# 8-25-97 Don't forget each recipe starts with ":0" !!!
#
# Procmail's expressions are completely compatible with egrep's expressions.
# "sed" only uses Basic Regular Expressions, which differ substantially.
#
# For rules, ".*" matches any sequence of chars, except a newline
# "* " starts a rule.  The asterick has NO special meaning there.
# "^" matches the start of a line
#
# Exit Codes
# (from /usr/include/sysexits.h )
# Number  Reason
# 67      No User
# 68      No Host
# 77      Permission Denied
#
# Note: $LINEBUF defaults to 2048 characters.  This is the "length
#       of the internal line buffers".
#
# 1-14-2000:  Block all of telepolis.com.  Started getting "weekend" spam.
# 1-19-2000:  Block all of theglobe.com.
# 3-21-2000:  Trying to block ivillage.com.  They don't send email out
#       with valid headers.  ...can't unsubscribe!  Wrote exodus.net
#       to ask them for their help.
# 3-29-2000: Rewriting formail options.
#	I also prevented a pipe from starting in col.1 of a bounce rule.
# 4-24-2000: Moved to waltz.rahul.net.
# 5-12-2000: Added -c to formail scripts.
#	Commented out formail rule that inserts good "From " header,
#	as for some reason it strips out a good "From " header now that
#	I moved to rahul.net, and won't put it back in.
# 5-16-2000: Removed hotmail blocks, as they are now blocked with a2i's nojunk.
# 30Jan2001: Added "MAILER-DAEMON@rahul.net" to allow list, as it seems
# to get trashed otherwise.
# 19Feb2001: Added -bk to formail rules so body would bounce intact.
# 23Feb2001: Body bounces, but "There's nobody...." msg is appended to end.
# I'm rewriting formail filter to insert custom header first time through,
# then replace that header with "There's nobody...." msg. 2nd time through.
# 4-10-2001: Added two filters to direct junk email that has an
# Nojunk status line to two different email boxes.
# 5-4-2001: Adding sshartma@fastlink.com - Receives satellite today subscription.
# 22May2001: Trying to add some RBL capacity.  From www.waltdnes.org
#   The scripts are pretty complicated.  Hope they work out of the box.
# 16Jul2001: ORBS going to subscription based.  www.orbl.org opened.
#   Inserted code to query orbl.
#   Moved the archive email part of this rc from being immediately after
#   These comments to after the lookups of spam, as I'm tired of seeing
#   all the archived spam.
# 31Jul2001: Seriously rewrote the recipies.  Many new odd behaviours of
#   procmail discovered.  Put in "SHELL=/bin/sh" because it has been stated
#   procmail doesn't work with csh or its variants.
# 13Aug2001: Addeed a line to catch an email that is "for <sales@fastlink.com>"
#   because smartertimes mail list emails were being bounced.  I need to watch
#   what is let in that is undesired, however.
# 27Sep2001: Added a check here and to rcvdrc2 to catch email coming from
#   an email server that doesn't have a known hostname.
# 3Oct2001: Implementing IP-based filters here.  I thought .nojunk.patterns was
#   catching it, but I now realize that only works for non-fastlink email.
# 15Oct2001: orbl.org appears dead and delisted from DNS.
# 19Oct2001: Fixed broken X-Loop rule.  It was matching *any* X-Loop,
#   causing some valid stuff to bounce.
# 31-Jul-2002: Adding formail.relays.monkeys.com to stop formmail.cgi stuff.
# 26-Nov-2002: a2i switching mail delivery to mauve or violet.
# 13-Dec-2002: a2i now processing email in linux, so no more "nslookup".
#  Use "host" instead.
# 18-May-2004: There are now so many spam proxies that I'm taking out
#  the nice formail "no such user" reply.  Too many of these are sent
#  to innocent victims.
# 22-Jan-2007: Took out formail.relays.monkeys.com - it blocked gmail.com
# email and it went 100% matching on 3/15/2004!
# 22-Jan-2007: Changed bl.reynolds.net.au to dnsbl.net.au - they changed
# their name 1-Mar-2006!
# 22-Jan-2007: Removed opm.blitzed.org.  Project ended May 2006!
# 22-Jan-2007: flowgoaway.com seems to have gone away.
#
#

