You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by ji...@jidanni.org on 2010/01/26 07:29:19 UTC
painting everybody in Taiwan with the same brush
Fellows, I have the highest spam score vs. all my buddies:
http://article.gmane.org/gmane.linux.debian.devel.eeepc/2850/raw
It's all because
http://www.rulesemporium.com/rules/70_sare_header1.cf
header SARE_RECV_SPAM_DOMN0b Received =~ /\bdynamic.hinet\.(?:com|net|org|info)/
describe SARE_RECV_SPAM_DOMN0b Email passed through apparent spammer domain
score SARE_RECV_SPAM_DOMN0b 1.666
So how is anybody living in Taiwan supposed to mail things with honor?
They can't get another country, nor cause a revolution. You just paint
them all with one brush. What if you painted everybody in your home
country with one brush until they were supposed to overthrew the
telephone company or whatever?
Re: [Sare-users] painting everybody in Taiwan with the same brush
Posted by Kai Schaetzl <ma...@conactive.com>.
so what?
Kai
--
Get your web at Conactive Internet Services: http://www.conactive.com
Re: [Sare-users] painting everybody in Taiwan with the same brush
Posted by Charles Gregory <cg...@hwcn.org>.
On Wed, 27 Jan 2010, Kai Schaetzl wrote:
>> So what should a Taiwan user (Taiwan~=Hinet)
>> user do. Buy a SMTP account with a US Company?
> I told you what you can do.
> Apart from that, again:
> SARE is not part of SA.
> SARE is deprecated.
> So, why bother?
Why bother posting just to tell him that his fate rests in the hands of
everyone else? That was his complaint in the first place. If you (Kai)
want to mount a campaign to have SARE removed from everyone's SA configs,
then best of luck to you, but otherwise, your 'answer' does not help the
legitimate Taiwanese user in the least.... (shrug)
- C
Re: [Sare-users] painting everybody in Taiwan with the same brush
Posted by Kai Schaetzl <ma...@conactive.com>.
Matus UHLAR - fantomas wrote on Wed, 27 Jan 2010 15:10:48 +0100:
> because his mail can be tagged as spam?
Not largely a problem. Did you look at the mailing list conversation he linked
to? It seems he's actively telling the mailing list owner how to tune SA and
reduce the required score to 2 (two !). And before that he may have told him to
use SARE (I don't know, but it's possible). And that is why he came here. He
set his own trap and is now likely to fall in. :-) And he's probably never
heard about setting own rule scores.
> I guess some of SARE people are subscribed here and someone could notice this
> problem and remove it...
quoting myself:
> I told you (him) what you (he) can do.
> This is an SARE rule, I suggest you ask there.
Kai
--
Get your web at Conactive Internet Services: http://www.conactive.com
Re: [Sare-users] painting everybody in Taiwan with the same brush
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> Jidanni@jidanni.org wrote on Wed, 27 Jan 2010 14:12:11 +0800:
> > So what should a Taiwan user (Taiwan~=Hinet)
> > HINET: Control of approx 8,476,149 IP addresses http://www.fixedorbit.com/AS/3/AS3462.htm
> > user do. Buy a SMTP account with a US Company?
On 27.01.10 12:31, Kai Schaetzl wrote:
> I told you what you can do.
>
> Apart from that, again:
> SARE is not part of SA.
> SARE is deprecated.
> So, why bother?
because his mail can be tagged as spam?
There are still some sare rules published and people who may use them.
I guess some of SARE people are subscribed here and someone could notice this
problem and remove it...
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux is like a teepee: no Windows, no Gates and an apache inside...
Re: [Sare-users] painting everybody in Taiwan with the same brush
Posted by Kai Schaetzl <ma...@conactive.com>.
Jidanni@jidanni.org wrote on Wed, 27 Jan 2010 14:12:11 +0800:
> So what should a Taiwan user (Taiwan~=Hinet)
> HINET: Control of approx 8,476,149 IP addresses http://www.fixedorbit.com/AS/3/AS3462.htm
> user do. Buy a SMTP account with a US Company?
