Re: [Sare-users] painting everybody in Taiwan with the same brush
Dear sare-users Adam Katz tried to post these to your list. Please read http://article.gmane.org/gmane.mail.spam.spamassassin.general/126545 http://article.gmane.org/gmane.mail.spam.spamassassin.general/126547 However, as in http://article.gmane.org/gmane.mail.spam.spamassassin.general/126330 > "MN" == Matija Nalis writes: MN> Despite they seemed quite dead for the last several years, at least MN> one of the SARE Ninjas (or their associate with privileges enough) MN> is not only alive but had heard your plea, and tried to help you on MN> 28-Jan-2010 by putting: MN> score SARE_RECV_SPAM_DOMN0b0.0 MN> it the 70_sare_header1.cf ruleset. MN> However, that probably would not work too good, because: MN> - they did not seem to update 70_sare_header1.cf.sig digital signature, MN> so automatic update would probably fail even if someone manged to pulled it. MN> - the "Modified" and the "#@@#" history on the top of the Ruleset are not MN> updated (they should be) MN> - the autoupdater (maybe because of previous error(s) ?) does not seem to pull MN> that change - my sa-update says: MN> [1016] dbg: channel: attempting channel 70_sare_header1.cf.sare.sa-update.dostech.net MN> [1016] dbg: channel: update directory /var/lib/spamassassin/3.002005/70_sare_header1_cf_sare_sa-update_dostech_net MN> [1016] dbg: channel: channel cf file /var/lib/spamassassin/3.002005/70_sare_header1_cf_sare_sa-update_dostech_net.cf MN> [1016] dbg: channel: channel pre file /var/lib/spamassassin/3.002005/70_sare_header1_cf_sare_sa-update_dostech_net.pre MN> [1016] dbg: channel: metadata version = 200605212000 MN> [1016] dbg: dns: 5.2.3.70_sare_header1.cf.sare.sa-update.dostech.net => 200605212000, parsed as 200605212000 MN> [1016] dbg: channel: current version is 200605212000, new version is 200605212000, skipping channel MN> Hopefully someone can fix that issues also
Re: [Sare-users] painting everybody in Taiwan with the same brush
Adam Katz wrote:
> header SARE_RECV_SPAM_DOMN0B X-Spam-Relays-External =~
> /^[^\]]+ rdns=[^ ]{0,25}\bdynamic.hinet\.net /
Minor bugfix that doesn't affect my findings: That second range
should have prohibited both space and right-square-bracket. Because
there is more than 25 characters of buffer before the next entry, this
shouldn't matter, but here's the corrected version just to be safe:
header SARE_RECV_SPAM_DOMN0B X-Spam-Relays-External =~
/^[^\]]+ rdns=[^\] ]{0,25}\bdynamic.hinet\.net /
I'll leave the corrected version in my sandbox for a little longer so
as to double-check my fix, but I'm done sending emails on this topic
unless there's another problem. Take it or leave it.
Re: [Sare-users] painting everybody in Taiwan with the same brush
Note, I am not on the SARE list. This message is more directed at the
SARE developers and thus that list. It copies the SA users list.
I wrote:
>>> This rule is poorly written as it does not limit its examination
>>> to the last external relay.
LuKreme responded:
>> The rule quite specifically does not look at the top received
>> header because all the spammers were using US based relays to avoid
>> checks like the one you suggested.
I believed otherwise and stated as much:
> Then that is unfair discrimination, blocking all of a major ISP's
> customers' traffic. I suspect the rule instead pre-dates either the
> creation of the X-Spam-Relays-External pseudo-header or the author(s)'
> familiarity with it.
I created some tests for this hypothesis and entered them into my
sandbox for masscheck data. Results are in: Spammers do not send
mail from HINET zombies in through US based relays.
My tests compared two versions of my rule (suffixed 2 and 3) versus
the original: http://ruleqa.spamassassin.org/?rule=%2FSARE
SPAM% HAM% S/ORANK SCORE NAME
0.4481 0.0019 0.9960.810.01 T_SARE_RECV_SPAM_DOMN0B2
0.4481 0.0019 0.9960.810.01 T_SARE_RECV_SPAM_DOMN0B3
0.4511 0.0045 0.9900.810.01 T_SARE_RECV_SPAM_DOMN0B
This proves that the SARE rule is unnecessarily broad, catching a
negligible excess in spam and ham. Rules #2 and #3 performed exactly
the same, confirming my unvoiced suspicion that the rule was checking
against too broad a domain list.
The 6 ham my tests hit were already scored by the system between 13-17
points (holy crap!) while 8 hams matching the original test scored 3
or lower and the same 6 hams as my tests(!) hit the 13-17 score range.
Looking at spam scoring under 10, my tests missed 12 spams that the
original caught (of 34 missed spams overall).
Therefore, it is worthwhile to migrate to the more conservative rule
(my #3):
header SARE_RECV_SPAM_DOMN0B X-Spam-Relays-External =~
/^[^\]]+ rdns=[^ ]{0,25}\bdynamic.hinet\.net /
HOWEVER:
Perhaps more important to note is the overlap. Here's the data (all
versions had identical results), truncated to wrap; second percent is
the percent of the other rule's hits that overlap this rule's hits:
> overlap spam: 100% of [this] also hit RAZOR2_CF_RANGE_51_100; 0%
> overlap spam: 100% of [this] also hit RAZOR2_CF_RANGE_E4_51_100; 0%
> overlap spam: 100% of [this] also hit RAZOR2_CHECK; 0%
> overlap spam: 100% of [this] also hit RCVD_IN_PBL; 1%
> overlap spam: 100% of [this] also hit RDNS_DYNAMIC; 1%
RDNS_DYNAMIC is a meta rule triggered by these:
> overlap spam: 100% of [this] also hit __RDNS_DYNAMIC_IPADDR; 0%
> overlap spam: 100% of [this] also hit __RDNS_INDICATOR_DYN; 10%
On SA 3.2.5, that's 0.5 + 1.5 + 0.5 + 0.509 + 0.1 = 3.109
On SA 3.3.0, that's 0.5 + 0.642 + 0.922 + 3.335 + 0.982 = 6.381
(Without network tests, SA-3.2.5 scores that 0.1 while SA-3.3.0 scores
it at 1.663 (with bayes on) or 2.639. The above stanza used the more
pessimistic sum and would be higher with bayes on SA-3.2.5 and higher
without bayes on SA-3.3.0.)
Don't forget that 90+% of the hits on svn-trunk had at least four more
points than the ones I just added up from the 100% overlap.
Now add the original rule's 1.666 points. Even the *minimum* scores
of 4.775 and 8.047 are hard to swallow for HINET customers who may not
have a choice of vendors. By using an external smarthost, Jidanni was
able to bypass all but SARE's 1.666 points. Since my version only
examines the last-external relay, it would be bypassed by a clean
smarthost too.
This should pretty clearly illustrate that the last two versions of
spamassassin don't benefit from this rule at all. For those convinced
there is merit for this rule on legacy SA versions, I suggest my
rewrite as it removes more than half the false positives.
The fact that 70_sare_header1.cf is chock-full of rules like this
should stand as a good warning to anybody considering any of the SARE
channels numbered 1+ for increased risk (as marked when they were
still actively maintained!).
Re: The ninjas have left the building (was Re: [Sare-users] painting everybody in Taiwan with the same brush)
Hi! Also note that SARE Ninjas are long gone - see main page http://www.rulesemporium.com/. So nobody could fix those rules even if they thought it was a good idea (and at least some people are not convinced it is a bad idea); and even if the rules could be fixed, still at least half the world would *never* update them to new versions. So you would still get blocked, only perhaps a little less. That is just a fact (based on extensive mailadmin experience), so trust me on that. Please only talk for yourselve, and do not make assumtptions that you cannot make. They SA Y2010 'bug' was also inside SARE and we fixed it there also. Same for some other rules, but we only fix the really really needed things. actively maintained spamassassin rulesets that publish an sa-update channel? As I understand it, as soon as rules are published, some of the senders of unsolicited messages immediately change their behavior to defeat or bypass the rules, so publishing them is somewhat counterproductive. Correct. And the assumtion SARE is dead is wrong also. There are many people from SARE submitting rules in the SA update channels. And indeed as soon as rules are published they become worthless for many of us. And thats the main reason some of the SARE people do make rules, for a smaller audience, and not publish them on the public SARE page anymore. Bye, Raymond.