SHELL=/bin/sh
NL="
"
# VERBOSE=on
LOGFILE=$HOME/procmail.logfile
LOG="Just a debug line.$NL"
# rejected senders go into folder 'badguys'
:0: procmail.lock
* ^X-Nojunk-Status: RH
	Mail/badguys

   # all other rejects go into folder 'scams'
:0: procmail.lock
* ^X-Nojunk-Status: (RS|RB|RT)
	Mail/scams
#
# allow mozilla.org in
:0: procmail.lock
* ^FROM.*nobody@mozilla\.org.*
 /var/spool/mail/scottp

# 25Aug2003 Block Sobig virus
:0
* ^X-MailScanner: Found to be clean
{
  LOG="Another Sobig virus caught."
  :0
    /dev/null
}
# 20Sep2003: Block Sven worm which disguises itself as a Windows
# security update.
:0
* > 140000
* < 165000
{
:0 BD
* b3IAAABBZG1pbgAAAEdFVCBodHRwOi8vd3cyLmZjZS52dXRici5jei9iaW4vY291bnRlci5naWYv
/dev/null
}
# 04Mar2004 spammer who gives return address as arbitrary yahoo.com addr
#   Somebody on linuxquestions.org says it's the MyDoom virus, forging
#   admin@fastlink.com as the "From: " addressor
:0
* ^X-Return-Path: .*yahoo.com.*
{
  LOG="Another yahoo.com spam."
  :0
	/dev/null
}

#
# Check the blocking lists (DUL/ORBS/RBL/RSS).
# The variable IPEXTERNAL is initialised as "XXXXXX".
# If it isn't changed after the lookups, we assume that the email is internal, and do not check.
# This is what avoids running DUL and DSSL against your ISP's dialups when
# another user at your ISP emails you.
# Note the "(.*$)+" which allows multiple linefeeds. This allows matching
# *EVEN IF THERE ARE OTHER INTERVENING HEADERS*, such as "From:". FINALPATTERN
# is the tail end of the matching pattern that is used only on the 
# "Received: from" header immediately below the handoff to your ISP. This
# catches mailer software like SMI-8.6, which doesn't list incoming IP addresses.
#
TMP=`pwd`
PATH=/local/scripts:/local/bin:/bin:/usr/bin:/sbin:/usr/sbin:$TMP/bin:.:/usr/local/bin
# VERBOSE=on
# LOGABSTRACT=all
WSPC	= " 	"     # space + tab
SPC	= "[$WSPC]"	# regexp whitespace, the short name
			# SPC was chosen because you use this
			# a lot in condition lines.
NSPC	= "[^$WSPC]"	# negation of whitespace
IPEXTERNAL="XXXXXX"
# INSERT="Received: from.\*.*[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+.*\](.*$)+"
# RAHUL="(.*$)+Delivered-To.+scottp@rahul.net(.*$)"
# RAHUL="(.*$)+Received: by (.*$)"
FINALPATTERN="()\/Received: from.*"
# PATTERN="()\/Received: from.*\[.*[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+.*\].*"
UCE="uce.pl"
#
:0
# Dump my ISP's preamble, then
# Look at first "Received: from" line, grab the line.
*$ ${RAHUL}${FINALPATTERN}
  { NEXTHEADER=${MATCH} 

    :0
    * IPEXTERNAL ?? XXXXXX
    * NEXTHEADER ?? Received: from .*\[.*\].*by.*
# Now go find the IP addr in the "Received: from" line.
    { INCLUDERC=rcvdrc2 }

