In the last few months my mail server has been getting massive amounts of spam from yahoo.com's mail servers. Each one appears to be from a different Yahoo mail free account.
The spam is all coming from yahoo.com servers and is DKIM verified by yahoo.com. Example:
Received: from nm2.bullet.mail.ird.yahoo.com (nm2.bullet.mail.ird.yahoo.com [77.238.189.59])
My mail server is postfix based. I'm after a solution that I can apply to postfix. I currently run mail through the Spamhaus Zen and PSBL which has up until now served me well. My spam filtering goal is to have a very low false positive rate to avoid losing any legitimate mail for the people who use my server.
None of this mail is caught by my existing UCE controls or blacklists because it is coming from Yahoo's servers and is DKIM signed. They also contain no hyperlinks in the body (except for in a base64 encoded HTML attachment). This looks like the latest way for spammers to get around spam controls - sending through Yahoo mail account so it isn't blocked and using hundreds of free accounts.
I'm one step away from just blocking all mail originating from yahoo.com at this point. They just don't seem to care about the volume of spam coming from their servers.
I'm not even sure that something like spamassassin could block this spam reliably. I deliver mail for a large number of people and really want any spam filtering to be highly tolerant so as not to block any legitimate mail.
Followup:
I have now installed Spamassassin. This yahoo-originated spam was getting around 2 or 3 points on Spamassassin, not enough to filter it, so I manually trained a few hundred of them with sa-learn (along with a couple of hundred ham).
Now these Yahoo spams are getting 4 or 5 points each, which is enough to tag them but not realistically enough to filter them outright.
So without wanting to put my server-wide threshold too low and risk false positives, my next step, I guess, will be to try to write a custom Spamassassin rule for them.
The solution I have come up with so far is to use a combination of Spamassassin and custom filter rules.
If you really seriously want to block all of yahoo, use postfix header_checks (Some very simple examples).
Something like:
That should directly drop any mail via yahoo. You can change DISCARD to REJECT if you want the other party to know, but if you're assuming they are bad, probably don't want to.