Dear sare-users Adam Katz tried to post these to your list. Please read
http://article.gmane.org/gmane.mail.spam.spamassassin.general/126545
http://article.gmane.org/gmane.mail.spam.spamassassin.general/126547
However, as in
http://article.gmane.org/gmane.mail.spam.spamassassin.general/126330
Adam Katz wrote:
> header SARE_RECV_SPAM_DOMN0B X-Spam-Relays-External =~
> /^[^\]]+ rdns=[^ ]{0,25}\bdynamic.hinet\.net /
Minor bugfix that doesn't affect my findings: That second range
should have prohibited both space and right-square-bracket. Because
there is more than 25 characters of buf
Note, I am not on the SARE list. This message is more directed at the
SARE developers and thus that list. It copies the SA users list.
I wrote:
>>> This rule is poorly written as it does not limit its examination
>>> to the last external relay.
LuKreme responded:
>> The rule quite specifically
Hi!
Also note that SARE Ninjas are long gone - see main page
http://www.rulesemporium.com/. So nobody could fix those rules even if they
thought it was a good idea (and at least some people are not convinced it is
a bad idea); and even if the rules could be fixed, still at least half the
world
On Friday, January 29, 2010, 12:27:59 PM, Marc Sherman wrote:
> Matija Nalis wrote:
>>
>> Also note that SARE Ninjas are long gone - see main page
>> http://www.rulesemporium.com/. So nobody could fix those rules even if they
>> thought it was a good idea (and at least some people are not convinc
Matija Nalis wrote:
Also note that SARE Ninjas are long gone - see main page
http://www.rulesemporium.com/. So nobody could fix those rules even if they
thought it was a good idea (and at least some people are not convinced it is
a bad idea); and even if the rules could be fixed, still at least
Firstly, the instructions for reading this e-mail: please read it whole,
and understand that (although it may sound harsh at places) I am actually
trying to help you. Only then reply (if needed). It is also somewhat long,
but it does contain some technical info (and not only my rants :) Thanks.
On
LuKreme wrote:
> I get hundreds and hundreds of spam attempts from dynamic.hinet.net
>
> $ bzgrep dynamic.hinet.net /var/log/maillog.?.bz2 | grep -i reject |wc -l
> 8939
>
> That's in 10 days. Nearly 900 times a day.
Thank you LuKreme, you have proven my point.
I have a good number too, t
On Fri, 29 Jan 2010, Bowie Bailey wrote:
Take another look. The original line must contain 'reject', but the
output is not the entire line.
Awk. (as an exclamation) :)
- C
On 29-Jan-2010, at 07:20, Charles Gregory wrote:
>
> * Strictly for fun. Cuz I'm a geek and can't resist..
>
> The code you post could not produce the output shown.
Yes it could because it DID
> There is no 'reject' in the line 'Relay access denied'. (big wide grin)
Jan 28 14:12:58 mai
Charles Gregory wrote:
> On Thu, 28 Jan 2010, LuKreme wrote:
>> $ bzgrep dynamic.hinet.net /var/log/maillog.?.bz2 |\
>>>grep -i reject |\
>>>awk -F: {'print $9'} |\
>>>awk -F';' {'print $1'} |\
>>>sort -u
>> Client host rejected
>> Helo command rejected
>> Recipient address rejected
* Strictly for fun. Cuz I'm a geek and can't resist..
The code you post could not produce the output shown.
There is no 'reject' in the line 'Relay access denied'. (big wide grin)
No argument about the intended *point* of the output. :)
- C
On Thu, 28 Jan 2010, LuKreme wrote:
$ bzgre
please stop spamming this list with this any longer,
thanks. If you have grieve take it up with the folks how are responsible,
that is the folks *using* the rules and *making* the rules.
Kai
--
Get your web at Conactive Internet Services: http://www.conactive.com
Anyway, what you are doing here is penalizing all users of that
company's copper wires. No amount of monopoly breakup legislation will
do any good if you penalize based on the wrong part of the physical
infrastructure.
http://en.wikipedia.org/wiki/Common_carrier
http://en.wikipedia.org/wiki/Network
On 28-Jan-2010, at 11:59, Adam Katz wrote:
>
> SpamCop sister-site SenderBase seems to indicate at
> http://www.senderbase.org/senderbase_queries/detaildomain?search_string=hinet.net
> that there isn't much traffic coming from IPs whose rDNS contain
> 'dynamic.hinet.net' anyway, so it appears they
From: "Charles Gregory"
Sent: Thursday, 2010/January/28 08:08
Personally, I find racist analogies childish, and in fact, a little
offensive. But, that aside, I don't suppose it has occurred to you that
the bulk of spam coming from Taiwan may be originating with businesses in
the USA? The 'si
From: "Adam Katz"
Sent: Thursday, 2010/January/28 10:59
LuKreme wrote:
On 28-Jan-2010, at 09:23, Adam Katz wrote:
This rule is poorly written as it does not limit its examination
to the last external relay.