Re: The ninjas have left the building (was Re: [Sare-users] painting everybody in Taiwan with the same brush)
On Friday, January 29, 2010, 12:27:59 PM, Marc Sherman wrote: > Matija Nalis wrote: >> >> Also note that SARE Ninjas are long gone - see main page >> http://www.rulesemporium.com/. So nobody could fix those rules even if they >> thought it was a good idea (and at least some people are not convinced it is >> a bad idea); and even if the rules could be fixed, still at least half the >> world would *never* update them to new versions. So you would still get >> blocked, only perhaps a little less. That is just a fact (based on extensive >> mailadmin experience), so trust me on that. > Thanks for pointing that out, I didn't know that they'd officially > thrown in the towel (though it's pretty clear to anyone who watches > update traffic on the rule sets). > Are there any other resources out there for reasonably useful and > actively maintained spamassassin rulesets that publish an sa-update channel? > - Marc As I understand it, as soon as rules are published, some of the senders of unsolicited messages immediately change their behavior to defeat or bypass the rules, so publishing them is somewhat counterproductive. Cheers, Jeff C. -- Jeff Chan mailto:je...@surbl.org http://www.surbl.org/
The ninjas have left the building (was Re: [Sare-users] painting everybody in Taiwan with the same brush)
Matija Nalis wrote: Also note that SARE Ninjas are long gone - see main page http://www.rulesemporium.com/. So nobody could fix those rules even if they thought it was a good idea (and at least some people are not convinced it is a bad idea); and even if the rules could be fixed, still at least half the world would *never* update them to new versions. So you would still get blocked, only perhaps a little less. That is just a fact (based on extensive mailadmin experience), so trust me on that. Thanks for pointing that out, I didn't know that they'd officially thrown in the towel (though it's pretty clear to anyone who watches update traffic on the rule sets). Are there any other resources out there for reasonably useful and actively maintained spamassassin rulesets that publish an sa-update channel? - Marc
Re: [Sare-users] painting everybody in Taiwan with the same brush
Firstly, the instructions for reading this e-mail: please read it whole, and understand that (although it may sound harsh at places) I am actually trying to help you. Only then reply (if needed). It is also somewhat long, but it does contain some technical info (and not only my rants :) Thanks. On Thu, Jan 28, 2010 at 09:34:46AM +0800, jida...@jidanni.org wrote: > Long ago, I tried mailing directly direct-to-mx style, but that of > course didn't work, e.g., http://www.spamhaus.org/pbl/query/PBL109625 > So only 5% of my mail got through. > > So then I tried mailing through The ISP Here, Hinet.Net's SMTP server, > but of course Hinet.Net has a bad name. So only 50% of my mail got through. Yeah, well, there is this thing about SMTP... It haven't really work correctly for at least last 10 years. It's doomed protocol. Nothing can save it nowadays. It is taken from granted that some percentage of *anyone's* e-mail is going to be lost and never reach its destination. That percentage might be lower or higher, depending on many factors, most prominent of which is luck. It's too bad, it was a nice and happy and simple (hence the name) protocol before spammers got it and pretty much destroyed it. Ok, now that we've got THAT part over with, we can get down to the point how to minimize the pain you *will* suffer by using SMTP if you decide to continue using it. > So, upon people like you guy's recommendation, I (asked my mom to buy) > me a dreamhost.com account. Does it work better then 50% you got with HInet.Net SMTP ? If so, then it is great - you've got better deal then before, right ? Maybe you wanted even better, but hay... nothing is perfect, remember. If it however works worse with dreamhost than before with Hinet.Net SMTP server, than it was wasted money. That is sad, but such things happen all the time too, you pay for something only to find out it was not a good deal for you. One thing to note - you (or anybody else) will never *ever* get it so that 100% of your mail always reaches the other side. Those days when such a thing was possible (no matter in what country the mail originated) are long gone -- and even before spam and all the antispam measures, mail did get lost occasionally. Nowadays, it is quite everyday that some mails gets lost. It is considered acceptable collateral damage in full-fledged war to protect mailboxes from spam. > However I can't shake off the Original Sin of Being in Taiwan. All > people with Taiwan Colored Skin will have points deducted, no matter Knock it off with that "you're all wanna-be racists" stuff, will you please? It is clear that racism has absolutely nothing to do with your problems, and you are just insulting people who are trying to help you. Furthermore, people on this list who are replying to you are (in great majority at least) just users of the rules, they did not write them - the SARE Ninjas did. So even if your intent *is* to insult people who wrote rules which are making you problems (which I hope it is not), you're insulting the wrong people. You've come to this mailing list (presumably) to ask people to invest their time to help *you*, something they have no obligation to. At least you could try to be polite to them (of course nobody can *make you*, but it will just lower your chances of getting help). Also note that SARE Ninjas are long gone - see main page http://www.rulesemporium.com/. So nobody could fix those rules even if they thought it was a good idea (and at least some people are not convinced it is a bad idea); and even if the rules could be fixed, still at least half the world would *never* update them to new versions. So you would still get blocked, only perhaps a little less. That is just a fact (based on extensive mailadmin experience), so trust me on that. Also please note that even when SARE Ninjas were here, they did not write those rules because they were racists that hated Taiwanese people - they wrote them them because they were effective (see below for technical info). > what. We use the Telephone Company's ISP. Yup. And somebody once decided that mail coming from your Telephone Company's ISP (and other places) is mostly spam. The last updates and test done in that rules file are from 2006, though, so it may have changed since. Here is the technical data (note: I'm not a SARE Ninja and never was, but I can read most rules and have written quite a few of my own): http://www.rulesemporium.com/rules.htm lists the problematic 70_sare_header1.cf rule with following comments: "the 70_sare_header1.cf ruleset contains rules which do (or in the past have) hit ham during SARE mass-check tests. The S/O calculated by SA's hit-frequencies scripts are all at or above 0.900. This file also contains rules which hit only spam, but fewer than 10 spam in our mass-check tests. Systems which are highly sensitive to false positives and/or tight on resources may want to exclude this ruleset, pick and choose among its rules, or lower thei
Re: painting everybody in Taiwan with the same brush
LuKreme wrote:
> I get hundreds and hundreds of spam attempts from dynamic.hinet.net
>
> $ bzgrep dynamic.hinet.net /var/log/maillog.?.bz2 | grep -i reject |wc -l
> 8939
>
> That's in 10 days. Nearly 900 times a day.
Thank you LuKreme, you have proven my point.
I have a good number too, though it only equates to 0.10% of my
incoming rejected messages (looking at my logs, that number was
definitely lowered by greylisting and greet-pause as those fail to
return or just time out).
ALL of those would all have been caught by my revision of the rule
(maillog files only include the connecting server) while Jidanni's
message (which passed through a different connecting server) would not
have had an issue.
Maybe I'll throw my revised rule into masscheck to see how it does. I
suspect, based on the fact that I'm already killing most if not all of
them without using 70_sare_headers1.cf, that it's not worthwhile.
> And that doesn't count all the forged from addresses claiming to be
> from some user @{something}.hinet.net
Those aren't covered by any form of the SARE rule in question.
