Re: [Sare-users] painting everybody in Taiwan with the same brush
Dear sare-users Adam Katz tried to post these to your list. Please read http://article.gmane.org/gmane.mail.spam.spamassassin.general/126545 http://article.gmane.org/gmane.mail.spam.spamassassin.general/126547 However, as in http://article.gmane.org/gmane.mail.spam.spamassassin.general/126330 MN == Matija Nalis mnalis...@voyager.hr writes: MN Despite they seemed quite dead for the last several years, at least MN one of the SARE Ninjas (or their associate with privileges enough) MN is not only alive but had heard your plea, and tried to help you on MN 28-Jan-2010 by putting: MN score SARE_RECV_SPAM_DOMN0b0.0 MN it the 70_sare_header1.cf ruleset. MN However, that probably would not work too good, because: MN - they did not seem to update 70_sare_header1.cf.sig digital signature, MN so automatic update would probably fail even if someone manged to pulled it. MN - the Modified and the #@@# history on the top of the Ruleset are not MN updated (they should be) MN - the autoupdater (maybe because of previous error(s) ?) does not seem to pull MN that change - my sa-update says: MN [1016] dbg: channel: attempting channel 70_sare_header1.cf.sare.sa-update.dostech.net MN [1016] dbg: channel: update directory /var/lib/spamassassin/3.002005/70_sare_header1_cf_sare_sa-update_dostech_net MN [1016] dbg: channel: channel cf file /var/lib/spamassassin/3.002005/70_sare_header1_cf_sare_sa-update_dostech_net.cf MN [1016] dbg: channel: channel pre file /var/lib/spamassassin/3.002005/70_sare_header1_cf_sare_sa-update_dostech_net.pre MN [1016] dbg: channel: metadata version = 200605212000 MN [1016] dbg: dns: 5.2.3.70_sare_header1.cf.sare.sa-update.dostech.net = 200605212000, parsed as 200605212000 MN [1016] dbg: channel: current version is 200605212000, new version is 200605212000, skipping channel MN Hopefully someone can fix that issues also
Re: [Sare-users] painting everybody in Taiwan with the same brush
Note, I am not on the SARE list. This message is more directed at the
SARE developers and thus that list. It copies the SA users list.
I wrote:
This rule is poorly written as it does not limit its examination
to the last external relay.
LuKreme responded:
The rule quite specifically does not look at the top received
header because all the spammers were using US based relays to avoid
checks like the one you suggested.
I believed otherwise and stated as much:
Then that is unfair discrimination, blocking all of a major ISP's
customers' traffic. I suspect the rule instead pre-dates either the
creation of the X-Spam-Relays-External pseudo-header or the author(s)'
familiarity with it.
I created some tests for this hypothesis and entered them into my
sandbox for masscheck data. Results are in: Spammers do not send
mail from HINET zombies in through US based relays.
My tests compared two versions of my rule (suffixed 2 and 3) versus
the original: http://ruleqa.spamassassin.org/?rule=%2FSARE
SPAM% HAM% S/ORANK SCORE NAME
0.4481 0.0019 0.9960.810.01 T_SARE_RECV_SPAM_DOMN0B2
0.4481 0.0019 0.9960.810.01 T_SARE_RECV_SPAM_DOMN0B3
0.4511 0.0045 0.9900.810.01 T_SARE_RECV_SPAM_DOMN0B
This proves that the SARE rule is unnecessarily broad, catching a
negligible excess in spam and ham. Rules #2 and #3 performed exactly
the same, confirming my unvoiced suspicion that the rule was checking
against too broad a domain list.
The 6 ham my tests hit were already scored by the system between 13-17
points (holy crap!) while 8 hams matching the original test scored 3
or lower and the same 6 hams as my tests(!) hit the 13-17 score range.
Looking at spam scoring under 10, my tests missed 12 spams that the
original caught (of 34 missed spams overall).
Therefore, it is worthwhile to migrate to the more conservative rule
(my #3):
header SARE_RECV_SPAM_DOMN0B X-Spam-Relays-External =~
/^[^\]]+ rdns=[^ ]{0,25}\bdynamic.hinet\.net /
HOWEVER:
Perhaps more important to note is the overlap. Here's the data (all
versions had identical results), truncated to wrap; second percent is
the percent of the other rule's hits that overlap this rule's hits:
overlap spam: 100% of [this] also hit RAZOR2_CF_RANGE_51_100; 0%
overlap spam: 100% of [this] also hit RAZOR2_CF_RANGE_E4_51_100; 0%
overlap spam: 100% of [this] also hit RAZOR2_CHECK; 0%
overlap spam: 100% of [this] also hit RCVD_IN_PBL; 1%
overlap spam: 100% of [this] also hit RDNS_DYNAMIC; 1%
RDNS_DYNAMIC is a meta rule triggered by these:
overlap spam: 100% of [this] also hit __RDNS_DYNAMIC_IPADDR; 0%
overlap spam: 100% of [this] also hit __RDNS_INDICATOR_DYN; 10%
On SA 3.2.5, that's 0.5 + 1.5 + 0.5 + 0.509 + 0.1 = 3.109
On SA 3.3.0, that's 0.5 + 0.642 + 0.922 + 3.335 + 0.982 = 6.381
(Without network tests, SA-3.2.5 scores that 0.1 while SA-3.3.0 scores
it at 1.663 (with bayes on) or 2.639. The above stanza used the more
pessimistic sum and would be higher with bayes on SA-3.2.5 and higher
without bayes on SA-3.3.0.)
Don't forget that 90+% of the hits on svn-trunk had at least four more
points than the ones I just added up from the 100% overlap.
