What does this Received email header line mean?

Question

I'm a little paranoid that my new mail server might not be configured right, and I'm wondering if I made a mistake somewhere. Or maybe it's just the way Yahoo does things with their mail service.

To Yahoo mail from my mail server:

Received: from 127.0.0.1  (EHLO hostname.example.com) (x.x.x.x)
  by mta1199.mail.gq1.yahoo.com with SMTP; Tue, 09 Jul 2013 13:53:55 -0700
Received: from me.atwork (c-x-x-x-x.comcast.net [x.x.x.x])
  by hostname.example.com (Postfix) with ESMTPSA id 66DB11B006B4
  for <example@yahoo.com>; Tue,  9 Jul 2013 16:53:54 -0400 (EDT)

The very first line of the Yahoo test is the one that has me confused. Why does Yahoo not know my server name like gmail does below? It seems to think it's 127.0.0.1. Is that because Yahoo isn't looking me up in DNS?

Received: from 127.0.0.1...

My gmail test got it right.

From gmail to my mail server:

Received: from hostname.example.com (hostname.example.com. [x.x.x.x])
  by mx.google.com with ESMTP id n7si14797309oep.56.2013.07.09.13.55.25
  for <example@gmail.com>;
  Tue, 09 Jul 2013 13:55:25 -0700 (PDT)
Received: from me.atwork (c-x-x-x-x.comcast.net [x.x.x.x])
  by hostname.example.com (Postfix) with ESMTPSA id 1F7F31B006B4
  for <example@gmail.com>; Tue,  9 Jul 2013 16:55:24 -0400 (EDT)

I understand that I need to read from bottom to top to see the "path" my test emails have taken to their final resting place. For the most part I get what the headers mean. I'm just confused by the 127.0.0.1 part.

Answer 1

I just sent a message to a Yahoo account and verified that the "Received:" headers look similar.

It looks, to me, like Yahoo is using some kind of proxy on their SMTP servers that is bringing the incoming connection from the Internet back on the loopback interface. I don't have an immediate guess as to why they'd be doing this. I also wouldn't be worried about it, though, if your mail is flowing properly. It's not relevant to you that they're proxying the incoming connection like this.

Answer 2

It is common to see localhost (127.0.0.1) in the received headers. This indicates that a program running locally is re-injecting the message into the mail stream. Spam filters are often run this way, although it is better to filter spam at the Internet boundary and reject the message before it has been accepted.

I often see headers with no incoming address, or a pair of received headers for the same host. Although there is a standard to be followed, it has some flexibility, and several email processing programs seem to invent or guess at the format.

I think of a few reasons your name is replaced by 127.0.0.1 in the header.

• Connection is from a proxy or relay running on the same host which doesn't add its own received header.
• Your DNS entries don't pass reverse DNS validation.
• The value 127.0.0.1 is a reply from a black or white list server.
• The value has been coded into their header template.

EDIT:

I have looked at too many Received headers, and found that some appear to be useful only to someone with access to the server that generated it. Different servers use different rules for building the header, and some allow the administrator to provide their own custom template. I generally don't trust the server to correctly to log it's own name, but find the upstream server is usually correct. Spam may have additional headers which attempt to obscure the real routing.