#
# Having returned from rcvdrc2, IPEXTERNAL will be set to the IP addr that sent
# the email, or to XXXXXX if not found.  Proceed further if an IP addr has
# been found.
    :0
    *$!IPEXTERNAL ?? XXXXXX
      {
#
# Decompose the IP address in IPEXTERNAL into its 4 parts and
# reverse the order as expected by DNS-based lookup lists. 
      :0
      *  IPEXTERNAL ?? ()\/[0-9]+
      { QUAD1=$MATCH
        :0
        * IPEXTERNAL ?? [0-9]+\.\/[0-9]+
        { QUAD2=$MATCH
          :0
          * IPEXTERNAL ?? [0-9]+\.[0-9]+\.\/[0-9]+
            { QUAD3=$MATCH
              :0
                * IPEXTERNAL ?? [0-9]+\.[0-9]+\.[0-9]+\.\/[0-9]+
                  { REVERSED="${MATCH}.${QUAD3}.${QUAD2}.${QUAD1}"
#
# Capture the output of an "host" query into the var NSLOOKUP.
# If it contains the "magic number" (127.0.0.3 for DUL and
# 127.0.0.2 for other lists) slap on an X-Reject: header. 
# Next 4 groups check and report on DUL, ORBS, RBL, and RSS.
# orbz.org is dead.  Replaced with dsbl.org.

# Debug
LOG="Reversed dotted quad is: ${REVERSED}${NL}"

# 20Aug2003: Special go-to-hell for maktoob.net 1 per 2 second email bounces.
:0
*$IPEXTERNAL ?? 195.172.126.104
{
 EXITCODE=77
 :0
 /dev/null

}
# special exception for reporting geocities abuse.
:0
*$IPEXTERNAL ?? 66.218.69.([0-9])
{
  :0: procmail.lock
  /var/spool/mail/scottp
}

# 7-Aug-2003: Special exception for dyndns.org
:0
*$IPEXTERNAL ?? 66.151.188.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
  :0: procmail.lock
  /var/spool/mail/scottp
}


# I think rahul's support emails bounce because they originate
# from localhost.  Let me pre-accept 127.0.0.1
:0
*$IPEXTERNAL ?? 127\.0\.0\.1
{
  :0: procmail.lock
   /var/spool/mail/scottp
}

# preaccept www.donotcall.gov
:0
*$IPEXTERNAL ?? 218.196.16.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
  :0: procmail.lock
   /var/spool/mail/scottp
}

# preaccept smtp802.mail.sc5.yahoo.com (Jacecko mail output server)
:0
*$IPEXTERNAL ?? 66.163.168.181
{
  :0: procmail.lock
   /var/spool/mail/scottp
}

NSLOOKUP=`host ${REVERSED}.list.dsbl.org`
:0
*$NSLOOKUP ?? 127\.0\.0\.2
{
  LOG="Rejected: ${IPEXTERNAL}  See dsbl.org"
  :0
    | ${UCE}
}

NSLOOKUP=`host ${REVERSED}.multihop.dsbl.org`
:0
*$NSLOOKUP ?? 127\.0\.0\.2
{
  LOG="Rejected: ${IPEXTERNAL}  See dsbl.org"
  :0
    | ${UCE}
}

NSLOOKUP=`host ${REVERSED}.dnsbl.njabl.org`
:0
*$NSLOOKUP ?? 127\.0\.0\.(2|3)
# 2 = open relays and direct spam sources
# 3 = dial-up IP ranges
{
  LOG="Rejected: ${IPEXTERNAL}  See http://njabl.org"
  :0
    | ${UCE}
}

NSLOOKUP=`host ${REVERSED}.orbz.gst-group.co.uk`
:0
*$NSLOOKUP ?? 127\.0\.0\.2
{
  LOG="Rejected: ${IPEXTERNAL} was in INPUTS orbz.gst-group.co.uk output list."
  :0
    | ${UCE}
}
:0
*$NSLOOKUP ?? 127\.0\.0\.3
{
  LOG="Rejected: ${IPEXTERNAL} was in OUTPUTS orbz.gst-group.co.uk input list."
  :0
    | ${UCE}
}
:0
*$NSLOOKUP ?? 127\.0\.0\.9
{
  LOG="Rejected: ${IPEXTERNAL} was in REFUSES POSTMASTER EMAIL orbz.gst-group.co.uk postmaster list."
  :0
    | ${UCE}
}

NSLOOKUP=`host ${REVERSED}.dialups.mail-abuse.org`
:0
*$NSLOOKUP ?? 127\.0\.0\.3
{
  LOG="Rejected: ${IPEXTERNAL} was in DUL (mail-abuse.org)."
  :0
    | ${UCE}
}