Now add the original rule's 1.666 points. Even the *minimum* scores
of 4.775 and 8.047 are hard to swallow for HINET customers who may not
have a choice of vendors. By using an external smarthost, Jidanni was
able to bypass all but SARE's 1.666 points. Since my version only
examines the last-external relay, it would be bypassed by a clean
smarthost too.
This should pretty clearly illustrate that the last two versions of
spamassassin don't benefit from this rule at all. For those convinced
there is merit for this rule on legacy SA versions, I suggest my
rewrite as it removes more than half the false positives.
The fact that 70_sare_header1.cf is chock-full of rules like this
should stand as a good warning to anybody considering any of the SARE
channels numbered 1+ for increased risk (as marked when they were
still actively maintained!).
Re: The ninjas have left the building (was Re: [Sare-users] painting everybody in Taiwan with the same brush)
On Friday, January 29, 2010, 12:27:59 PM, Marc Sherman wrote: Matija Nalis wrote: Also note that SARE Ninjas are long gone - see main page http://www.rulesemporium.com/. So nobody could fix those rules even if they thought it was a good idea (and at least some people are not convinced it is a bad idea); and even if the rules could be fixed, still at least half the world would *never* update them to new versions. So you would still get blocked, only perhaps a little less. That is just a fact (based on extensive mailadmin experience), so trust me on that. Thanks for pointing that out, I didn't know that they'd officially thrown in the towel (though it's pretty clear to anyone who watches update traffic on the rule sets). Are there any other resources out there for reasonably useful and actively maintained spamassassin rulesets that publish an sa-update channel? - Marc As I understand it, as soon as rules are published, some of the senders of unsolicited messages immediately change their behavior to defeat or bypass the rules, so publishing them is somewhat counterproductive. Cheers, Jeff C. -- Jeff Chan mailto:je...@surbl.org http://www.surbl.org/
Re: The ninjas have left the building (was Re: [Sare-users] painting everybody in Taiwan with the same brush)
Hi! Also note that SARE Ninjas are long gone - see main page http://www.rulesemporium.com/. So nobody could fix those rules even if they thought it was a good idea (and at least some people are not convinced it is a bad idea); and even if the rules could be fixed, still at least half the world would *never* update them to new versions. So you would still get blocked, only perhaps a little less. That is just a fact (based on extensive mailadmin experience), so trust me on that. Please only talk for yourselve, and do not make assumtptions that you cannot make. They SA Y2010 'bug' was also inside SARE and we fixed it there also. Same for some other rules, but we only fix the really really needed things. actively maintained spamassassin rulesets that publish an sa-update channel? As I understand it, as soon as rules are published, some of the senders of unsolicited messages immediately change their behavior to defeat or bypass the rules, so publishing them is somewhat counterproductive. Correct. And the assumtion SARE is dead is wrong also. There are many people from SARE submitting rules in the SA update channels. And indeed as soon as rules are published they become worthless for many of us. And thats the main reason some of the SARE people do make rules, for a smaller audience, and not publish them on the public SARE page anymore. Bye, Raymond.
The ninjas have left the building (was Re: [Sare-users] painting everybody in Taiwan with the same brush)
Matija Nalis wrote: Also note that SARE Ninjas are long gone - see main page http://www.rulesemporium.com/. So nobody could fix those rules even if they thought it was a good idea (and at least some people are not convinced it is a bad idea); and even if the rules could be fixed, still at least half the world would *never* update them to new versions. So you would still get blocked, only perhaps a little less. That is just a fact (based on extensive mailadmin experience), so trust me on that. Thanks for pointing that out, I didn't know that they'd officially thrown in the towel (though it's pretty clear to anyone who watches update traffic on the rule sets). Are there any other resources out there for reasonably useful and actively maintained spamassassin rulesets that publish an sa-update channel? - Marc
Re: [Sare-users] painting everybody in Taiwan with the same brush
Anyway, what you are doing here is penalizing all users of that company's copper wires. No amount of monopoly breakup legislation will do any good if you penalize based on the wrong part of the physical infrastructure. http://en.wikipedia.org/wiki/Common_carrier http://en.wikipedia.org/wiki/Network_neutrality The rule is buggy -- it's looking at all the received headers, even the ones before the relay. Therefore you want to score on who is handing their SMTP etc. Not on who provides the copper wires to their house... rating on that part of the infrastructure will spoil your results.
