From owner-freebsd-questions Thu Jun 20 13:44:29 2002 Delivered-To: freebsd-questions@freebsd.org Received: from server1.manmail.norlight.net (server1.manmail.norlight.net [207.170.4.2]) by hub.freebsd.org (Postfix) with SMTP id A9B9437B40D for ; Thu, 20 Jun 2002 13:44:19 -0700 (PDT) Received: (qmail 22726 invoked from network); 20 Jun 2002 20:44:18 -0000 Received: from icarus.norlight.net (HELO appseng3) (207.170.1.149) by server1.manmail.norlight.net with SMTP; 20 Jun 2002 20:44:18 -0000 Message-ID: <00c401c2189b$589ce530$9501aacf@appseng3> From: "Hyunseog Ryu" To: "Warren Block" , "Kirk Strauser" Cc: References: Subject: Re: Korea (was: Sendmail Spam RBL) Date: Thu, 20 Jun 2002 15:45:00 -0500 Organization: Norlight Telecommunications MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, there As an Korean, I apologize for inconvenience. But I want to give some background for SPAM email from Korea. Korea government is very strict for SPAM email. Even they have a law to govern SPAM email, which should include some specific text in subject, so it can be used for filtering by somebody who doesn't want to see that at all. If they violate that law, they will go to jail or pay the fine. But problem in practical manner is as same as here. They have too many users with little knowledge of network operation. Maybe more than 60% of population has Internet access from home, work, or on the road. More than half of house has Internet connection via cable modem or DSL. Actually I have less SPAM email from Korea than from U.S. itself. ^.^ I live in Wisconson. If you have a problem with SPAM, you can look up administrator's email from whois -h whois.krnic.net x.x.x.x ; x.x.x.x is IP address of spammer or visit http://www.nic.or.kr/www/english/ and use WHOIS DB service with IP address. That will give you information of actual administrator of that IP address block. If you send email to administrator of that IP address block, you may receive the response from him/her. But if you don't have response from him/her, you can use "traceroute" to that IP address, and find the IP address of their upgream provider from one before last hop. So you can use same whois service for upstream provider, and send email to them. Some network administrator of SPAMMER's origin network may not be used to use English at all. But upstream provider's network engineer will take SPAMMER as serious issue. If you don't get the response from them, you can either contact www.certcc.or.kr for assistance. CERT-CC is korean semi-government agency to handle all kinds of network security issue. South Korean is one of largest country which network user are growing too fast. But because Korean doesn't use English as a primary language, and American doesn't use Korean as a primary/secondary language, there is some misunderstanding regarding SPAM handling, I believe. NOG, which is Korean Network Operators Group, members are network operators of major networks in Korean, and they have serious talking about SPAM handling a couple of weeks ago. They are trying to handle SPAM very seriously, and make some resolution to prevent SPAMMING from script-kiddy and somebody else. But if you have network access from everywhere and everybody, you will have similar problem. In Korea, people can get access to Internet from subway and top of the mountain, even from small islands and on the ocean. ^.^ As a citizen of the Internet work, we might need to have some patience to deal with foreign country, and cooperate to find reasonable resolution for the problem. I will talk to Korea NOG people to find some resolution for this. If you have any suggestion or idea to have something to have communication channel regarding SPAMMER issue, please send email to me. Thanks, guys Hyun ----- Original Message ----- From: "Warren Block" To: "Kirk Strauser" Cc: Sent: Thursday, June 20, 2002 1:08 PM Subject: Re: Korea (was: Sendmail Spam RBL) > On 20 Jun 2002, Kirk Strauser wrote: > > > On a similar note, I've given in to the tempation to blackhole Korea on my > > personal MX. I really hate to do it, but I'm getting about 40-50 spams a > > day from various hosts in that country. Does anyone have a better method > > than adding lines to `access' every time I get a mail I don't like: > > I've been blocking a /16 every time a spam comes in from Korea. (And > other countries, but mostly they are from Korea.) I also add the > spamvertised domains, which are frequently not identied with the .kr > TLD. Additionally, I use SPEWS (http://www.spews.org), although it > doesn't catch a lot of the Korean spam. > > My opinion of what /etc/mail/access should contain as of today is > available at > > http://www.wonkity.com/~wblock/access > > It's fairly large; don't use it as-is unless you've scanned through > it. For instance, I reject mail from yahoo.com. > > FreeBSD content: > > I like the "make maps" shortcut--update /etc/mail/access and do "make > maps" and it's in place. > > -Warren Block * Rapid City, South Dakota USA > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message