Hi Roberto
Finally I have a little problem again with the current release of SF and have to bother you

We have the problem, that we often get a email, always from the same sender, who send these mails to one or two users addressed in the RCPT TO: field and one or two in the CC:
Strange behaviour is, the guys in the the CC: get the mail, one of the TO: also, but mostly one in the TO: not and it's allways the same user.

I'll try to explain with the Log's:

09.14.11 04:14:28:358 -- (1932) Detected TCP Connection: 98.139.91.96
09.14.11 04:14:28:358 -- (1932) Connection from: 98.139.91.96  -  Originating country : United States
09.14.11 04:14:28:733 -- (1932) Received MAIL FROM: <marge@gemagpp.com>
09.14.11 04:14:28:920 -- (1932) Received RCPT TO: g.ahrendt@mydomain.ch
09.14.11 04:14:28:920 -- (1932) Bypassed all rules for: g.ahrendt@mydomain.ch from marge@gemagpp.com ( Whitelisted EMail Address From)
09.14.11 04:14:29:811 -- (1932) Starting queueing procedures
09.14.11 04:14:29:826 -- (1932) EMail from marge@gemagpp.com to g.ahrendt@mydomain.ch was queued. Size: 18 KB, 18432 bytes
09.14.11 04:14:29:826 -- (888) Sending email from marge@gemagpp.com to g.ahrendt@mydomain.ch --
09.14.11 04:14:34:967 -- (1932) Starting bayesian procedures
09.14.11 04:14:35:155 -- (1932) Disconnect

Looks everything just as usual, but if you have a look at the header of the email, you will recognize there is one recipient more, and the guy who get the mail is not in the TO: field how the SF log lies to me, he's in the CC

Received: from mail.mydomain.ch (172.17.36.2) by EXGEMA.myinternaldomain.ads
 (172.17.36.75) with Microsoft SMTP Server id 8.3.159.2; Wed, 14 Sep 2011
 04:14:33 +0200
Received: from 98.139.91.96 by mail.mydomain.ch (LogSat Software SMTP Server);
 Wed, 14 Sep 2011 04:14:29 +0200
Received: from [98.139.91.66] by nm26.bullet.mail.sp2.yahoo.com with NNFMP; 13
 Sep 2011 05:03:41 -0000
Received: from [98.139.91.53] by tm6.bullet.mail.sp2.yahoo.com with NNFMP; 13
 Sep 2011 05:02:41 -0000
Received: from [127.0.0.1] by omp1053.mail.sp2.yahoo.com with NNFMP; 13 Sep
 2011 05:02:41 -0000
X-Yahoo-Newman-Id: 456611.67652.bm@omp1053.mail.sp2.yahoo.com
Received: (qmail 31463 invoked from network); 13 Sep 2011 05:02:41 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1315890161; bh=9ze7KKmKWTiItY8PlW1nXxjdbK+ymnmgtbzrgAMPrqs=; h=X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Received:Return-Receipt-To:From:To:Cc:References:In-Reply-To:Subject:Date:Message-ID:MIME-Version:Content-Type:X-Priority:X-MSMail-Priority:X-Mailer:Importance:Thread-Index:Content-Language:Disposition-Notification-To; b=Tgd9HjZZ5h2CeJxXtd1k0Hd5Le6np/fTFD4KbuOrEbuIhNn7wMNL25v9Vsa11bexWDccK7IXiADPK9zysSs4rac1VU3T1UEw/fIMnvQGFFnTgzkANin+Cpy/Lu0wJjKyhsRWdUALMQzRdQtKNre5kgOUh2mH/anYS/FJCiAV5d8=
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: .t7FvOYVM1kNqXzIGYpRLGrrbszZ33UG4n0Z8Q5vOFFh5Yc
 iIfyJmOLCD5UjKXvtOwnZ4C9bKgdohLogF9caimCjI6urXYUWTRcb9UOH4bR
 qqSqS8U0-
X-Yahoo-SMTP: jDvKeMqswBDGbotT02CRMr8zDHSm8fdgTRiOZjI2
Received: from DELLMARGE (marge@86.98.89.131 with login)        by
 smtp113.biz.mail.sp1.yahoo.com with SMTP; 12 Sep 2011 22:02:36 -0700 PDT
Return-Receipt-To: "Marge" <marge@gemagpp.com>
From: Marge <marge@gemagpp.com>
To: 'Christensen Sandra' <s.christensen@mydomain.ch>     <---- never received the mail
CC: 'Ahrendt Georg' <g.ahrendt@mydomain.ch>    <---- he got the mail
References: <528B040A4679FF4BAED4DB3C6EDD32A903437B6D53@EXGEMA.myinternaldomain.ads>
In-Reply-To: <528B040A4679FF4BAED4DB3C6EDD32A903437B6D53@EXGEMA.myinternaldomain.ads>
Subject: RE: Inquiry for Discount-Powder Hoses
Date: Tue, 13 Sep 2011 09:02:29 +0400
Message-ID: <!&!AAAAAAAAAAAYAAAAAAAAAEbRgNQv/uhLgXwWpGKhvE3CgAAAEAAAAOaFe2dJyoZLur42h25gZE0BAAAAAA==@gemagpp.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_0026_01CC71F3.E0908120"
X-Priority: 1 (Highest)
X-MSMail-Priority: High
X-Mailer: Microsoft Office Outlook 12.0
Importance: High
Thread-Index: AcxQFA7Sxp3ibCibS0O+arh+hObWjQbtsCBAAAE64rAAAAeEAgAiVJSgADnlCkABJFGOkA==
Content-Language: en-us
Disposition-Notification-To: "Marge" <marge@gemagpp.com>
X-Server: LogSat Software SMTP Server
X-SF-RX-Return-Path: <marge@gemagpp.com>
X-SF-HELO-Domain: nm26.bullet.mail.sp2.yahoo.com
X-SF-Originating-IP: 98.139.91.96
X-SF-WhiteListedReason: Whitelisted EMail Address From
Return-Path: marge@gemagpp.com

Do you have any idea what happen here? It looks like this sender is always using Yahoo to forward the mail, but if one recipient is getting the mail, why the hell the second not? I have no f**king clue

Thx for any suggestions

Reagrds Wayne
 


Edited by Wayne - 15 September 2011 at 5:40am

Hi Roberto

Thx for your comments.
Of course I know that it's possible to fake the TO: headers, but in this case our customer is not doing that and is just using Outlook as mail client. So that means Yahoo is mixing up or deleting some header informations when they forward his mail and that's really strange for such a big internet company like Yahoo is. This is simply unbelievable.

The delay problem of Yahoo is beacuse we use the greylist feature. It's again just unbelievable that Yahoo is still having problems with such a old function like greylisting and still violates the RFCs.

So then we will advise our customers to not longer use yahoo anymore.

Thx Roberto

Roberto

I've checked your list with the IP's, but in all our examples the mails were sent from IP's from Yahoo server who are not in this list. So for me it's not worth to hunting always the IP's of their server.

But thx