Re: [Sare-users] painting everybody in Taiwan with the same brush
please stop spamming this list with this explitive deleted any longer, thanks. If you have grieve take it up with the folks how are responsible, that is the folks *using* the rules and *making* the rules. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com
Re: [Sare-users] painting everybody in Taiwan with the same brush
Firstly, the instructions for reading this e-mail: please read it whole, and understand that (although it may sound harsh at places) I am actually trying to help you. Only then reply (if needed). It is also somewhat long, but it does contain some technical info (and not only my rants :) Thanks. On Thu, Jan 28, 2010 at 09:34:46AM +0800, jida...@jidanni.org wrote: Long ago, I tried mailing directly direct-to-mx style, but that of course didn't work, e.g., http://www.spamhaus.org/pbl/query/PBL109625 So only 5% of my mail got through. So then I tried mailing through The ISP Here, Hinet.Net's SMTP server, but of course Hinet.Net has a bad name. So only 50% of my mail got through. Yeah, well, there is this thing about SMTP... It haven't really work correctly for at least last 10 years. It's doomed protocol. Nothing can save it nowadays. It is taken from granted that some percentage of *anyone's* e-mail is going to be lost and never reach its destination. That percentage might be lower or higher, depending on many factors, most prominent of which is luck. It's too bad, it was a nice and happy and simple (hence the name) protocol before spammers got it and pretty much destroyed it. Ok, now that we've got THAT part over with, we can get down to the point how to minimize the pain you *will* suffer by using SMTP if you decide to continue using it. So, upon people like you guy's recommendation, I (asked my mom to buy) me a dreamhost.com account. Does it work better then 50% you got with HInet.Net SMTP ? If so, then it is great - you've got better deal then before, right ? Maybe you wanted even better, but hay... nothing is perfect, remember. If it however works worse with dreamhost than before with Hinet.Net SMTP server, than it was wasted money. That is sad, but such things happen all the time too, you pay for something only to find out it was not a good deal for you. One thing to note - you (or anybody else) will never *ever* get it so that 100% of your mail always reaches the other side. Those days when such a thing was possible (no matter in what country the mail originated) are long gone -- and even before spam and all the antispam measures, mail did get lost occasionally. Nowadays, it is quite everyday that some mails gets lost. It is considered acceptable collateral damage in full-fledged war to protect mailboxes from spam. However I can't shake off the Original Sin of Being in Taiwan. All people with Taiwan Colored Skin will have points deducted, no matter Knock it off with that you're all wanna-be racists stuff, will you please? It is clear that racism has absolutely nothing to do with your problems, and you are just insulting people who are trying to help you. Furthermore, people on this list who are replying to you are (in great majority at least) just users of the rules, they did not write them - the SARE Ninjas did. So even if your intent *is* to insult people who wrote rules which are making you problems (which I hope it is not), you're insulting the wrong people. You've come to this mailing list (presumably) to ask people to invest their time to help *you*, something they have no obligation to. At least you could try to be polite to them (of course nobody can *make you*, but it will just lower your chances of getting help). Also note that SARE Ninjas are long gone - see main page http://www.rulesemporium.com/. So nobody could fix those rules even if they thought it was a good idea (and at least some people are not convinced it is a bad idea); and even if the rules could be fixed, still at least half the world would *never* update them to new versions. So you would still get blocked, only perhaps a little less. That is just a fact (based on extensive mailadmin experience), so trust me on that. Also please note that even when SARE Ninjas were here, they did not write those rules because they were racists that hated Taiwanese people - they wrote them them because they were effective (see below for technical info). what. We use the Telephone Company's ISP. Yup. And somebody once decided that mail coming from your Telephone Company's ISP (and other places) is mostly spam. The last updates and test done in that rules file are from 2006, though, so it may have changed since. Here is the technical data (note: I'm not a SARE Ninja and never was, but I can read most rules and have written quite a few of my own): http://www.rulesemporium.com/rules.htm lists the problematic 70_sare_header1.cf rule with following comments: the 70_sare_header1.cf ruleset contains rules which do (or in the past have) hit ham during SARE mass-check tests. The S/O calculated by SA's hit-frequencies scripts are all at or above 0.900. This file also contains rules which hit only spam, but fewer than 10 spam in our mass-check tests. Systems which are highly sensitive to false positives and/or tight on resources may want to exclude this ruleset, pick and choose among its rules, or lower their scores. In
Re: [Sare-users] painting everybody in Taiwan with the same brush
jida...@jidanni.org wrote on Thu, 28 Jan 2010 09:34:46 +0800: thanks to you guys and no one else. Boy, *you* have a problem, and this is not with SA, get some help, good bye. Please stop further spamming this list with your garbage. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com
Re: [Sare-users] painting everybody in Taiwan with the same brush
On 28/01/2010 01:34, jida...@jidanni.org wrote: Long ago, I tried mailing directly direct-to-mx style, but that of course didn't work, e.g., http://www.spamhaus.org/pbl/query/PBL109625 So only 5% of my mail got through. So then I tried mailing through The ISP Here, Hinet.Net's SMTP server, but of course Hinet.Net has a bad name. So only 50% of my mail got through. So, upon people like you guy's recommendation, I (asked my mom to buy) me a dreamhost.com account. You could have set up a free gmail account and then configured your MTA to use GMail's SMTP submission service as a smarthost. However I can't shake off the Original Sin of Being in Taiwan. All people with Taiwan Colored Skin will have points deducted, no matter what. We use the Telephone Company's ISP. I don't use this term lightly but you're an idiot if you think any of this has to do with skin colour or race. The only thing you'll achieve by making such claims is mass ridicule. J == Jailer-Daemonb...@connect.ie writes: J On Wed, Jan 27, 2010 at 11:30:28AM -0500,msher...@projectile.ca wrote: He's using an SMTP relay J He is, but it isn't a Hinet relay. At least not in the URL he gave. J It should be possible to relay out from your own ISP and not score J anything on SARE rules, without having to pay extra for clean SMTP J relaying (which is what seems to be happening here). Now you guys are saying I should go back to using Hinet.Net's SMTP, even though my mom has already paid a 5 year contract for me at Dreamhost. Five years? That wasn't very clever. Why not just configure the MTA on your Dreamhost server to remove the offending IP/hostname data from mail before relaying it? I don't know what MTA you're using but if it's Exim and you ask on the Exim users mailing list, I'll help you there. -- Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226 Technical Blog : Tech Blog - https://secure.grepular.com/ Spamalyser : Spam Tool - http://spamalyser.com/ -- Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226 Technical Blog : Tech Blog - https://secure.grepular.com/ Spamalyser : Spam Tool - http://spamalyser.com/
Re: [Sare-users] painting everybody in Taiwan with the same brush
From: Mike Cardwell spamassassin-us...@lists.grepular.com
Sent: Thursday, 2010/January/28 03:09
On 28/01/2010 01:34, jida...@jidanni.org wrote:
However I can't shake off the Original Sin of Being in Taiwan. All
people with Taiwan Colored Skin will have points deducted, no matter
what. We use the Telephone Company's ISP.