The rule quite specifically does not look at the top received
header because all th
On Thu, 2010-01-28 at 13:59 -0500, Adam Katz wrote:
> SpamCop sister-site SenderBase seems to indicate at
> http://www.senderbase.org/senderbase_queries/detaildomain?search_string=hinet.net
> that there isn't much traffic coming from IPs whose rDNS contain
> 'dynamic.hinet.net' anyway, so it app
On 28.01.10 07:13, jd wrote:
> What spam is being sent through hinet's smtp servers?
hard to say, however the rule in subject doesn't mention their smtp
servers...
> I have yet to see any connections from their mail servers. Every
> connection so far has always been from subscribers' boxes trying
LuKreme wrote:
> On 28-Jan-2010, at 09:23, Adam Katz wrote:
>> This rule is poorly written as it does not limit its examination
>> to the last external relay.
>
> The rule quite specifically does not look at the top received
> header because all the spammers were using US based relays to avoid
> c
On 28-Jan-2010, at 09:23, Adam Katz wrote:
This rule is poorly written as it does not limit its examination to
>
> the last external relay. Were SARE accepting revisions (and assuming
> I've read the intent right), it should be reworked so as to be defined
> as (be wary of mail agent rewrapping):
Charles Gregory wrote on Thu, 28 Jan 2010 11:08:24 -0500 (EST):
> Firstly, let's all acknowledge that the OP cross-posted to/from the SARE
> mailing list, and continues to do so.
He should not have done this and most of us probably didn't notice it. He
should just stop doing so and stay on the
On 1/28/2010 5:23 PM, Adam Katz wrote:
However, as you noted earlier:
It's all because
http://www.rulesemporium.com/rules/70_sare_header1.cf
header SARE_RECV_SPAM_DOMN0b Received =~
/\bdynamic.hinet\.(?:com|net|org|info)/
describe SARE_RECV_SPAM_DOMN0b Email passed through apparent spammer d
Adam Katz wrote:
> This rule is poorly written as it does not limit its examination to
> the last external relay. Were SARE accepting revisions (and assuming
> I've read the intent right), it should be reworked so as to be defined
> as (be wary of mail agent rewrapping):
>
> header SARE_RECV_SPAM
Michael Scheidell wrote:
> which in itself has a bunged up RDNS .
>
> Received: from [208.97.132.207] (HELO homiemail-a7.g.dreamhost.com)
> (208.97.132.207)
>
>
> host 208.97.132.207
> 207.132.97.208.in-addr.arpa domain name pointer caiajhbdccah.dreamhost.com.
> if you don't follow the RFC's, y
jida...@jidanni.org wrote:
> You guys are doing something wrong. Maybe you think that every
> country is like the USA or something. You blew it. Your rules are
> wrong.
>
> MM> It may not be your fault you're using an ISP which is known to
> MM> generate spam [...] you need to complain to the ISP
On Thu, 28 Jan 2010, jida...@jidanni.org wrote:
You guys are doing something wrong.
Firstly, let's all acknowledge that the OP cross-posted to/from the SARE
mailing list, and continues to do so. Yes, there is no one on the main SA
list that is responsible for the rule, but that being said, we
What spam is being sent through hinet's smtp servers? I have yet to
see any connections from their mail servers. Every connection so far
has always been from subscribers' boxes trying to get me to relay mail
or trying invalid addys. What does that have to do with hinet's mail
servers?
It seems to
jida...@jidanni.org wrote:
> "MM" == Michael Mansour writes:
>
> MM> Why couldn't the mailing list filters simply whitelist your email address
> or
> MM> whitelist people automatically subscribed to the mailing list?
> Yes, but that's beside the point. That is not solving the bad thing
> you g
From: "Mike Cardwell"
Sent: Thursday, 2010/January/28 03:09
On 28/01/2010 01:34, jida...@jidanni.org wrote:
However I can't shake off the Original Sin of Being in Taiwan. All
people with Taiwan Colored Skin will have points deducted, no matter
what. We use the Telephone Company's ISP.