Re: [sa] Re: painting everybody in Taiwan with the same brush
On Fri, 29 Jan 2010, Bowie Bailey wrote: Take another look. The original line must contain 'reject', but the output is not the entire line. Awk. (as an exclamation) :) - C
Re: painting everybody in Taiwan with the same brush
On 29-Jan-2010, at 07:20, Charles Gregory wrote: > > * Strictly for fun. Cuz I'm a geek and can't resist.. > > The code you post could not produce the output shown. Yes it could because it DID > There is no 'reject' in the line 'Relay access denied'. (big wide grin) Jan 28 14:12:58 mail postfix/smtpd[81883]: NOQUEUE: reject: RCPT from 118-160-240-139.dynamic.hinet.net[118.160.240.139]: 554 5.7.1 : Relay access denied; from= to= proto=SMTP helo= Really? Are you Really sure about that? Care to try again? -- And now, the rest of the story
Re: painting everybody in Taiwan with the same brush
Charles Gregory wrote:
> On Thu, 28 Jan 2010, LuKreme wrote:
>> $ bzgrep dynamic.hinet.net /var/log/maillog.?.bz2 |\
>>>grep -i reject |\
>>>awk -F: {'print $9'} |\
>>>awk -F';' {'print $1'} |\
>>>sort -u
>> Client host rejected
>> Helo command rejected
>> Recipient address rejected
>> Relay access denied
>> Sender address rejected
>>
>> The usual array of spammer errors.
> * Strictly for fun. Cuz I'm a geek and can't resist..
>
> The code you post could not produce the output shown.
> There is no 'reject' in the line 'Relay access denied'. (big wide grin)
>
> No argument about the intended *point* of the output. :)
Take another look. The original line must contain 'reject', but the
output is not the entire line.
--
Bowie
Re: painting everybody in Taiwan with the same brush
* Strictly for fun. Cuz I'm a geek and can't resist..
The code you post could not produce the output shown.
There is no 'reject' in the line 'Relay access denied'. (big wide grin)
No argument about the intended *point* of the output. :)
- C
On Thu, 28 Jan 2010, LuKreme wrote:
$ bzgrep dynamic.hinet.net /var/log/maillog.?.bz2 |\
grep -i reject |\
awk -F: {'print $9'} |\
awk -F';' {'print $1'} |\
sort -u
Client host rejected
Helo command rejected
Recipient address rejected
Relay access denied
Sender address rejected
The usual array of spammer errors.
--
'Tell me, sir Samuel, do you know the phrase "Quis custodiet isos custodes?"? (...) It
means "Who guards the guards themselves?" (...) Who watches the Watch?' --Feet of Clay
Re: [Sare-users] painting everybody in Taiwan with the same brush
please stop spamming this list with this any longer, thanks. If you have grieve take it up with the folks how are responsible, that is the folks *using* the rules and *making* the rules. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com
Re: [Sare-users] painting everybody in Taiwan with the same brush
Anyway, what you are doing here is penalizing all users of that company's copper wires. No amount of monopoly breakup legislation will do any good if you penalize based on the wrong part of the physical infrastructure. http://en.wikipedia.org/wiki/Common_carrier http://en.wikipedia.org/wiki/Network_neutrality > The rule is buggy -- it's looking at all the > received headers, even the ones before the relay. Therefore you want to score on who is handing their SMTP etc. Not on who provides the copper wires to their house... rating on that part of the infrastructure will spoil your results.
Re: painting everybody in Taiwan with the same brush
On 28-Jan-2010, at 11:59, Adam Katz wrote:
>
> SpamCop sister-site SenderBase seems to indicate at
> http://www.senderbase.org/senderbase_queries/detaildomain?search_string=hinet.net
> that there isn't much traffic coming from IPs whose rDNS contain
> 'dynamic.hinet.net' anyway, so it appears they've cleaned up.
I get hundreds and hundreds of spam attempts from dynamic.hinet.net
$ bzgrep dynamic.hinet.net /var/log/maillog.?.bz2 | grep -i reject |wc -l
8939
That's in 10 days. Nearly 900 times a day.
And that doesn't count all the forged from addresses claiming to be from some
user @{something}.hinet.net
$ bzgrep dynamic.hinet.net /var/log/maillog.?.bz2 |\
>grep -i reject |\
>awk -F: {'print $9'} |\
>awk -F';' {'print $1'} |\
>sort -u
Client host rejected
Helo command rejected
Recipient address rejected
Relay access denied
Sender address rejected
The usual array of spammer errors.
--
'Tell me, sir Samuel, do you know the phrase "Quis custodiet isos custodes?"?
(...) It means "Who guards the guards themselves?" (...) Who watches the
Watch?' --Feet of Clay
Re: painting everybody in Taiwan with the same brush
From: "Charles Gregory"
Sent: Thursday, 2010/January/28 08:08
Personally, I find racist analogies childish, and in fact, a little
offensive. But, that aside, I don't suppose it has occurred to you that
the bulk of spam coming from Taiwan may be originating with businesses in
the USA? The 'sin' of hinet is not that they live in a country that is
necessarily full of evil people who can't wait to spam, but that hinet
itself operates a 'spammer friendly' service. Hinet could be *anywhere* in
the world, and its IP block would get that reputation. Your bad luck they
are in your country, and (apparently) your only option for an internet
connection. Again, the correct path to take, and I think I suggested this
already, is to contact your government and get them to pressure hinet to
clean up their act.
I'm with you there, Charles. "Racist" is so often misapplied these days
as a simple "educated class" form of swearing that I've taken it to mean,
"You dirty so-and-so, you apply good sense. That's not allowed!"
{^_-} That's why "racist" has no sting when applied to me.
Re: painting everybody in Taiwan with the same brush
From: "Adam Katz"
Sent: Thursday, 2010/January/28 10:59
LuKreme wrote:
On 28-Jan-2010, at 09:23, Adam Katz wrote:
This rule is poorly written as it does not limit its examination
to the last external relay.
The rule quite specifically does not look at the top received
header because all the spammers were using US based relays to avoid
checks like the one you suggested.
Then that is unfair discrimination, blocking all of a major ISP's
customers' traffic. I suspect the rule instead pre-dates either the
creation of the X-Spam-Relays-External pseudo-header or the author(s)'
familiarity with it.
See also http://en.wikipedia.org/wiki/HINET -- specifically footnote
four, which states they were at the top of SpamCop's reported sender
list in 2008. Neither hinet nor chunghwa are currently on the list.
SpamCop sister-site SenderBase seems to indicate at
http://www.senderbase.org/senderbase_queries/detaildomain?search_string=hinet.net
that there isn't much traffic coming from IPs whose rDNS contain
'dynamic.hinet.net' anyway, so it appears they've cleaned up.
I side with the complainer on this one. The rule is too broad, and,
like most SARE rules, it is probably stale.
This should act as another reminder that the SARE rules are old and no
longer maintained, and should not be deployed without careful
consideration. This rule came from a *1.cf file. I strongly
discourage using SARE's *[1-9].cf files as they are even documented as
being riskier even back when they were maintained.
Adam, "not here" applies. A hinet spam caught my eye in yesterday's
spam batch. So, the rule stands. The rule setup I have seems to let
legitimate list based mail get through, when the list is clean. I don't
have time to sort through my overly large inbasket for spam just so
somebody I don't know in Taiwan can send me email I don't want - ah,
isn't that spamming me?
One man's spam is another man's ham. Use SARE rules intelligently. Modify
them intelligently. It really helps to apply brain rather than whine.
{^_^}
Re: painting everybody in Taiwan with the same brush
On Thu, 2010-01-28 at 13:59 -0500, Adam Katz wrote: > SpamCop sister-site SenderBase seems to indicate at > http://www.senderbase.org/senderbase_queries/detaildomain?search_string=hinet.net > that there isn't much traffic coming from IPs whose rDNS contain > 'dynamic.hinet.net' anyway, so it appears they've cleaned up. I see hundreds and hundreds of these a day here, though we deny access to all dynamic looking hostmarks via mitler-regex rules on the MTA's as well as outright deny no rDNS, so spam from them is in fact non existent. > I side with the complainer on this one. The rule is too broad, and, > like most SARE rules, it is probably stale. In its day, it was a very welcome rule, because as pointed out, spammers do have brains and know how to relay through "seemingly trusted hosts". I also know as many sys admins who outright block all of hinet in access file's, It is a decision I don't agree with, but each network must make its own decision based upon their own requirements.