I don't use this term lightly but you're an idiot if you think any of
this has to do with skin colour or race. The only thing you'll achieve
by making such claims is mass ridicule.
Ah yes, and he should be REALLY happy he does not have a .info address.
I just scanned my spam folder and noticed something peculiar about a
spam so I double checked. It was a .info. That TLD enjoys a three point
disadvantage here for the color if ITS bits.
(It was two identical spams a couple hours apart from two addresses in
the same network allocation block (THEFAMILYHAP[MUNGE]PYEVERYDAY . INFO.
It had an interesting name in it that made me think of my ex.)
Don't whine. Fix it.
{^_-}
Re: [Sare-users] painting everybody in Taiwan with the same brush
jida...@jidanni.org wrote: MM == Michael Mansour m...@npgx.com.au writes: MM Why couldn't the mailing list filters simply whitelist your email address or MM whitelist people automatically subscribed to the mailing list? Yes, but that's beside the point. That is not solving the bad thing you guys are doing. MM The world isn't perfect and the only way to get things changed is to complaint MM and/or do something about it yourself. But to blanket criticise rules that MM many sites are using worldwide doesn't really make sense to me. You guys are doing something wrong. Maybe you think that every country is like the USA or something. You blew it. Your rules are wrong. As has been pointed out before, the rule you are complaining about is not part of a standard SA install. Your emails score a grand total of 0 points here (not counting the whitelists that hit because of the list server). Also, the rule that hits on hinet, only scores 1.6 points. That means that on a normal system (where they have not lowered the required score to a ridiculous level), you would need to score another 3.4 points from other rules in order to be marked as spam. Where are the rest of the points coming from? -- Bowie -- Bowie
Re: [Sare-users] painting everybody in Taiwan with the same brush
What spam is being sent through hinet's smtp servers? I have yet to see any connections from their mail servers. Every connection so far has always been from subscribers' boxes trying to get me to relay mail or trying invalid addys. What does that have to do with hinet's mail servers? It seems to me that the hinet rule is just an half-assed catch-all written by someone who couldn't be bothered to refine it to catch only the dynamic IPs, which is, according to mail gurus, really bad form. Or is this rule produced by the kind of mindset that punishes isp's for not blocking port 25? == jd It's easier to fight for one's principles than to live up to them. --
Re: [Sare-users] painting everybody in Taiwan with the same brush
jida...@jidanni.org wrote:
You guys are doing something wrong. Maybe you think that every
country is like the USA or something. You blew it. Your rules are
wrong.
MM It may not be your fault you're using an ISP which is known to
MM generate spam [...] you need to complain to the ISP.
at the first chance my mail gets, it leaves those wires and heads
for the smarthost in the USA in order to cleanse its sins of having
come from an unfamiliar country.
So you acknowledge that it's a problem and try to work around it.
Proper use of that US-based smarthost should actually remove this
problem entirely (since all of the dynamic-rDNS detectors examine only
the last-external relay, which should be that smarthost).
However, as you noted earlier:
It's all because
http://www.rulesemporium.com/rules/70_sare_header1.cf
header SARE_RECV_SPAM_DOMN0b Received =~
/\bdynamic.hinet\.(?:com|net|org|info)/
describe SARE_RECV_SPAM_DOMN0b Email passed through apparent spammer domain
scoreSARE_RECV_SPAM_DOMN0b 1.666
This rule is poorly written as it does not limit its examination to
the last external relay. Were SARE accepting revisions (and assuming
I've read the intent right), it should be reworked so as to be defined
as (be wary of mail agent rewrapping):
header SARE_RECV_SPAM_DOMN0b X-Spam-Relays-External =~ /[^\]]+
rdns=[^ ]{0,25}\bdynamic.hinet\.(?:com|net|org|info)(?:\.tw)? /
The above revision to the rule would ensure that anybody using a
smarthost to leave the Hinet network, or (almost certainly) using the
SMTP hosts provided by Hinet. The MX record for hinet.net has proper
FCrDNS as netnews.hinet.net, which does not trigger my update to the
rule, so presumably neither does the SMTP server they provide (which
may be the same). ... though as you noted, you're not using this SMTP
server (which wouldn't have helped due to the flawed implementation).
once you are a Negro you are always a Negro or something. Please
fix your rules. You are demanding one use certain physical carriers
irrespective of ISP.
That kind of language will not be tolerated. Please look it up to
read just how offensive it actually is; this goes beyond your choice
of words to the entirety of your sentence, whose harshness harkens a
statement of oppression and segregation that battle the very core of
civil rights. You also appear to be lumping all Americans into that
statement and all users on these lists into Americans, further
promoting your ignorance.
Yes, we are prejudiced against dynamic-looking rDNS entries. The
rules involved (at the SpamAssassin project as I cannot speak to the
SARE rules) are all carefully written so as to ensure that only direct
mail-to-mx messages trigger them. If you fall into that category (you
do not, though you did at one point), the only solution is to request
your ISP change your IP's PTR record (rDNS).
The issue at heart is a bug in the SARE rule SARE_RECV_SPAM_DOMN0b. I
have proposed a fix. The ball is in SARE's court.
Let's finish this with a civil tongue.