I told you what you can do.
Apart from that, again:
SARE is not part of SA.
SARE is deprecated.
So, why bother?
Kai
--
Get your web at Conactive Internet Services: http://www.conactive.com
Re: [Sare-users] painting everybody in Taiwan with the same brush
Posted by ji...@jidanni.org.
So what should a Taiwan user (Taiwan~=Hinet)
HINET: Control of approx 8,476,149 IP addresses http://www.fixedorbit.com/AS/3/AS3462.htm
user do. Buy a SMTP account with a US Company?
But that's what I did, as you see from
http://article.gmane.org/gmane.linux.debian.devel.eeepc/2850/raw
headers.
But that's still not good enough.
So what next? Need a ssh tunnel to /usr/lib/sendmail or something on a
US machine to eradicate all traces of Taiwan?
>>>>> "KS" == Kai Schaetzl <ma...@conactive.com> writes:
KS> The point of discussion was "Email passed through apparent spammer domain"
KS> because of *origination* at a dynamic hinet address. I personally think
KS> this rule is misguided and maybe isn't even doing what it was intended to do.
Re: [Sare-users] painting everybody in Taiwan with the same brush
Posted by Kai Schaetzl <ma...@conactive.com>.
Michael Scheidell wrote on Tue, 26 Jan 2010 06:56:04 -0500:
> if you don't follow the RFC's, you have no reason to complain if people
> who DO follow the RFC's block your email.
There is no RFC requiring back and forward resolution to match. I think
there's not even a requirement for an rDNS, it's just good practice. And
it's not the point of discussion here, anyway.
The point of discussion was "Email passed through apparent spammer domain"
because of *origination* at a dynamic hinet address. I personally think
this rule is misguided and maybe isn't even doing what it was intended to
do. Anyway, anyone with a sane mind has stopped using most SA rules two
years ago.
Kai
--
Get your web at Conactive Internet Services: http://www.conactive.com
Re: [Sare-users] painting everybody in Taiwan with the same brush
Posted by Francis Russell <fr...@unchartedbackwaters.co.uk>.
Michael Scheidell wrote:
> which in itself has a bunged up RDNS .
>
> Received: from [208.97.132.207] (HELO homiemail-a7.g.dreamhost.com)
> (208.97.132.207)
>
>
> host 208.97.132.207
> 207.132.97.208.in-addr.arpa domain name pointer caiajhbdccah.dreamhost.com.
> if you don't follow the RFC's, you have no reason to complain if people
> who DO follow the RFC's block your email.
207.132.97.208.in-addr.arpa. 14400 IN PTR caiajhbdccah.dreamhost.com.
caiajhbdccah.dreamhost.com. 14310 IN A 208.97.132.207
Just for the record, it looks like the reverse DNS is fine. I can only
assume you were comparing against the HELO, and there's no need for that
to match the PTR record.
Francis
Re: [Sare-users] painting everybody in Taiwan with the same brush
Posted by Michael Scheidell <sc...@secnap.net>.
On 1/26/10 5:31 AM, Kai Schaetzl wrote:
> Ned Slider wrote on Tue, 26 Jan 2010 08:16:47 +0000:
>
>
>> Indeed. If your domain (jidanni.org) is in fact on a static IP then you
>> need to get your ISP to update the PTR record to reflect this.
>>
> Well, on closer look it appears that he's using a smarthost. So, there's
> no need for another rDNS for him. He's just a normal dynamic customer
> sending mail thru a smarthost and being a hinet customer.
>
>
which in itself has a bunged up RDNS .
Received: from [208.97.132.207] (HELO homiemail-a7.g.dreamhost.com) (208.97.132.207)
host 208.97.132.207
207.132.97.208.in-addr.arpa domain name pointer caiajhbdccah.dreamhost.com.
if you don't follow the RFC's, you have no reason to complain if people
who DO follow the RFC's block your email.