Re: [Sare-users] painting everybody in Taiwan with the same brush
On 28.01.10 07:13, jd wrote: > What spam is being sent through hinet's smtp servers? hard to say, however the rule in subject doesn't mention their smtp servers... > I have yet to see any connections from their mail servers. Every > connection so far has always been from subscribers' boxes trying to get me > to relay mail or trying invalid addys. What does that have to do with > hinet's mail servers? > > It seems to me that the hinet rule is just an half-assed catch-all > written by someone who couldn't be bothered to refine it to catch only > the dynamic IPs, which is, according to mail gurus, really bad form. precisely, go and bug him. no, we (this list) are not "him". -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "Where do you want to go to die?" [Microsoft]
Re: painting everybody in Taiwan with the same brush
LuKreme wrote: > On 28-Jan-2010, at 09:23, Adam Katz wrote: >> This rule is poorly written as it does not limit its examination >> to the last external relay. > > The rule quite specifically does not look at the top received > header because all the spammers were using US based relays to avoid > checks like the one you suggested. Then that is unfair discrimination, blocking all of a major ISP's customers' traffic. I suspect the rule instead pre-dates either the creation of the X-Spam-Relays-External pseudo-header or the author(s)' familiarity with it. See also http://en.wikipedia.org/wiki/HINET -- specifically footnote four, which states they were at the top of SpamCop's reported sender list in 2008. Neither hinet nor chunghwa are currently on the list. SpamCop sister-site SenderBase seems to indicate at http://www.senderbase.org/senderbase_queries/detaildomain?search_string=hinet.net that there isn't much traffic coming from IPs whose rDNS contain 'dynamic.hinet.net' anyway, so it appears they've cleaned up. I side with the complainer on this one. The rule is too broad, and, like most SARE rules, it is probably stale. This should act as another reminder that the SARE rules are old and no longer maintained, and should not be deployed without careful consideration. This rule came from a *1.cf file. I strongly discourage using SARE's *[1-9].cf files as they are even documented as being riskier even back when they were maintained.
Re: painting everybody in Taiwan with the same brush
On 28-Jan-2010, at 09:23, Adam Katz wrote: This rule is poorly written as it does not limit its examination to > > the last external relay. Were SARE accepting revisions (and assuming > I've read the intent right), it should be reworked so as to be defined > as (be wary of mail agent rewrapping): The rule quite specifically does not look at the top received header because all the spammers were using US based relays to avoid checks like the one you suggested. -- I WILL NOT BARF UNLESS I'M SICK Bart chalkboard Ep. 8F15
Re: painting everybody in Taiwan with the same brush
Charles Gregory wrote on Thu, 28 Jan 2010 11:08:24 -0500 (EST): > Firstly, let's all acknowledge that the OP cross-posted to/from the SARE > mailing list, and continues to do so. He should not have done this and most of us probably didn't notice it. He should just stop doing so and stay on the SARE list. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com
Re: [Sare-users] painting everybody in Taiwan with the same brush
On 1/28/2010 5:23 PM, Adam Katz wrote:
However, as you noted earlier:
It's all because
http://www.rulesemporium.com/rules/70_sare_header1.cf
header SARE_RECV_SPAM_DOMN0b Received =~
/\bdynamic.hinet\.(?:com|net|org|info)/
describe SARE_RECV_SPAM_DOMN0b Email passed through apparent spammer domain
scoreSARE_RECV_SPAM_DOMN0b 1.666
This rule is poorly written as it does not limit its examination to
the last external relay. Were SARE accepting revisions (and assuming
I've read the intent right), it should be reworked so as to be defined
as (be wary of mail agent rewrapping):
header SARE_RECV_SPAM_DOMN0b X-Spam-Relays-External =~ /&[^\]]+
rdns=[^ ]{0,25}\bdynamic.hinet\.(?:com|net|org|info)(?:\.tw)? /
the rule has been scored 0.0
It can be replaced by a SA rule if desired.
Re: [SA] [Sare-users] painting everybody in Taiwan with the same brush
Adam Katz wrote:
> This rule is poorly written as it does not limit its examination to
> the last external relay. Were SARE accepting revisions (and assuming
> I've read the intent right), it should be reworked so as to be defined
> as (be wary of mail agent rewrapping):
>
> header SARE_RECV_SPAM_DOMN0b X-Spam-Relays-External =~ /&[^\]]+
> rdns=[^ ]{0,25}\bdynamic.hinet\.(?:com|net|org|info)(?:\.tw)? /
Also be wary of typos. Let's try this instead:
header SARE_RECV_SPAM_DOMN0b X-Spam-Relays-External =~ /^[^\]]+
rdns=[^ ]{0,25}\bdynamic.hinet\.(?:com|net|org|info)(?:\.tw)? /
There should be one space before "rdns=" that probably wraps in the email.
Re: [Sare-users] painting everybody in Taiwan with the same brush
Michael Scheidell wrote: > which in itself has a bunged up RDNS . > > Received: from [208.97.132.207] (HELO homiemail-a7.g.dreamhost.com) > (208.97.132.207) > > > host 208.97.132.207 > 207.132.97.208.in-addr.arpa domain name pointer caiajhbdccah.dreamhost.com. > if you don't follow the RFC's, you have no reason to complain if people > who DO follow the RFC's block your email. 207.132.97.208.in-addr.arpa. 14400 IN PTR caiajhbdccah.dreamhost.com. caiajhbdccah.dreamhost.com. 14310 INA 208.97.132.207 Just for the record, it looks like the reverse DNS is fine. I can only assume you were comparing against the HELO, and there's no need for that to match the PTR record. Francis
Re: [Sare-users] painting everybody in Taiwan with the same brush
jida...@jidanni.org wrote:
> You guys are doing something wrong. Maybe you think that every
> country is like the USA or something. You blew it. Your rules are
> wrong.
>
> MM> It may not be your fault you're using an ISP which is known to
> MM> generate spam [...] you need to complain to the ISP.
>
> at the first chance my mail gets, it leaves those wires and heads
> for the smarthost in the USA in order to cleanse its sins of having
> come from an unfamiliar country.
So you acknowledge that it's a problem and try to work around it.
Proper use of that US-based smarthost should actually remove this
problem entirely (since all of the dynamic-rDNS detectors examine only
the last-external relay, which should be that smarthost).
However, as you noted earlier:
> It's all because
> http://www.rulesemporium.com/rules/70_sare_header1.cf
> header SARE_RECV_SPAM_DOMN0b Received =~
> /\bdynamic.hinet\.(?:com|net|org|info)/
> describe SARE_RECV_SPAM_DOMN0b Email passed through apparent spammer domain
> scoreSARE_RECV_SPAM_DOMN0b 1.666
This rule is poorly written as it does not limit its examination to
the last external relay. Were SARE accepting revisions (and assuming
I've read the intent right), it should be reworked so as to be defined
as (be wary of mail agent rewrapping):
header SARE_RECV_SPAM_DOMN0b X-Spam-Relays-External =~ /&[^\]]+
rdns=[^ ]{0,25}\bdynamic.hinet\.(?:com|net|org|info)(?:\.tw)? /
The above revision to the rule would ensure that anybody using a
smarthost to leave the Hinet network, or (almost certainly) using the
SMTP hosts provided by Hinet. The MX record for hinet.net has proper
FCrDNS as netnews.hinet.net, which does not trigger my update to the
rule, so presumably neither does the SMTP server they provide (which
may be the same). ... though as you noted, you're not using this SMTP
server (which wouldn't have helped due to the flawed implementation).
> once you are a Negro you are always a Negro or something. Please
> fix your rules. You are demanding one use certain physical carriers
> irrespective of ISP.
That kind of language will not be tolerated. Please look it up to
read just how offensive it actually is; this goes beyond your choice
of words to the entirety of your sentence, whose harshness harkens a
statement of oppression and segregation that battle the very core of
civil rights. You also appear to be lumping all Americans into that
statement and all users on these lists into "Americans," further
promoting your ignorance.
Yes, we are prejudiced against dynamic-looking rDNS entries. The
rules involved (at the SpamAssassin project as I cannot speak to the
SARE rules) are all carefully written so as to ensure that only direct
mail-to-mx messages trigger them. If you fall into that category (you
do not, though you did at one point), the only solution is to request
your ISP change your IP's PTR record (rDNS).