Re: [Sare-users] painting everybody in Taiwan with the same brush
Michael Scheidell wrote: which in itself has a bunged up RDNS . Received: from [208.97.132.207] (HELO homiemail-a7.g.dreamhost.com) (208.97.132.207) host 208.97.132.207 207.132.97.208.in-addr.arpa domain name pointer caiajhbdccah.dreamhost.com. if you don't follow the RFC's, you have no reason to complain if people who DO follow the RFC's block your email. 207.132.97.208.in-addr.arpa. 14400 IN PTR caiajhbdccah.dreamhost.com. caiajhbdccah.dreamhost.com. 14310 INA 208.97.132.207 Just for the record, it looks like the reverse DNS is fine. I can only assume you were comparing against the HELO, and there's no need for that to match the PTR record. Francis
Re: [Sare-users] painting everybody in Taiwan with the same brush
On 1/28/2010 5:23 PM, Adam Katz wrote:
However, as you noted earlier:
It's all because
http://www.rulesemporium.com/rules/70_sare_header1.cf
header SARE_RECV_SPAM_DOMN0b Received =~
/\bdynamic.hinet\.(?:com|net|org|info)/
describe SARE_RECV_SPAM_DOMN0b Email passed through apparent spammer domain
scoreSARE_RECV_SPAM_DOMN0b 1.666
This rule is poorly written as it does not limit its examination to
the last external relay. Were SARE accepting revisions (and assuming
I've read the intent right), it should be reworked so as to be defined
as (be wary of mail agent rewrapping):
header SARE_RECV_SPAM_DOMN0b X-Spam-Relays-External =~ /[^\]]+
rdns=[^ ]{0,25}\bdynamic.hinet\.(?:com|net|org|info)(?:\.tw)? /
the rule has been scored 0.0
It can be replaced by a SA rule if desired.
Re: [Sare-users] painting everybody in Taiwan with the same brush
On 28.01.10 07:13, jd wrote: What spam is being sent through hinet's smtp servers? hard to say, however the rule in subject doesn't mention their smtp servers... I have yet to see any connections from their mail servers. Every connection so far has always been from subscribers' boxes trying to get me to relay mail or trying invalid addys. What does that have to do with hinet's mail servers? It seems to me that the hinet rule is just an half-assed catch-all written by someone who couldn't be bothered to refine it to catch only the dynamic IPs, which is, according to mail gurus, really bad form. precisely, go and bug him. no, we (this list) are not him. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Where do you want to go to die? [Microsoft]
Re: [Sare-users] painting everybody in Taiwan with the same brush
jida...@jidanni.org wrote on Wed, 27 Jan 2010 14:12:11 +0800: So what should a Taiwan user (Taiwan~=Hinet) HINET: Control of approx 8,476,149 IP addresses http://www.fixedorbit.com/AS/3/AS3462.htm user do. Buy a SMTP account with a US Company? I told you what you can do. Apart from that, again: SARE is not part of SA. SARE is deprecated. So, why bother? Kai -- Get your web at Conactive Internet Services: http://www.conactive.com
Re: [Sare-users] painting everybody in Taiwan with the same brush
jida...@jidanni.org wrote on Wed, 27 Jan 2010 14:12:11 +0800: So what should a Taiwan user (Taiwan~=Hinet) HINET: Control of approx 8,476,149 IP addresses http://www.fixedorbit.com/AS/3/AS3462.htm user do. Buy a SMTP account with a US Company? On 27.01.10 12:31, Kai Schaetzl wrote: I told you what you can do. Apart from that, again: SARE is not part of SA. SARE is deprecated. So, why bother? because his mail can be tagged as spam? There are still some sare rules published and people who may use them. I guess some of SARE people are subscribed here and someone could notice this problem and remove it... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Linux is like a teepee: no Windows, no Gates and an apache inside...
Re: [Sare-users] painting everybody in Taiwan with the same brush
Matus UHLAR - fantomas wrote on Wed, 27 Jan 2010 15:10:48 +0100: because his mail can be tagged as spam? Not largely a problem. Did you look at the mailing list conversation he linked to? It seems he's actively telling the mailing list owner how to tune SA and reduce the required score to 2 (two !). And before that he may have told him to use SARE (I don't know, but it's possible). And that is why he came here. He set his own trap and is now likely to fall in. :-) And he's probably never heard about setting own rule scores. I guess some of SARE people are subscribed here and someone could notice this problem and remove it... quoting myself: I told you (him) what you (he) can do. This is an SARE rule, I suggest you ask there. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com
Re: [Sare-users] painting everybody in Taiwan with the same brush
On Wed, 27 Jan 2010, Kai Schaetzl wrote: So what should a Taiwan user (Taiwan~=Hinet) user do. Buy a SMTP account with a US Company? I told you what you can do. Apart from that, again: SARE is not part of SA. SARE is deprecated. So, why bother? Why bother posting just to tell him that his fate rests in the hands of everyone else? That was his complaint in the first place. If you (Kai) want to mount a campaign to have SARE removed from everyone's SA configs, then best of luck to you, but otherwise, your 'answer' does not help the legitimate Taiwanese user in the least (shrug) - C
Re: [Sare-users] painting everybody in Taiwan with the same brush
so what? Kai -- Get your web at Conactive Internet Services: http://www.conactive.com
Re: [Sare-users] painting everybody in Taiwan with the same brush
Long ago, I tried mailing directly direct-to-mx style, but that of course didn't work, e.g., http://www.spamhaus.org/pbl/query/PBL109625 So only 5% of my mail got through. So then I tried mailing through The ISP Here, Hinet.Net's SMTP server, but of course Hinet.Net has a bad name. So only 50% of my mail got through. So, upon people like you guy's recommendation, I (asked my mom to buy) me a dreamhost.com account. However I can't shake off the Original Sin of Being in Taiwan. All people with Taiwan Colored Skin will have points deducted, no matter what. We use the Telephone Company's ISP. J == Jailer-Daemon b...@connect.ie writes: J On Wed, Jan 27, 2010 at 11:30:28AM -0500, msher...@projectile.ca wrote: He's using an SMTP relay J He is, but it isn't a Hinet relay. At least not in the URL he gave. J It should be possible to relay out from your own ISP and not score J anything on SARE rules, without having to pay extra for clean SMTP J relaying (which is what seems to be happening here). Now you guys are saying I should go back to using Hinet.Net's SMTP, even though my mom has already paid a 5 year contract for me at Dreamhost. The rule is buggy -- it's looking at all the received headers, even the ones before the relay. Yes, and what may seem like a mere 1.6 points is causing me to have to request the whole spam threshold of that mailing list http://article.gmane.org/gmane.linux.debian.devel.eeepc/2850/raw be lowered just for me, just because my mail is being tagged with a stupid looking mail Made in Taiwan, penalty 1.666 points that I can't do anything about, thanks to you guys and no one else. Also, I wonder why lots of my mail doesn't seem to get through to people... and no, I don't want to bother them with various test messages. Perhaps it is all again due to your sloppy rules? Actually, I could figure out some underhanded methods to get around being detected as living in a Undesirable Country, but if ever detected, I would surely get penalized even more points.
