> On 25.02.09 10:03, Paul Houselander (SME) wrote:
> > I use the SARE rules and have been asked to explain why a certain
> email got
> > caught as spam.
>
> IMPORTANT: Due to Ninjas being busy with lives, wives & hockey matches,
> SARE
> rules aren't being updated.
>
> > I'm having trouble with this rule
> >
> > SARE_RECV_IP_218078
> >
> > 70_sare_header1.cf:header SARE_RECV_IP_218078 Received =~
> > /\[218\.(?:7[89]|8[0123])\.\d{1,3}\.\d{1,3}\]/
> >
> > 70_sare_header1.cf:describe SARE_RECV_IP_218078 Passed through
> > possible spammer relay or source
> >
> > I can see why its hit as the relay was 218.78.208.145 - however does
> anyone
> > know what's wrong with this address? I couldn't find any info as to
> why mail
> > from 218.7.. is considered dodgy (except it's from china)?
>
> apparently yes. if the score 1.6 makes a problem, better get rid of
> SARE
> rules...
Thanks for the info, really should pay more attention to the list, I get my
SARE updates (I guess there's not been any for sometime) from openprotects
sa-update channel.
I guess as the rules are no longer maintained their usefulness will become
less and less and perhaps increase fp's? - I couldn't find when they stopped
being maintained but the timestamps on the cf files is jun 17 2008 - is
there a general consensus that they should not be used now or our people
still finding them useful (they still seem to catch a large amount here)
Cheers
Paul