I do
On 28/01/2010 01:34, jida...@jidanni.org wrote:
Long ago, I tried mailing directly direct-to-mx style, but that of
course didn't work, e.g., http://www.spamhaus.org/pbl/query/PBL109625
So only 5% of my mail got through.
So then I tried mailing through The ISP Here, Hinet.Net's SMTP server,
but
jida...@jidanni.org wrote on Thu, 28 Jan 2010 09:34:46 +0800:
> thanks to you guys and no one else.
Boy, *you* have a problem, and this is not with SA, get some help, good
bye. Please stop further spamming this list with your garbage.
Kai
--
Get your web at Conactive Internet Services: http:/
This is a problem a lot of people face, some for more legitimate reasons
than others. I have an Earthlink.net account, from when they were smaller
and Sky Dayton still ran the show - actually from not long after he
founded the company. Over the years people forged the Earthlink address.
Earthlink
On Thu, 28 Jan 2010 09:34:46 +0800
jida...@jidanni.org wrote:
>> Yes, and what may seem like a mere 1.6 points is causing me to have to
> request the whole spam threshold of that mailing list
> http://article.gmane.org/gmane.linux.debian.devel.eeepc/2850/raw be
> lowered just for me, just becaus
On Thu, 2010-01-28 at 10:35 +0800, jida...@jidanni.org wrote:
> Yes, but that's beside the point. That is not solving the bad thing
> you guys are doing.
Eh? stopping spammers is a bad thing now hey...
> MM> The world isn't perfect and the only way to get things changed is to
> complaint
>
Hi Jadinni,
> > "MM" == Michael Mansour writes:
> MM> Why couldn't the mailing list filters simply whitelist your
> email address or MM> whitelist people automatically subscribed to
> the mailing list? Yes, but that's beside the point. That is not
> solving the bad thing you guys are doing
Hi Jidanni,
> Long ago, I tried mailing directly direct-to-mx style, but that of
> course didn't work, e.g., http://www.spamhaus.org/pbl/query/PBL109625
> So only 5% of my mail got through.
>
> So then I tried mailing through The ISP Here, Hinet.Net's SMTP
> server, but of course Hinet.Net has a
Long ago, I tried mailing directly direct-to-mx style, but that of
course didn't work, e.g., http://www.spamhaus.org/pbl/query/PBL109625
So only 5% of my mail got through.
So then I tried mailing through The ISP Here, Hinet.Net's SMTP server,
but of course Hinet.Net has a bad name. So only 50% of
so what?
Kai
--
Get your web at Conactive Internet Services: http://www.conactive.com
On Wed, 27 Jan 2010, Kai Schaetzl wrote:
So what should a Taiwan user (Taiwan~=Hinet)
user do. Buy a SMTP account with a US Company?
I told you what you can do.
Apart from that, again:
SARE is not part of SA.
SARE is deprecated.
So, why bother?
Why bother posting just to tell him that his fate
Matus UHLAR - fantomas wrote on Wed, 27 Jan 2010 15:10:48 +0100:
> because his mail can be tagged as spam?
Not largely a problem. Did you look at the mailing list conversation he linked
to? It seems he's actively telling the mailing list owner how to tune SA and
reduce the required score to 2 (
> jida...@jidanni.org wrote on Wed, 27 Jan 2010 14:12:11 +0800:
> > So what should a Taiwan user (Taiwan~=Hinet)
> >HINET: Control of approx 8,476,149 IP addresses
> > http://www.fixedorbit.com/AS/3/AS3462.htm
> > user do. Buy a SMTP account with a US Company?
On 27.01.10 12:31, Kai Schaetzl
jida...@jidanni.org wrote on Wed, 27 Jan 2010 14:12:11 +0800:
> So what should a Taiwan user (Taiwan~=Hinet)
>HINET: Control of approx 8,476,149 IP addresses
> http://www.fixedorbit.com/AS/3/AS3462.htm
> user do. Buy a SMTP account with a US Company?
I told you what you can do.
Apart from t
Jdow wrote on Tue, 26 Jan 2010 19:07:14 -0800:
> And it has this disgraceful habit. It works.
You are special, anyway.