Re: [Sare-users] painting everybody in Taiwan with the same brush
Hi Jidanni, Long ago, I tried mailing directly direct-to-mx style, but that of course didn't work, e.g., http://www.spamhaus.org/pbl/query/PBL109625 So only 5% of my mail got through. So then I tried mailing through The ISP Here, Hinet.Net's SMTP server, but of course Hinet.Net has a bad name. So only 50% of my mail got through. So, upon people like you guy's recommendation, I (asked my mom to buy) me a dreamhost.com account. However I can't shake off the Original Sin of Being in Taiwan. All people with Taiwan Colored Skin will have points deducted, no matter what. We use the Telephone Company's ISP. J == Jailer-Daemon b...@connect.ie writes: J On Wed, Jan 27, 2010 at 11:30:28AM -0500, msher...@projectile.ca wrote: He's using an SMTP relay J He is, but it isn't a Hinet relay. At least not in the URL he gave. J It should be possible to relay out from your own ISP and not score J anything on SARE rules, without having to pay extra for clean SMTP J relaying (which is what seems to be happening here). Now you guys are saying I should go back to using Hinet.Net's SMTP, even though my mom has already paid a 5 year contract for me at Dreamhost. There are various people on this list from various countries, not everyone was giving the same recommendation. The rule is buggy -- it's looking at all the received headers, even the ones before the relay. Yes, and what may seem like a mere 1.6 points is causing me to have to request the whole spam threshold of that mailing list http://article.gmane.org/gmane.linux.debian.devel.eeepc/2850/raw be lowered just for me, just because my mail is being tagged with a stupid looking mail Made in Taiwan, penalty 1.666 points that I can't do anything about, thanks to you guys and no one else. Why couldn't the mailing list filters simply whitelist your email address or whitelist people automatically subscribed to the mailing list? Also, I wonder why lots of my mail doesn't seem to get through to people... and no, I don't want to bother them with various test messages. Perhaps it is all again due to your sloppy rules? The world isn't perfect and the only way to get things changed is to complaint and/or do something about it yourself. But to blanket criticise rules that many sites are using worldwide doesn't really make sense to me. It may not be your fault you're using an ISP which is known to generate spam and/or have lax rules in combating spam from it's users, but if you know the problems with the ISP and you continue to use them then how can you complain here? you need to complain to the ISP. Actually, I could figure out some underhanded methods to get around being detected as living in a Undesirable Country, but if ever detected, I would surely get penalized even more points. Two wrongs never make a right, try it and you'll learn that :) Regards, Michael.
Re: [Sare-users] painting everybody in Taiwan with the same brush
Hi Jadinni, MM == Michael Mansour m...@npgx.com.au writes: MM Why couldn't the mailing list filters simply whitelist your email address or MM whitelist people automatically subscribed to the mailing list? Yes, but that's beside the point. That is not solving the bad thing you guys are doing. ?? I'm a user just like you are. MM The world isn't perfect and the only way to get things changed is to complaint MM and/or do something about it yourself. But to blanket criticise rules that MM many sites are using worldwide doesn't really make sense to me. You guys are doing something wrong. Maybe you think that every country is like the USA or something. You blew it. Your rules are wrong. I'm not in the USA, I'm in Australia. Our laws are some of the strictest in the world and our ISP's take action on users within their networks that spam. I didn't write the rules, I'm just a user of them. MM It may not be your fault you're using an ISP which is known to generate spam MM and/or have lax rules in combating spam from it's users, but if you know the MM problems with the ISP and you continue to use them then how can you complain MM here? you need to complain to the ISP. Yes I am using the wires of that Telephone Company. But at the first chance my mail gets, it leaves those wires and heads for the smarthost in the USA in order to cleanse its sins of having come from an unfamiliar country. But for you guys, once you are a Negro you are always a Negro or something. Please fix your rules. You are demanding one use certain physical carriers irrespective of ISP. Hmmm... Michael. I'm not using the ISP to send SMTP. ___ This is being sent to: m...@npgx.com.au Sare-users mailing list sare-us...@maddoc.net http://lists.maddoc.net/mailman/listinfo/sare-users --- End of Original Message ---
Re: [Sare-users] painting everybody in Taiwan with the same brush
On Thu, 2010-01-28 at 10:35 +0800, jida...@jidanni.org wrote: Yes, but that's beside the point. That is not solving the bad thing you guys are doing. Eh? stopping spammers is a bad thing now hey... MM The world isn't perfect and the only way to get things changed is to complaint MM and/or do something about it yourself. But to blanket criticise rules that MM many sites are using worldwide doesn't really make sense to me. You guys are doing something wrong. Maybe you think that every country is like the USA or something. You blew it. Your rules are wrong. oh right we bad, bad bad bad, how DARE we put measures in place to stop spamming scum Yes I am using the wires of that Telephone Company. But at the first chance my mail gets, it leaves those wires and heads for the smarthost in the USA in order to cleanse its sins of having come from an unfamiliar country. But for you guys, once you are a Negro you are always a Negro or something. Please fix your rules. You are demanding one use certain physical carriers irrespective of ISP. what racist rot. I too are not an American (NEWSFLASH: like at least half or more of this list). a person can not change the colour of their skin (WOW about the only thing you said that did not make me piss myself in laughter) however a country that does not care about its residents spamming CAN change, yet TW has failed to do so. Even China has in recent years taken great steps to clean up their act, if you want change, it must start at the top, petition your government to get off its lazy ass and do something about its spamming residents, clean up their act, and in time to come TW, like CN has recently found, many places just might once again start accepting your mail. Don't you dare sit there having a childish dummy spit accusing everyone here to be wrong by denying access or adding a substantial score to a well known spammer friendly country.
