spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Katz <antis...@khopis.com>
Subject Re: painting everybody in Taiwan with the same brush
Date Fri, 29 Jan 2010 16:06:21 GMT
LuKreme wrote:
> I get hundreds and hundreds of spam attempts from dynamic.hinet.net 
> 
>  $ bzgrep dynamic.hinet.net /var/log/maillog.?.bz2 | grep -i reject |wc -l
>     8939
> 
> That's in 10 days. Nearly 900 times a day.

Thank you LuKreme, you have proven my point.

I have a good number too, though it only equates to 0.10% of my
incoming rejected messages (looking at my logs, that number was
definitely lowered by greylisting and greet-pause as those fail to
return or just time out).

ALL of those would all have been caught by my revision of the rule
(maillog files only include the connecting server) while Jidanni's
message (which passed through a different connecting server) would not
have had an issue.

Maybe I'll throw my revised rule into masscheck to see how it does.  I
suspect, based on the fact that I'm already killing most if not all of
them without using 70_sare_headers1.cf, that it's not worthwhile.

> And that doesn't count all the forged from addresses claiming to be
> from some user @{something}.hinet.net

Those aren't covered by any form of the SARE rule in question.

Mime
View raw message