The issue at heart is a bug in the SARE rule SARE_RECV_SPAM_DOMN0b. I
have proposed a fix. The ball is in SARE's court.
Let's finish this with a civil tongue.
Re: painting everybody in Taiwan with the same brush
On Thu, 28 Jan 2010, jida...@jidanni.org wrote: You guys are doing something wrong. Firstly, let's all acknowledge that the OP cross-posted to/from the SARE mailing list, and continues to do so. Yes, there is no one on the main SA list that is responsible for the rule, but that being said, we can still comment on some of the arguments made... Maybe you think that every country is like the USA or something. No, actually this is the exact opposite of your problem. You are complaining that the writer of the hinet rule thought that Taiwan was very *different* from the USA. You blew it. Your rules are wrong. Not *my* rule, but just the same, it is not 'wrong'. It appplies a modest *score* in keeping with two distinct facts: 1) Your IP has a reverse DNS clearly marked as DYNAMIC (something you could correct with your provider) 2) Your provider (apparently) has a reputation for not removing spammers and/or infected botnet machines. Now to be fair, that rule is *very* liberal. Normally the originating IP is not considered for blacklist rules. That is why, even thought your hinet dynamic IP appears in your mail to this list, it triggers none of the default rules. But to be equally fair, spammers working in Taiwan go through the exact same 'steps' that you do to try and 'disguise' their e-mail. So despite all the helpful suggestions, unless you can (as suggested) rewrite your headers on your dreamhost MTA, you will continue to be scored that modest 1.6 because of the (ahem) company you keep. Yes I am using the wires of that Telephone Company. And so are a bunch of spammers. But at the first chance my mail gets, it leaves those wires and heads for the smarthost in the USA in order to cleanse its sins Which is, of course, what every spammer tries to do. of having come from an unfamiliar country. Unfamiliar? Quite the opposite. The SARE rule is based upon a significant 'familiarity' with a lot of spam from dynamic hinet locations. But for you guys, once you are a Negro you are always a Negro or something. Personally, I find racist analogies childish, and in fact, a little offensive. But, that aside, I don't suppose it has occurred to you that the bulk of spam coming from Taiwan may be originating with businesses in the USA? The 'sin' of hinet is not that they live in a country that is necessarily full of evil people who can't wait to spam, but that hinet itself operates a 'spammer friendly' service. Hinet could be *anywhere* in the world, and its IP block would get that reputation. Your bad luck they are in your country, and (apparently) your only option for an internet connection. Again, the correct path to take, and I think I suggested this already, is to contact your government and get them to pressure hinet to clean up their act. - C
Re: [Sare-users] painting everybody in Taiwan with the same brush
What spam is being sent through hinet's smtp servers? I have yet to see any connections from their mail servers. Every connection so far has always been from subscribers' boxes trying to get me to relay mail or trying invalid addys. What does that have to do with hinet's mail servers? It seems to me that the hinet rule is just an half-assed catch-all written by someone who couldn't be bothered to refine it to catch only the dynamic IPs, which is, according to mail gurus, really bad form. Or is this rule produced by the kind of mindset that punishes isp's for not blocking port 25? == jd It's easier to fight for one's principles than to live up to them. --
Re: [Sare-users] painting everybody in Taiwan with the same brush
jida...@jidanni.org wrote: > "MM" == Michael Mansour writes: > > MM> Why couldn't the mailing list filters simply whitelist your email address > or > MM> whitelist people automatically subscribed to the mailing list? > Yes, but that's beside the point. That is not solving the bad thing > you guys are doing. > > MM> The world isn't perfect and the only way to get things changed is to > complaint > MM> and/or do something about it yourself. But to blanket criticise rules that > MM> many sites are using worldwide doesn't really make sense to me. > > You guys are doing something wrong. Maybe you think that every country > is like the USA or something. You blew it. Your rules are wrong. > As has been pointed out before, the rule you are complaining about is not part of a standard SA install. Your emails score a grand total of 0 points here (not counting the whitelists that hit because of the list server). Also, the rule that hits on hinet, only scores 1.6 points. That means that on a normal system (where they have not lowered the required score to a ridiculous level), you would need to score another 3.4 points from other rules in order to be marked as spam. Where are the rest of the points coming from? -- Bowie -- Bowie
Re: [Sare-users] painting everybody in Taiwan with the same brush
From: "Mike Cardwell"
Sent: Thursday, 2010/January/28 03:09
On 28/01/2010 01:34, jida...@jidanni.org wrote:
However I can't shake off the Original Sin of Being in Taiwan. All
people with Taiwan Colored Skin will have points deducted, no matter
what. We use the Telephone Company's ISP.
I don't use this term lightly but you're an idiot if you think any of
this has to do with skin colour or race. The only thing you'll achieve
by making such claims is mass ridicule.
Ah yes, and he should be REALLY happy he does not have a .info address.
I just scanned my spam folder and noticed something peculiar about a
spam so I double checked. It was a .info. That TLD "enjoys" a three point
disadvantage here for the color if ITS bits.
(It was two identical spams a couple hours apart from two addresses in
the same network allocation block (THEFAMILYHAP[MUNGE]PYEVERYDAY . INFO.
It had an interesting name in it that made me think of my ex.)
Don't whine. Fix it.
{^_-}
Re: [Sare-users] painting everybody in Taiwan with the same brush
On 28/01/2010 01:34, jida...@jidanni.org wrote: Long ago, I tried mailing directly direct-to-mx style, but that of course didn't work, e.g., http://www.spamhaus.org/pbl/query/PBL109625 So only 5% of my mail got through. So then I tried mailing through The ISP Here, Hinet.Net's SMTP server, but of course Hinet.Net has a bad name. So only 50% of my mail got through. So, upon people like you guy's recommendation, I (asked my mom to buy) me a dreamhost.com account. You could have set up a free gmail account and then configured your MTA to use GMail's SMTP submission service as a smarthost. However I can't shake off the Original Sin of Being in Taiwan. All people with Taiwan Colored Skin will have points deducted, no matter what. We use the Telephone Company's ISP. I don't use this term lightly but you're an idiot if you think any of this has to do with skin colour or race. The only thing you'll achieve by making such claims is mass ridicule. "J" == Jailer-Daemon writes: J> On Wed, Jan 27, 2010 at 11:30:28AM -0500, wrote: He's using an SMTP relay J> He is, but it isn't a Hinet relay. At least not in the URL he gave. J> It should be possible to relay out from your own ISP and not score J> anything on SARE rules, without having to pay extra for "clean" SMTP J> relaying (which is what seems to be happening here). Now you guys are saying I should go back to using Hinet.Net's SMTP, even though my mom has already paid a 5 year contract for me at Dreamhost. Five years? That wasn't very clever. Why not just configure the MTA on your Dreamhost server to remove the offending IP/hostname data from mail before relaying it? I don't know what MTA you're using but if it's "Exim" and you ask on the Exim users mailing list, I'll help you there. -- Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226 Technical Blog : Tech Blog - https://secure.grepular.com/ Spamalyser : Spam Tool - http://spamalyser.com/ -- Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226 Technical Blog : Tech Blog - https://secure.grepular.com/ Spamalyser : Spam Tool - http://spamalyser.com/
Re: [Sare-users] painting everybody in Taiwan with the same brush
jida...@jidanni.org wrote on Thu, 28 Jan 2010 09:34:46 +0800: > thanks to you guys and no one else. Boy, *you* have a problem, and this is not with SA, get some help, good bye. Please stop further spamming this list with your garbage. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com
Re: [Sare-users] painting everybody in Taiwan with the same brush
This is a problem a lot of people face, some for more legitimate reasons
than others. I have an Earthlink.net account, from when they were smaller
and Sky Dayton still ran the show - actually from not long after he
founded the company. Over the years people forged the Earthlink address.
Earthlink worked hard to minimize spam while allowing their customers to
roam. One trick was to limit the spam that could get sent by limiting
the number of messages per unit time that could be sent without added
smtp processing time delays. Then when Outlook Express grew smtp auth
capabilities they moved to that. I still get blocked at some zero tolerance
locations.