Re: [Sare-users] painting everybody in Taiwan with the same brush
On Thu, 28 Jan 2010 09:34:46 +0800 jida...@jidanni.org wrote: Yes, and what may seem like a mere 1.6 points is causing me to have to request the whole spam threshold of that mailing list http://article.gmane.org/gmane.linux.debian.devel.eeepc/2850/raw be lowered just for me, just because my mail is being tagged with a stupid looking mail Made in Taiwan, penalty 1.666 points that I can't do anything about, thanks to you guys and no one else. lowering the threshold is going to make your problem worse, it doesn't make sense for you to ask them to lower it. Also, I wonder why lots of my mail doesn't seem to get through to people... and no, I don't want to bother them with various test messages. Perhaps it is all again due to your sloppy rules? You seem to be losing sight of the fact that the rule that's affecting you is nothing to do with the Spamassassin project. It's a third-party rule added by the people running the mailing list. Make your complaint to them, not us. If you look at your posts to this list you will see that you scored 0.0.
Re: [Sare-users] painting everybody in Taiwan with the same brush
This is a problem a lot of people face, some for more legitimate reasons
than others. I have an Earthlink.net account, from when they were smaller
and Sky Dayton still ran the show - actually from not long after he
founded the company. Over the years people forged the Earthlink address.
Earthlink worked hard to minimize spam while allowing their customers to
roam. One trick was to limit the spam that could get sent by limiting
the number of messages per unit time that could be sent without added
smtp processing time delays. Then when Outlook Express grew smtp auth
capabilities they moved to that. I still get blocked at some zero tolerance
locations.
Appearances here are that hinet we are the telephone company, we answer
to nobody doesn't give a tinker's damn. You're stuck unless you can do
something to cause hinet to change its attitudes about spam. If some
poor souls suffer because of their IP address neighbors or prior lease
holders I can't do anything about it.
(Actually, I can. Relays through this list are completely unfiltered by
me, which seemed quite logical in the early days when samples were sent
to the list. And relays through some other lists get their scores
expanded around Bayes 80. Below that I reduce score. Above that I add
to score. I've seen remarkably little email I should have seen that got
marked as spam these days as a result. It's just some creative meta rule
making custom to my usage of the net that I performed. It's not Taiwan
colored skin, son. It's hinet colored bits. Even yankees in Taiwan using
hinet get dinged.)
{^_^} When the rubber meets the solid road appeals to political
correctness weigh naught to me. Even if it's not politically
correct for the road to be hard I still hurt my hand if I try
to hit it too hard.
- Original Message -
From: jida...@jidanni.org
Sent: Wednesday, 2010/January/27 17:34
Long ago, I tried mailing directly direct-to-mx style, but that of
course didn't work, e.g., http://www.spamhaus.org/pbl/query/PBL109625
So only 5% of my mail got through.
So then I tried mailing through The ISP Here, Hinet.Net's SMTP server,
but of course Hinet.Net has a bad name. So only 50% of my mail got
through.
So, upon people like you guy's recommendation, I (asked my mom to buy)
me a dreamhost.com account.
However I can't shake off the Original Sin of Being in Taiwan. All
people with Taiwan Colored Skin will have points deducted, no matter
what. We use the Telephone Company's ISP.
J == Jailer-Daemon b...@connect.ie writes:
J On Wed, Jan 27, 2010 at 11:30:28AM -0500, msher...@projectile.ca
wrote:
He's using an SMTP relay
J He is, but it isn't a Hinet relay. At least not in the URL he gave.
J It should be possible to relay out from your own ISP and not score
J anything on SARE rules, without having to pay extra for clean SMTP
J relaying (which is what seems to be happening here).
Now you guys are saying I should go back to using Hinet.Net's SMTP, even
though my mom has already paid a 5 year contract for me at Dreamhost.
The rule is buggy -- it's looking at all the
received headers, even the ones before the relay.
