'm wondering why didn't mud.yahoo just send
to a mail.dreamhost.com [enforcer or deathwish] instead of using the
btconnect?


-- 
Mike Easter
kibitzer, not SC admin

More information about the SpamCop-Help mailing list