Appearances here are that hinet "we are the telephone company, we answer
to nobody" doesn't give a tinker's damn. You're stuck unless you can do
something to cause hinet to change its attitudes about spam. If some
poor souls suffer because of their IP address neighbors or prior lease
holders I can't do anything about it.
(Actually, I can. Relays through this list are completely unfiltered by
me, which seemed quite logical in the early days when samples were sent
to the list. And relays through some other lists get their scores
"expanded" around Bayes 80. Below that I reduce score. Above that I add
to score. I've seen remarkably little email I should have seen that got
marked as spam these days as a result. It's just some creative meta rule
making custom to my usage of the net that I performed. It's not Taiwan
colored skin, son. It's hinet colored bits. Even yankees in Taiwan using
hinet get dinged.)
{^_^} When the rubber meets the solid road appeals to political
correctness weigh naught to me. Even if it's not politically
correct for the road to be hard I still hurt my hand if I try
to hit it too hard.
- Original Message -
From:
Sent: Wednesday, 2010/January/27 17:34
Long ago, I tried mailing directly direct-to-mx style, but that of
course didn't work, e.g., http://www.spamhaus.org/pbl/query/PBL109625
So only 5% of my mail got through.
So then I tried mailing through The ISP Here, Hinet.Net's SMTP server,
but of course Hinet.Net has a bad name. So only 50% of my mail got
through.
So, upon people like you guy's recommendation, I (asked my mom to buy)
me a dreamhost.com account.
However I can't shake off the Original Sin of Being in Taiwan. All
people with Taiwan Colored Skin will have points deducted, no matter
what. We use the Telephone Company's ISP.
"J" == Jailer-Daemon writes:
J> On Wed, Jan 27, 2010 at 11:30:28AM -0500,
wrote:
He's using an SMTP relay
J> He is, but it isn't a Hinet relay. At least not in the URL he gave.
J> It should be possible to relay out from your own ISP and not score
J> anything on SARE rules, without having to pay extra for "clean" SMTP
J> relaying (which is what seems to be happening here).
Now you guys are saying I should go back to using Hinet.Net's SMTP, even
though my mom has already paid a 5 year contract for me at Dreamhost.
The rule is buggy -- it's looking at all the
received headers, even the ones before the relay.
Yes, and what may seem like a mere 1.6 points is causing me to have to
request the whole spam threshold of that mailing list
http://article.gmane.org/gmane.linux.debian.devel.eeepc/2850/raw be
lowered just for me, just because my mail is being tagged with a stupid
looking "mail Made in Taiwan, penalty 1.666 points" that I can't do
anything about, thanks to you guys and no one else.
Also, I wonder why lots of my mail doesn't seem to get through to
people... and no, I don't want to bother them with various test
messages. Perhaps it is all again due to your sloppy rules?
Actually, I could figure out some underhanded methods to get around
being detected as living in a Undesirable Country, but if ever detected,
I would surely get penalized even more points.
Re: [Sare-users] painting everybody in Taiwan with the same brush
On Thu, 28 Jan 2010 09:34:46 +0800 jida...@jidanni.org wrote: >> Yes, and what may seem like a mere 1.6 points is causing me to have to > request the whole spam threshold of that mailing list > http://article.gmane.org/gmane.linux.debian.devel.eeepc/2850/raw be > lowered just for me, just because my mail is being tagged with a > stupid looking "mail Made in Taiwan, penalty 1.666 points" that I > can't do anything about, thanks to you guys and no one else. lowering the threshold is going to make your problem worse, it doesn't make sense for you to ask them to lower it. > Also, I wonder why lots of my mail doesn't seem to get through to > people... and no, I don't want to bother them with various test > messages. Perhaps it is all again due to your sloppy rules? You seem to be losing sight of the fact that the rule that's affecting you is nothing to do with the Spamassassin project. It's a third-party rule added by the people running the mailing list. Make your complaint to them, not us. If you look at your posts to this list you will see that you scored 0.0.
Re: [Sare-users] painting everybody in Taiwan with the same brush
On Thu, 2010-01-28 at 10:35 +0800, jida...@jidanni.org wrote: > Yes, but that's beside the point. That is not solving the bad thing > you guys are doing. Eh? stopping spammers is a bad thing now hey... > MM> The world isn't perfect and the only way to get things changed is to > complaint > MM> and/or do something about it yourself. But to blanket criticise rules that > MM> many sites are using worldwide doesn't really make sense to me. > > You guys are doing something wrong. Maybe you think that every country > is like the USA or something. You blew it. Your rules are wrong. oh right we bad, bad bad bad, how DARE we put measures in place to stop spamming scum > > Yes I am using the wires of that Telephone Company. But at the first > chance my mail gets, it leaves those wires and heads for the smarthost > in the USA in order to cleanse its sins of having come from an > unfamiliar country. But for you guys, once you are a Negro you are > always a Negro or something. Please fix your rules. You are demanding > one use certain physical carriers irrespective of ISP. what racist rot. I too are not an American (NEWSFLASH: like at least half or more of this list). a person can not change the colour of their skin (WOW about the only thing you said that did not make me piss myself in laughter) however a country that does not care about its residents spamming CAN change, yet TW has failed to do so. Even China has in recent years taken great steps to clean up their act, if you want change, it must start at the top, petition your government to get off its lazy ass and do something about its spamming residents, clean up their act, and in time to come TW, like CN has recently found, many places just might once again start accepting your mail. Don't you dare sit there having a childish dummy spit accusing everyone here to be wrong by denying access or adding a substantial score to a well known spammer friendly country.
Re: [Sare-users] painting everybody in Taiwan with the same brush
Hi Jadinni, > > "MM" == Michael Mansour writes: > MM> Why couldn't the mailing list filters simply whitelist your > email address or MM> whitelist people automatically subscribed to > the mailing list? Yes, but that's beside the point. That is not > solving the bad thing you guys are doing. ?? I'm a user just like you are. > MM> The world isn't perfect and the only way to get things changed > is to complaint MM> and/or do something about it yourself. But to > blanket criticise rules that MM> many sites are using worldwide > doesn't really make sense to me. > > You guys are doing something wrong. Maybe you think that every > country is like the USA or something. You blew it. Your rules are wrong. I'm not in the USA, I'm in Australia. Our laws are some of the strictest in the world and our ISP's take action on users within their networks that spam. I didn't write the rules, I'm just a user of them. > MM> It may not be your fault you're using an ISP which is known to > generate spam MM> and/or have lax rules in combating spam from it's > users, but if you know the MM> problems with the ISP and you > continue to use them then how can you complain MM> here? you need to > complain to the ISP. > > Yes I am using the wires of that Telephone Company. But at the first > chance my mail gets, it leaves those wires and heads for the > smarthost in the USA in order to cleanse its sins of having come > from an unfamiliar country. But for you guys, once you are a Negro > you are always a Negro or something. Please fix your rules. You are demanding > one use certain physical carriers irrespective of ISP. Hmmm... Michael. > I'm not using the ISP to send SMTP. > ___ > This is being sent to: m...@npgx.com.au > Sare-users mailing list > sare-us...@maddoc.net > http://lists.maddoc.net/mailman/listinfo/sare-users --- End of Original Message ---
Re: [Sare-users] painting everybody in Taiwan with the same brush
Hi Jidanni, > Long ago, I tried mailing directly direct-to-mx style, but that of > course didn't work, e.g., http://www.spamhaus.org/pbl/query/PBL109625 > So only 5% of my mail got through. > > So then I tried mailing through The ISP Here, Hinet.Net's SMTP > server, but of course Hinet.Net has a bad name. So only 50% of my > mail got through. > > So, upon people like you guy's recommendation, I (asked my mom to > buy) me a dreamhost.com account. > > However I can't shake off the Original Sin of Being in Taiwan. All > people with Taiwan Colored Skin will have points deducted, no matter > what. We use the Telephone Company's ISP. > > > "J" == Jailer-Daemon writes: > > J> On Wed, Jan 27, 2010 at 11:30:28AM -0500, > wrote: > >> > >> He's using an SMTP relay > > J> He is, but it isn't a Hinet relay. At least not in the URL he > gave. J> It should be possible to relay out from your own ISP and > not score J> anything on SARE rules, without having to pay extra for > "clean" SMTP J> relaying (which is what seems to be happening here). > > Now you guys are saying I should go back to using Hinet.Net's SMTP, even > though my mom has already paid a 5 year contract for me at Dreamhost. There are various people on this list from various countries, not everyone was giving the same recommendation. > >> The rule is buggy -- it's looking at all the > >> received headers, even the ones before the relay. > > Yes, and what may seem like a mere 1.6 points is causing me to have > to request the whole spam threshold of that mailing list > http://article.gmane.org/gmane.linux.debian.devel.eeepc/2850/raw be > lowered just for me, just because my mail is being tagged with a stupid > looking "mail Made in Taiwan, penalty 1.666 points" that I can't do > anything about, thanks to you guys and no one else. Why couldn't the mailing list filters simply whitelist your email address or whitelist people automatically subscribed to the mailing list? > Also, I wonder why lots of my mail doesn't seem to get through to > people... and no, I don't want to bother them with various test > messages. Perhaps it is all again due to your sloppy rules? The world isn't perfect and the only way to get things changed is to complaint and/or do something about it yourself. But to blanket criticise rules that many sites are using worldwide doesn't really make sense to me. It may not be your fault you're using an ISP which is known to generate spam and/or have lax rules in combating spam from it's users, but if you know the problems with the ISP and you continue to use them then how can you complain here? you need to complain to the ISP. > Actually, I could figure out some underhanded methods to get around > being detected as living in a Undesirable Country, but if ever > detected, I would surely get penalized even more points. Two wrongs never make a right, try it and you'll learn that :) Regards, Michael.