Yes, and what may seem like a mere 1.6 points is causing me to have to
request the whole spam threshold of that mailing list
http://article.gmane.org/gmane.linux.debian.devel.eeepc/2850/raw be
lowered just for me, just because my mail is being tagged with a stupid
looking mail Made in Taiwan, penalty 1.666 points that I can't do
anything about, thanks to you guys and no one else.
Also, I wonder why lots of my mail doesn't seem to get through to
people... and no, I don't want to bother them with various test
messages. Perhaps it is all again due to your sloppy rules?
Actually, I could figure out some underhanded methods to get around
being detected as living in a Undesirable Country, but if ever detected,
I would surely get penalized even more points.
Re: [Sare-users] painting everybody in Taiwan with the same brush
Michael Mansour wrote: Hi, Fellows, I have the highest spam score vs. all my buddies: http://article.gmane.org/gmane.linux.debian.devel.eeepc/2850/raw It's all because http://www.rulesemporium.com/rules/70_sare_header1.cf headerSARE_RECV_SPAM_DOMN0bReceived =~ /\bdynamic.hinet\.(?:com|net|org|info)/ describe I personally don't understand how this regex does all of Taiwan, all I can see it do is hit the dynamic IP's of the hinet ISP, which to me is valid since dynamic IP's really shouldn't be sending bulk mail. Indeed. If your domain (jidanni.org) is in fact on a static IP then you need to get your ISP to update the PTR record to reflect this. The issue arises solely because a rDNS lookup of your IP resolves to 218-163-3-226.dynamic.hinet.net rather than, for example, mx.jidanni.org. Still, a score of 1.666 from a non-standard ruleset shouldn't hurt you too much if you're not sending spam and are otherwise following good email practices.
Re: [Sare-users] painting everybody in Taiwan with the same brush
Ned Slider wrote on Tue, 26 Jan 2010 08:16:47 +: Indeed. If your domain (jidanni.org) is in fact on a static IP then you need to get your ISP to update the PTR record to reflect this. Well, on closer look it appears that he's using a smarthost. So, there's no need for another rDNS for him. He's just a normal dynamic customer sending mail thru a smarthost and being a hinet customer. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com
Re: [Sare-users] painting everybody in Taiwan with the same brush
On 1/26/10 5:31 AM, Kai Schaetzl wrote: Ned Slider wrote on Tue, 26 Jan 2010 08:16:47 +: Indeed. If your domain (jidanni.org) is in fact on a static IP then you need to get your ISP to update the PTR record to reflect this. Well, on closer look it appears that he's using a smarthost. So, there's no need for another rDNS for him. He's just a normal dynamic customer sending mail thru a smarthost and being a hinet customer. which in itself has a bunged up RDNS . Received: from [208.97.132.207] (HELO homiemail-a7.g.dreamhost.com) (208.97.132.207) host 208.97.132.207 207.132.97.208.in-addr.arpa domain name pointer caiajhbdccah.dreamhost.com. if you don't follow the RFC's, you have no reason to complain if people who DO follow the RFC's block your email. Kai -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best Anti-Spam Product 2008, Network Products Guide * King of Spam Filters, SC Magazine 2008 __ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ __
Re: [Sare-users] painting everybody in Taiwan with the same brush
Michael Scheidell wrote on Tue, 26 Jan 2010 06:56:04 -0500: if you don't follow the RFC's, you have no reason to complain if people who DO follow the RFC's block your email. There is no RFC requiring back and forward resolution to match. I think there's not even a requirement for an rDNS, it's just good practice. And it's not the point of discussion here, anyway. The point of discussion was Email passed through apparent spammer domain because of *origination* at a dynamic hinet address. I personally think this rule is misguided and maybe isn't even doing what it was intended to do. Anyway, anyone with a sane mind has stopped using most SA rules two years ago. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com
Re: [Sare-users] painting everybody in Taiwan with the same brush
So what should a Taiwan user (Taiwan~=Hinet) HINET: Control of approx 8,476,149 IP addresses http://www.fixedorbit.com/AS/3/AS3462.htm user do. Buy a SMTP account with a US Company? But that's what I did, as you see from http://article.gmane.org/gmane.linux.debian.devel.eeepc/2850/raw headers. But that's still not good enough. So what next? Need a ssh tunnel to /usr/lib/sendmail or something on a US machine to eradicate all traces of Taiwan? KS == Kai Schaetzl mailli...@conactive.com writes: KS The point of discussion was Email passed through apparent spammer domain KS because of *origination* at a dynamic hinet address. I personally think KS this rule is misguided and maybe isn't even doing what it was intended to do.
Re: [Sare-users] painting everybody in Taiwan with the same brush
Hi, Fellows, I have the highest spam score vs. all my buddies: http://article.gmane.org/gmane.linux.debian.devel.eeepc/2850/raw It's all because http://www.rulesemporium.com/rules/70_sare_header1.cf headerSARE_RECV_SPAM_DOMN0bReceived =~ /\bdynamic.hinet\.(?:com|net|org|info)/ describe I personally don't understand how this regex does all of Taiwan, all I can see it do is hit the dynamic IP's of the hinet ISP, which to me is valid since dynamic IP's really shouldn't be sending bulk mail. Regards, Michael. SARE_RECV_SPAM_DOMN0bEmail passed through apparent spammer domain score SARE_RECV_SPAM_DOMN0b1.666 So how is anybody living in Taiwan supposed to mail things with honor? They can't get another country, nor cause a revolution. You just paint them all with one brush. What if you painted everybody in your home country with one brush until they were supposed to overthrew the telephone company or whatever? ___ This is being sent to: m...@npgx.com.au Sare-users mailing list sare-us...@maddoc.net http://lists.maddoc.net/mailman/listinfo/sare-users --- End of Original Message ---