> Kai
>
>
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best Anti-Spam Product 2008, Network Products Guide
* King of Spam Filters, SC Magazine 2008
______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________
Re: [Sare-users] painting everybody in Taiwan with the same brush
Posted by Kai Schaetzl <ma...@conactive.com>.
Ned Slider wrote on Tue, 26 Jan 2010 08:16:47 +0000:
> Indeed. If your domain (jidanni.org) is in fact on a static IP then you
> need to get your ISP to update the PTR record to reflect this.
Well, on closer look it appears that he's using a smarthost. So, there's
no need for another rDNS for him. He's just a normal dynamic customer
sending mail thru a smarthost and being a hinet customer.
Kai
--
Get your web at Conactive Internet Services: http://www.conactive.com
Re: [Sare-users] painting everybody in Taiwan with the same brush
Posted by Ned Slider <ne...@unixmail.co.uk>.
Michael Mansour wrote:
> Hi,
>
>> Fellows, I have the highest spam score vs. all my buddies:
>> http://article.gmane.org/gmane.linux.debian.devel.eeepc/2850/raw
>>
>> It's all because
>> http://www.rulesemporium.com/rules/70_sare_header1.cf
>> header SARE_RECV_SPAM_DOMN0b Received =~
>> /\bdynamic.hinet\.(?:com|net|org|info)/ describe
>
> I personally don't understand how this regex does all of Taiwan, all I can see
> it do is hit the dynamic IP's of the hinet ISP, which to me is valid since
> dynamic IP's really shouldn't be sending bulk mail.
>
Indeed. If your domain (jidanni.org) is in fact on a static IP then you
need to get your ISP to update the PTR record to reflect this. The issue
arises solely because a rDNS lookup of your IP resolves to
218-163-3-226.dynamic.hinet.net rather than, for example, mx.jidanni.org.
Still, a score of 1.666 from a non-standard ruleset shouldn't hurt you
too much if you're not sending spam and are otherwise following good
email practices.
Re: [Sare-users] painting everybody in Taiwan with the same brush
Posted by Michael Mansour <mi...@npgx.com.au>.
Hi,
> Fellows, I have the highest spam score vs. all my buddies:
> http://article.gmane.org/gmane.linux.debian.devel.eeepc/2850/raw
>
> It's all because
> http://www.rulesemporium.com/rules/70_sare_header1.cf
> header SARE_RECV_SPAM_DOMN0b Received =~
> /\bdynamic.hinet\.(?:com|net|org|info)/ describe
I personally don't understand how this regex does all of Taiwan, all I can see
it do is hit the dynamic IP's of the hinet ISP, which to me is valid since
dynamic IP's really shouldn't be sending bulk mail.
Regards,
Michael.
> SARE_RECV_SPAM_DOMN0b Email passed through apparent spammer
> domain score SARE_RECV_SPAM_DOMN0b 1.666
>
> So how is anybody living in Taiwan supposed to mail things with
> honor? They can't get another country, nor cause a revolution. You
> just paint them all with one brush. What if you painted everybody in
> your home country with one brush until they were supposed to
> overthrew the telephone company or whatever?
_______________________________________________
> This is being sent to: mic@npgx.com.au
> Sare-users mailing list
> Sare-users@maddoc.net
> http://lists.maddoc.net/mailman/listinfo/sare-users
------- End of Original Message -------
Re: painting everybody in Taiwan with the same brush
Posted by Kai Schaetzl <ma...@conactive.com>.
Jdow wrote on Tue, 26 Jan 2010 19:07:14 -0800:
> And it has this disgraceful habit. It works.
You are special, anyway.
Kai
--
Get your web at Conactive Internet Services: http://www.conactive.com
Re: painting everybody in Taiwan with the same brush
Posted by jdow <jd...@earthlink.net>.
From: "Kai Schaetzl" <ma...@conactive.com>
Sent: Tuesday, 2010/January/26 03:57
> Warren Togami wrote on Tue, 26 Jan 2010 06:15:23 -0500:
>
>> Huh? Aren't we supposed to be telling people to stop using SARE?
>
> Isn't that a given? The point was that I don't see a reason to ask here
> about this. It's deprecated and it's not part of SA.