Re: [Sare-users] painting everybody in Taiwan with the same brush
Long ago, I tried mailing directly direct-to-mx style, but that of course didn't work, e.g., http://www.spamhaus.org/pbl/query/PBL109625 So only 5% of my mail got through. So then I tried mailing through The ISP Here, Hinet.Net's SMTP server, but of course Hinet.Net has a bad name. So only 50% of my mail got through. So, upon people like you guy's recommendation, I (asked my mom to buy) me a dreamhost.com account. However I can't shake off the Original Sin of Being in Taiwan. All people with Taiwan Colored Skin will have points deducted, no matter what. We use the Telephone Company's ISP. > "J" == Jailer-Daemon writes: J> On Wed, Jan 27, 2010 at 11:30:28AM -0500, wrote: >> >> He's using an SMTP relay J> He is, but it isn't a Hinet relay. At least not in the URL he gave. J> It should be possible to relay out from your own ISP and not score J> anything on SARE rules, without having to pay extra for "clean" SMTP J> relaying (which is what seems to be happening here). Now you guys are saying I should go back to using Hinet.Net's SMTP, even though my mom has already paid a 5 year contract for me at Dreamhost. >> The rule is buggy -- it's looking at all the >> received headers, even the ones before the relay. Yes, and what may seem like a mere 1.6 points is causing me to have to request the whole spam threshold of that mailing list http://article.gmane.org/gmane.linux.debian.devel.eeepc/2850/raw be lowered just for me, just because my mail is being tagged with a stupid looking "mail Made in Taiwan, penalty 1.666 points" that I can't do anything about, thanks to you guys and no one else. Also, I wonder why lots of my mail doesn't seem to get through to people... and no, I don't want to bother them with various test messages. Perhaps it is all again due to your sloppy rules? Actually, I could figure out some underhanded methods to get around being detected as living in a Undesirable Country, but if ever detected, I would surely get penalized even more points.
Re: [Sare-users] painting everybody in Taiwan with the same brush
so what? Kai -- Get your web at Conactive Internet Services: http://www.conactive.com
Re: [Sare-users] painting everybody in Taiwan with the same brush
On Wed, 27 Jan 2010, Kai Schaetzl wrote: So what should a Taiwan user (Taiwan~=Hinet) user do. Buy a SMTP account with a US Company? I told you what you can do. Apart from that, again: SARE is not part of SA. SARE is deprecated. So, why bother? Why bother posting just to tell him that his fate rests in the hands of everyone else? That was his complaint in the first place. If you (Kai) want to mount a campaign to have SARE removed from everyone's SA configs, then best of luck to you, but otherwise, your 'answer' does not help the legitimate Taiwanese user in the least (shrug) - C
Re: [Sare-users] painting everybody in Taiwan with the same brush
Matus UHLAR - fantomas wrote on Wed, 27 Jan 2010 15:10:48 +0100: > because his mail can be tagged as spam? Not largely a problem. Did you look at the mailing list conversation he linked to? It seems he's actively telling the mailing list owner how to tune SA and reduce the required score to 2 (two !). And before that he may have told him to use SARE (I don't know, but it's possible). And that is why he came here. He set his own trap and is now likely to fall in. :-) And he's probably never heard about setting own rule scores. > I guess some of SARE people are subscribed here and someone could notice this > problem and remove it... quoting myself: > I told you (him) what you (he) can do. > This is an SARE rule, I suggest you ask there. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com
Re: [Sare-users] painting everybody in Taiwan with the same brush
> jida...@jidanni.org wrote on Wed, 27 Jan 2010 14:12:11 +0800: > > So what should a Taiwan user (Taiwan~=Hinet) > >HINET: Control of approx 8,476,149 IP addresses > > http://www.fixedorbit.com/AS/3/AS3462.htm > > user do. Buy a SMTP account with a US Company? On 27.01.10 12:31, Kai Schaetzl wrote: > I told you what you can do. > > Apart from that, again: > SARE is not part of SA. > SARE is deprecated. > So, why bother? because his mail can be tagged as spam? There are still some sare rules published and people who may use them. I guess some of SARE people are subscribed here and someone could notice this problem and remove it... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Linux is like a teepee: no Windows, no Gates and an apache inside...
Re: [Sare-users] painting everybody in Taiwan with the same brush
jida...@jidanni.org wrote on Wed, 27 Jan 2010 14:12:11 +0800: > So what should a Taiwan user (Taiwan~=Hinet) >HINET: Control of approx 8,476,149 IP addresses > http://www.fixedorbit.com/AS/3/AS3462.htm > user do. Buy a SMTP account with a US Company? I told you what you can do. Apart from that, again: SARE is not part of SA. SARE is deprecated. So, why bother? Kai -- Get your web at Conactive Internet Services: http://www.conactive.com
Re: painting everybody in Taiwan with the same brush
Jdow wrote on Tue, 26 Jan 2010 19:07:14 -0800: > And it has this disgraceful habit. It works. You are special, anyway. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com
Re: [Sare-users] painting everybody in Taiwan with the same brush
So what should a Taiwan user (Taiwan~=Hinet) HINET: Control of approx 8,476,149 IP addresses http://www.fixedorbit.com/AS/3/AS3462.htm user do. Buy a SMTP account with a US Company? But that's what I did, as you see from http://article.gmane.org/gmane.linux.debian.devel.eeepc/2850/raw headers. But that's still not good enough. So what next? Need a ssh tunnel to /usr/lib/sendmail or something on a US machine to eradicate all traces of Taiwan? > "KS" == Kai Schaetzl writes: KS> The point of discussion was "Email passed through apparent spammer domain" KS> because of *origination* at a dynamic hinet address. I personally think KS> this rule is misguided and maybe isn't even doing what it was intended to do.
Re: painting everybody in Taiwan with the same brush
From: "Kai Schaetzl"
Sent: Tuesday, 2010/January/26 03:57
Warren Togami wrote on Tue, 26 Jan 2010 06:15:23 -0500:
Huh? Aren't we supposed to be telling people to stop using SARE?
Isn't that a given? The point was that I don't see a reason to ask here
about this. It's deprecated and it's not part of SA.
Kai
And it has this disgraceful habit. It works.
{^_^}
Re: painting everybody in Taiwan with the same brush
Surely you jest, Sir.