Kai
--
Get your web at Conactive Internet Services: http://www.conactive.com
So what should a Taiwan user (Taiwan~=Hinet)
HINET: Control of approx 8,476,149 IP addresses
http://www.fixedorbit.com/AS/3/AS3462.htm
user do. Buy a SMTP account with a US Company?
But that's what I did, as you see from
http://article.gmane.org/gmane.linux.debian.devel.eeepc/2850/raw
headers.
From: "Kai Schaetzl"
Sent: Tuesday, 2010/January/26 03:57
Warren Togami wrote on Tue, 26 Jan 2010 06:15:23 -0500:
Huh? Aren't we supposed to be telling people to stop using SARE?
Isn't that a given? The point was that I don't see a reason to ask here
about this. It's deprecated and it's
Surely you jest, Sir.
{o.o}
- Original Message -
From: "Warren Togami"
Sent: Tuesday, 2010/January/26 03:15
On 01/26/2010 05:31 AM, Kai Schaetzl wrote:
This is an SARE rule, I suggest you ask there.
Kai
Huh? Aren't we supposed to be telling people to stop using SARE?
Warren
Michael Scheidell wrote on Tue, 26 Jan 2010 06:56:04 -0500:
> if you don't follow the RFC's, you have no reason to complain if people
> who DO follow the RFC's block your email.
There is no RFC requiring back and forward resolution to match. I think
there's not even a requirement for an rDNS, i
Warren Togami wrote on Tue, 26 Jan 2010 06:15:23 -0500:
> Huh? Aren't we supposed to be telling people to stop using SARE?
Isn't that a given? The point was that I don't see a reason to ask here
about this. It's deprecated and it's not part of SA.
Kai
--
Get your web at Conactive Internet Se
On 1/26/10 5:31 AM, Kai Schaetzl wrote:
Ned Slider wrote on Tue, 26 Jan 2010 08:16:47 +:
Indeed. If your domain (jidanni.org) is in fact on a static IP then you
need to get your ISP to update the PTR record to reflect this.
Well, on closer look it appears that he's using a smarth
On 01/26/2010 05:31 AM, Kai Schaetzl wrote:
This is an SARE rule, I suggest you ask there.
Kai
Huh? Aren't we supposed to be telling people to stop using SARE?
Warren
Ned Slider wrote on Tue, 26 Jan 2010 08:16:47 +:
> Indeed. If your domain (jidanni.org) is in fact on a static IP then you
> need to get your ISP to update the PTR record to reflect this.
Well, on closer look it appears that he's using a smarthost. So, there's
no need for another rDNS for h
This is an SARE rule, I suggest you ask there.
Kai
--
Get your web at Conactive Internet Services: http://www.conactive.com
Michael Mansour wrote:
Hi,
Fellows, I have the highest spam score vs. all my buddies:
http://article.gmane.org/gmane.linux.debian.devel.eeepc/2850/raw
It's all because
http://www.rulesemporium.com/rules/70_sare_header1.cf
headerSARE_RECV_SPAM_DOMN0bReceived =~
/\bdynamic.hinet\.(?:com
Hi,
> Fellows, I have the highest spam score vs. all my buddies:
> http://article.gmane.org/gmane.linux.debian.devel.eeepc/2850/raw
>
> It's all because
> http://www.rulesemporium.com/rules/70_sare_header1.cf
> headerSARE_RECV_SPAM_DOMN0bReceived =~
> /\bdynamic.hinet\.(?:com|net|org|inf
On 1/26/10 12:29 AM, "jida...@jidanni.org" wrote:
> So how is anybody living in Taiwan supposed to mail things with honor?
> They can't get another country, nor cause a revolution. You just paint
> them all with one brush. What if you painted everybody in your home
> country with one brush until
Am Dienstag 26 Januar 2010 schrieb jida...@jidanni.org:
> Fellows, I have the highest spam score vs. all my buddies:
> http://article.gmane.org/gmane.linux.debian.devel.eeepc/2850/raw
>
> It's all because
> http://www.rulesemporium.com/rules/70_sare_header1.cf
> headerSARE_RECV_SPAM_DOMN0b
Fellows, I have the highest spam score vs. all my buddies:
http://article.gmane.org/gmane.linux.debian.devel.eeepc/2850/raw
It's all because
http://www.rulesemporium.com/rules/70_sare_header1.cf
headerSARE_RECV_SPAM_DOMN0bReceived =~
/\bdynamic.hinet\.(?:com|net|org|info)/
describe SARE_
58 matches
Mail list logo