>
> Kai
And it has this disgraceful habit. It works.
{^_^}
Re: painting everybody in Taiwan with the same brush
Posted by Kai Schaetzl <ma...@conactive.com>.
Warren Togami wrote on Tue, 26 Jan 2010 06:15:23 -0500:
> Huh? Aren't we supposed to be telling people to stop using SARE?
Isn't that a given? The point was that I don't see a reason to ask here
about this. It's deprecated and it's not part of SA.
Kai
--
Get your web at Conactive Internet Services: http://www.conactive.com
Re: painting everybody in Taiwan with the same brush
Posted by jdow <jd...@earthlink.net>.
Surely you jest, Sir.
{o.o}
----- Original Message -----
From: "Warren Togami" <wt...@redhat.com>
Sent: Tuesday, 2010/January/26 03:15
> On 01/26/2010 05:31 AM, Kai Schaetzl wrote:
>> This is an SARE rule, I suggest you ask there.
>>
>> Kai
>>
>
> Huh? Aren't we supposed to be telling people to stop using SARE?
>
> Warren
>
Re: painting everybody in Taiwan with the same brush
Posted by Warren Togami <wt...@redhat.com>.
On 01/26/2010 05:31 AM, Kai Schaetzl wrote:
> This is an SARE rule, I suggest you ask there.
>
> Kai
>
Huh? Aren't we supposed to be telling people to stop using SARE?
Warren
Re: painting everybody in Taiwan with the same brush
Posted by Kai Schaetzl <ma...@conactive.com>.
This is an SARE rule, I suggest you ask there.
Kai
--
Get your web at Conactive Internet Services: http://www.conactive.com
Re: painting everybody in Taiwan with the same brush
Posted by Mathias Homann <ad...@eregion.de>.
Am Dienstag 26 Januar 2010 schrieb jidanni@jidanni.org:
> Fellows, I have the highest spam score vs. all my buddies:
> http://article.gmane.org/gmane.linux.debian.devel.eeepc/2850/raw
>
> It's all because
> http://www.rulesemporium.com/rules/70_sare_header1.cf
> header SARE_RECV_SPAM_DOMN0b Received =~
> /\bdynamic.hinet\.(?:com|net|org|info)/ describe
> SARE_RECV_SPAM_DOMN0b Email passed through apparent spammer
> domain score SARE_RECV_SPAM_DOMN0b 1.666
>
> So how is anybody living in Taiwan supposed to mail things with
> honor? They can't get another country, nor cause a revolution. You
> just paint them all with one brush. What if you painted everybody
> in your home country with one brush until they were supposed to
> overthrew the telephone company or whatever?
>
there were times where 90% of my spamcop submissions pointed at
hinet.net so there's that.
if there is some single person in taiwan who wants to exchange
legitimate email with some other single person outside taiwan they can
simply put each other in their whitelists.
--
gpg key fingerprint: 5F64 4C92 9B77 DE37 D184 C5F9 B013 44E7 27BD
763C
Re: painting everybody in Taiwan with the same brush
Posted by Dave Pooser <da...@pooserville.com>.
On 1/26/10 12:29 AM, "jidanni@jidanni.org" <ji...@jidanni.org> wrote:
> So how is anybody living in Taiwan supposed to mail things with honor?
> They can't get another country, nor cause a revolution. You just paint
> them all with one brush. What if you painted everybody in your home
> country with one brush until they were supposed to overthrew the
> telephone company or whatever?
It's not a moral judgment, it's a practical one. It's not the fault of an
individual resident of Taiwan that their country has a high noise to signal
ratio; then again, a rabid dog isn't at fault for its condition, but I'm not
gonna get close enough for it to bite me.
--
Dave Pooser
Cat-Herder-in-Chief, Pooserville.com
"...Life is not a journey to the grave with the intention of arriving
safely in one pretty and well-preserved piece, but to slide across the
finish line broadside, thoroughly used up, worn out, leaking oil, and
shouting GERONIMO!!!" -- Bill McKenna