[postfix-users] Yahoo
Patrick Ben Koetter
p at sys4.de
Mo Sep 8 09:21:13 CEST 2014
* Joachim Fahrner <jf at fahrner.name>:
> Hallo,
>
> von Yahoo treffen immer wieder mal Paypal-Phishing-Mails, die alle meine
> Barrieren durchbrechen. Das DKIM nützt überhaupt nix, solange Yahoo
> seine Accounts nicht im Griff hat. Hat jemand eine Idee wie man sich
> davor schützen könnte? Bin schon am überlegen ob ich Yahoo.com nicht
> komplett sperre, ich kenne ohnehin niemanden der dort einen Account
> hätte.
Yahoo veröffentlicht eine DMARC-Policy. Setze einen DMARC-Milter ein und
die Paypal-Phishing-Mails werden rejected.
p at rick
>
> Eine Mail sieht dann z.B. so aus:
>
> Received-SPF: None (no SPF record) identity=mailfrom;
> client-ip=212.82.96.42; helo=nm19.bullet.mail.ir2.yahoo.com;
> envelope-from=heidiherrmann61 at yahoo.de; receiver=
> Received: from nm19.bullet.mail.ir2.yahoo.com
> (nm19.bullet.mail.ir2.yahoo.com [212.82.96.42]) (using TLSv1.2 with
> cipher
> ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate
> requested) by s2.fahrner.name (Postfix) with ESMTPS id 31937341FB for
> < >; Mon, 8 Sep 2014 03:48:39 +0200 (CEST)
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.de;
> s=s2048;
> t=1410140912; bh=fohSqn7ah+Rgs/1jrmXZtkgfg8tI2w7p8vDRfrOVZgM=;
> h=Received:Received:Received:DKIM-Signature:X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Date:To:From:Subject:Message-ID:X-Priority:X-Mailer:MIME-Version:Content-Type:Content-Transfer-Encoding:From:Subject;
> b=gPlh4hqnzwvav81ioJMRYdigFKwBteu9sUwCjZ3Vqmd/A+P
> +PCMEnxLlM2bANIsw/hadhb0
> +b7WTep4Jc1Xx/piuAs36s4FMIRnw3hh5Fdfxq/L5MC/ZGArIqmfHxmUA7/PHyhL6LFtdbXW5ZjUzhm3GWlDvfDlQ88BeJH5uKsyLVb6yWq5MXx/fyT1efU2MUMaeoaKukMOLDW0r3fq5PFHheJLvJZn1h5rvG1g5jQ1oSyjFb1o13dXJVu+szWL8SXKV2As3YNlMIXMKE4XtcSTaDnqiu+bUen8o44suIQ0/YdQomwSIjOzel8JAFI4aMoSWdVxzZJNnZkyUY5s/3w==
> DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s2048; d=yahoo.de;
> b=fIpxtITcfXFpBAWqCXy8VQuIA6aWTUGuOtOqILI3NJwMIlm3NXhQYAT/VmT12fgtedgXkwwnCDFbVzaJkbobNbtcJOH0Agb3ZuVJI8hqm3V6D8lTIsxmsDDUzRGmujRpRZyEKo4uE3v7WYyt9SccPJXspBcdWv0Oie8CCJe81UeNUreMxhi0EjBAxsaJue3p4reX/DpyDf5HZPhnKFstVOJucCuqedbi/NhsCrs9EJWS2LrNaGQxEnNb5RB6j2MrYAlPjOZoLWfaJqxK9qSDnWynlpugr/Aw9BSHJY9dwbfpE32i9HCbh7M9GN1lkjKlM1Tsz8vKjNEXWqQvYY3ghA==;
> Received: from [212.82.98.125] by nm19.bullet.mail.ir2.yahoo.com with
> NNFMP; 08 Sep 2014 01:48:32 -0000
> Received: from [46.228.39.112] by tm18.bullet.mail.ir2.yahoo.com with
> NNFMP; 08 Sep 2014 01:48:32 -0000
> Received: from [127.0.0.1] by smtp149.mail.ir2.yahoo.com with NNFMP; 08
> Sep
> 2014 01:48:32 -0000
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.de;
> s=s1024;
> t=1410140912; bh=fohSqn7ah+Rgs/1jrmXZtkgfg8tI2w7p8vDRfrOVZgM=;
> h=X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Date:To:From:Subject:Message-ID:X-Priority:X-Mailer:MIME-Version:Content-Type:Content-Transfer-Encoding;
> b=cIolp4JQvCNRxEroZaYxkyjCDpN1L78fvNXBqOYXkIT2B1YKIR8THvCzNPCfhHzgRGVRQ4I3qzrk6rpvvmEpVhchbORDl1RqQyGc5StugoI9LZgquWNuG0bvMWd7nhjxXy4KOOYSEEiGpVJADRM022fMg1bLEibsFoafs4BYDVQ=
> X-Yahoo-Newman-Id: 686230.27337.bm at smtp149.mail.ir2.yahoo.com
> X-Yahoo-Newman-Property: ymail-3
> X-YMail-OSG: Z5hzzScVM1k4CZiFmnVUp8U0xhEv_iErEzzRsyIoj7vYMaz
> L5K5Vf1bdAq_DgifoklGXCXlwQYJLSM.uy40FZx0mg4_7ftI1gsQSQdnNDEz
> gTMEDdjnGVRTWT3YJJQ8c45j_dGlnq_quduCC_NCbg7hJSaB47hKTfRIsQYW
> BmGCAd0GvCAUWx6ejzYzR.5ljQ3DAPqng3jzndUcStb_Jrunxv79bXz58vST
> U4LBSP2p.9HbXxiTaul2vlqbiXFzEMYuTeGxBorbWzGdCFH4CSA5_CPqjLT6
> B8hzr7QSNEfV3kIc3DcAVOv6wgF7vhQGtufykm.IfRtQhK1mjnuj3QAfltb4
> e3BjVqyZ8p2rACP7sbyWxBf1tq6kiVAIwoDL4RL1oQxhXrDeV1m1tZAlRMDu
> 7I7yP2ocezcS.72SHnuIA4l8JprTiSu3IgS5rPV1.7H3r3FQkR1DgrVTD1Up
> oegoWKi8yOfwhgC2GuIboe7Dx5N6GP8g5S28sdCANLypDi3su.uArKZM6EdU
> zsWkKSER6uteX7ONPvdFZ4EEGi5XQriI5PVeips2Ik5wC44yszus2wFSuo9h
> LUFjfc_zAiUztiFVtgV2QYiKMk9vle0Fwt5.MyFDEPci.24FFqHAzTq5Hdbf
> S8jOfUPbEKu3oO4fv2Cxcp7nvW7rhilBknJiAG8zzy75hYfHVHbGlvU0-
> X-Yahoo-SMTP: mtenCJSswBB6g9o97T6AbmtA922Ox.dU7JE.Tw--
>
> --
> Mit besten Grüßen
> Joachim Fahrner
>
>
>
> _______________________________________________
> postfix-users mailing list
> postfix-users at de.postfix.org
> http://de.postfix.org/cgi-bin/mailman/listinfo/postfix-users
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Mehr Informationen über die Mailingliste postfix-users