On Wed, 25 Feb 2009, Paul Houselander (SME) wrote:
On 25.02.09 10:03, Paul Houselander (SME) wrote:
I use the SARE rules and have been asked to explain why a certain
email got
caught as spam.
IMPORTANT: Due to Ninjas being busy with lives, wives & hockey matches,
SARE
rules aren't being updated.
I'm having trouble with this rule
SARE_RECV_IP_218078
70_sare_header1.cf:header SARE_RECV_IP_218078 Received =~
/\[218\.(?:7[89]|8[0123])\.\d{1,3}\.\d{1,3}\]/
70_sare_header1.cf:describe SARE_RECV_IP_218078 Passed through
possible spammer relay or source
I can see why its hit as the relay was 218.78.208.145 - however does
anyone
know what's wrong with this address? I couldn't find any info as to
why mail
from 218.7.. is considered dodgy (except it's from china)?
apparently yes. if the score 1.6 makes a problem, better get rid of
SARE
rules...
Thanks for the info, really should pay more attention to the list, I get my
SARE updates (I guess there's not been any for sometime) from openprotects
sa-update channel.
I guess as the rules are no longer maintained their usefulness will become
less and less and perhaps increase fp's? - I couldn't find when they stopped
being maintained but the timestamps on the cf files is jun 17 2008 - is
there a general consensus that they should not be used now or our people
still finding them useful (they still seem to catch a large amount here)
Refer to: http://www.rulesemporium.com/
It's all at the top of the page.