{o.o}
- Original Message -
From: "Warren Togami"
Sent: Tuesday, 2010/January/26 03:15
On 01/26/2010 05:31 AM, Kai Schaetzl wrote:
This is an SARE rule, I suggest you ask there.
Kai
Huh? Aren't we supposed to be telling people to stop using SARE?
Warren
Re: [Sare-users] painting everybody in Taiwan with the same brush
Michael Scheidell wrote on Tue, 26 Jan 2010 06:56:04 -0500: > if you don't follow the RFC's, you have no reason to complain if people > who DO follow the RFC's block your email. There is no RFC requiring back and forward resolution to match. I think there's not even a requirement for an rDNS, it's just good practice. And it's not the point of discussion here, anyway. The point of discussion was "Email passed through apparent spammer domain" because of *origination* at a dynamic hinet address. I personally think this rule is misguided and maybe isn't even doing what it was intended to do. Anyway, anyone with a sane mind has stopped using most SA rules two years ago. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com
Re: painting everybody in Taiwan with the same brush
Warren Togami wrote on Tue, 26 Jan 2010 06:15:23 -0500: > Huh? Aren't we supposed to be telling people to stop using SARE? Isn't that a given? The point was that I don't see a reason to ask here about this. It's deprecated and it's not part of SA. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com
Re: [Sare-users] painting everybody in Taiwan with the same brush
On 1/26/10 5:31 AM, Kai Schaetzl wrote: Ned Slider wrote on Tue, 26 Jan 2010 08:16:47 +: Indeed. If your domain (jidanni.org) is in fact on a static IP then you need to get your ISP to update the PTR record to reflect this. Well, on closer look it appears that he's using a smarthost. So, there's no need for another rDNS for him. He's just a normal dynamic customer sending mail thru a smarthost and being a hinet customer. which in itself has a bunged up RDNS . Received: from [208.97.132.207] (HELO homiemail-a7.g.dreamhost.com) (208.97.132.207) host 208.97.132.207 207.132.97.208.in-addr.arpa domain name pointer caiajhbdccah.dreamhost.com. if you don't follow the RFC's, you have no reason to complain if people who DO follow the RFC's block your email. Kai -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 > *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best Anti-Spam Product 2008, Network Products Guide * King of Spam Filters, SC Magazine 2008 __ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ __
Re: painting everybody in Taiwan with the same brush
On 01/26/2010 05:31 AM, Kai Schaetzl wrote: This is an SARE rule, I suggest you ask there. Kai Huh? Aren't we supposed to be telling people to stop using SARE? Warren
Re: [Sare-users] painting everybody in Taiwan with the same brush
Ned Slider wrote on Tue, 26 Jan 2010 08:16:47 +: > Indeed. If your domain (jidanni.org) is in fact on a static IP then you > need to get your ISP to update the PTR record to reflect this. Well, on closer look it appears that he's using a smarthost. So, there's no need for another rDNS for him. He's just a normal dynamic customer sending mail thru a smarthost and being a hinet customer. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com
Re: painting everybody in Taiwan with the same brush
This is an SARE rule, I suggest you ask there. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com
Re: [Sare-users] painting everybody in Taiwan with the same brush
Michael Mansour wrote: Hi, Fellows, I have the highest spam score vs. all my buddies: http://article.gmane.org/gmane.linux.debian.devel.eeepc/2850/raw It's all because http://www.rulesemporium.com/rules/70_sare_header1.cf headerSARE_RECV_SPAM_DOMN0bReceived =~ /\bdynamic.hinet\.(?:com|net|org|info)/ describe I personally don't understand how this regex does all of Taiwan, all I can see it do is hit the dynamic IP's of the hinet ISP, which to me is valid since dynamic IP's really shouldn't be sending bulk mail. Indeed. If your domain (jidanni.org) is in fact on a static IP then you need to get your ISP to update the PTR record to reflect this. The issue arises solely because a rDNS lookup of your IP resolves to 218-163-3-226.dynamic.hinet.net rather than, for example, mx.jidanni.org. Still, a score of 1.666 from a non-standard ruleset shouldn't hurt you too much if you're not sending spam and are otherwise following good email practices.
Re: [Sare-users] painting everybody in Taiwan with the same brush
Hi, > Fellows, I have the highest spam score vs. all my buddies: > http://article.gmane.org/gmane.linux.debian.devel.eeepc/2850/raw > > It's all because > http://www.rulesemporium.com/rules/70_sare_header1.cf > headerSARE_RECV_SPAM_DOMN0bReceived =~ > /\bdynamic.hinet\.(?:com|net|org|info)/ describe I personally don't understand how this regex does all of Taiwan, all I can see it do is hit the dynamic IP's of the hinet ISP, which to me is valid since dynamic IP's really shouldn't be sending bulk mail. Regards, Michael. > SARE_RECV_SPAM_DOMN0bEmail passed through apparent spammer > domain score SARE_RECV_SPAM_DOMN0b1.666 > > So how is anybody living in Taiwan supposed to mail things with > honor? They can't get another country, nor cause a revolution. You > just paint them all with one brush. What if you painted everybody in > your home country with one brush until they were supposed to > overthrew the telephone company or whatever? ___ > This is being sent to: m...@npgx.com.au > Sare-users mailing list > sare-us...@maddoc.net > http://lists.maddoc.net/mailman/listinfo/sare-users --- End of Original Message ---
Re: painting everybody in Taiwan with the same brush
On 1/26/10 12:29 AM, "jida...@jidanni.org" wrote: > So how is anybody living in Taiwan supposed to mail things with honor? > They can't get another country, nor cause a revolution. You just paint > them all with one brush. What if you painted everybody in your home > country with one brush until they were supposed to overthrew the > telephone company or whatever? It's not a moral judgment, it's a practical one. It's not the fault of an individual resident of Taiwan that their country has a high noise to signal ratio; then again, a rabid dog isn't at fault for its condition, but I'm not gonna get close enough for it to bite me. -- Dave Pooser Cat-Herder-in-Chief, Pooserville.com "...Life is not a journey to the grave with the intention of arriving safely in one pretty and well-preserved piece, but to slide across the finish line broadside, thoroughly used up, worn out, leaking oil, and shouting GERONIMO!!!" -- Bill McKenna
Re: painting everybody in Taiwan with the same brush
Am Dienstag 26 Januar 2010 schrieb jida...@jidanni.org: > Fellows, I have the highest spam score vs. all my buddies: > http://article.gmane.org/gmane.linux.debian.devel.eeepc/2850/raw > > It's all because > http://www.rulesemporium.com/rules/70_sare_header1.cf > headerSARE_RECV_SPAM_DOMN0bReceived =~ > /\bdynamic.hinet\.(?:com|net|org|info)/ describe > SARE_RECV_SPAM_DOMN0bEmail passed through apparent spammer > domain score SARE_RECV_SPAM_DOMN0b1.666 > > So how is anybody living in Taiwan supposed to mail things with > honor? They can't get another country, nor cause a revolution. You > just paint them all with one brush. What if you painted everybody > in your home country with one brush until they were supposed to > overthrew the telephone company or whatever? > there were times where 90% of my spamcop submissions pointed at hinet.net so there's that. if there is some single person in taiwan who wants to exchange legitimate email with some other single person outside taiwan they can simply put each other in their whitelists. -- gpg key fingerprint: 5F64 4C92 9B77 DE37 D184 C5F9 B013 44E7 27BD 763C
painting everybody in Taiwan with the same brush
Fellows, I have the highest spam score vs. all my buddies: http://article.gmane.org/gmane.linux.debian.devel.eeepc/2850/raw It's all because http://www.rulesemporium.com/rules/70_sare_header1.cf headerSARE_RECV_SPAM_DOMN0bReceived =~ /\bdynamic.hinet\.(?:com|net|org|info)/ describe SARE_RECV_SPAM_DOMN0bEmail passed through apparent spammer domain score SARE_RECV_SPAM_DOMN0b1.666 So how is anybody living in Taiwan supposed to mail things with honor? They can't get another country, nor cause a revolution. You just paint them all with one brush. What if you painted everybody in your home country with one brush until they were supposed to overthrew the telephone company or whatever?