NSLOOKUP=`host ${REVERSED}.blackholes.mail-abuse.org`
:0
*$NSLOOKUP ?? 127\.0\.0\.2
{
 LOG="Rejected: ${IPEXTERNAL} was in blackholes.mail-abuse.org."
 :0
   | ${UCE}
}


NSLOOKUP=`host ${REVERSED}.dnsbl.net.au`
:0
*$NSLOOKUP ?? 127\.0\.0\.2
{
 LOG="Rejected: ${IPEXTERNAL} was in dnsbl.net.au.  Open Socks Proxy Server."
 :0
   | ${UCE}
}


NSLOOKUP=`host ${REVERSED}.bl.spamcop.net`
:0
*$NSLOOKUP ?? 127\.0\.0\.2
{
 LOG="Rejected: ${IPEXTERNAL} was in bl.spamcop.net."
 :0
   | ${UCE}
}

# 
# And since we're checking for relays, lets check for the (in)famous SMI-8.6 and
# SGI.8.X anonymizing open relays. Note that only the header immediately below the
# handoff header is checked. This filter does not punish responsible netizens who
# have gone to the trouble of putting up a non-relaying firewall machine
# in front of their SMI-8.6 machine. 
#

# Check my private list of open-relays.

# INCLUDERC=open-relays

:0
* NEXTHEADER ?? Received: from.*by.*(SMI-8\.6|SGI\.8\.[6-8])
{
 LOG="Rejected: ${IPEXTERNAL} was received direct from insecure SMI or SGI 8.6 system."
 :0
   | ${UCE}
}

}}}}}}

# :0
#   IS_UNKNOWN ?? ""
#   {
#    LOG="Rejected: Your email server has no domain name registered."
# }

# Debug
# VERBOSE=on
# LOGABSTRACT=all
#
# 08Dec2002: at&t spamming server
#  24.61.15.0/24
:0
* IPEXTERNAL ?? 24.61.15.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 4Aug2002: rr.com spam
#  24.93.216.0/24
:0
* IPEXTERNAL ?? 24.93.216.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 30Nov2002: .ca spam
#  24.201.61.0/24
:0
* IPEXTERNAL ?? 24.201.61.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 4Aug2002: .ar spam
#  24.232.0.0/20
:0
* IPEXTERNAL ?? 24.232.(([0-9])|(1[0-5])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 29Dec2002: .rr spam
#  24.242.9.0/24
:0
* IPEXTERNAL ?? 24.242.9.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 25Jul2002: .bo spam
#  63.65.11.0/24
:0
* IPEXTERNAL ?? 63.65.11.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 19Jul2002: uunet block - rootsweb.com, myfamily.com spam
#  63.92.88.0/22
:0
* IPEXTERNAL ?? 63.92.((8(8|9))|(9(0|1))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 30Jul2002: uunet block - match.com, inc.
#  63.99.232.0/25
:0
* IPEXTERNAL ?? 63.99.232.(([0-9])|([0-9][0-9])|((1((0|1)[0-9])|(2[0-7]))))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 23Jul2002: "North Sky" spam - aboutws.com
#  63.108.71.0/24
:0
* IPEXTERNAL ?? 63.108.71.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 11Jul2002: Blocking "pickle technologies" in Irvine for spam
#  63.116.212.0/23
:0
* IPEXTERNAL ?? 63.116.21(2|3).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 17Oct2001: Blocking "Monster.com" fastweb.com
#  63.121.30.161
:0
* IPEXTERNAL ?? 63.121.30.161
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 4Oct2001: Blocking "Lions Pride Enterprises" netblock for em5000.com.
#   63.146.120.128/27
# 31Jul2002: Try uncommenting this, not in spews.
#:0
#* IPEXTERNAL ?? 63.146.120.((12[8-9])|(1[3-5][0-9]))
#{
# EXITCODE=77
# :0
# | ${UCE}
#}
#
# 5Oct2001: Blocking "Internet Fulfilment(sic)" from naughtytoyshop.com
#   63.207.179.0/24
:0
* IPEXTERNAL ?? 63.207.179.(([0-9])|([0-9][0-9])|((1|2)[[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 27Oct2002: www.xxxpostoffice.com inside Level3
#   63.215.143.0/24
:0
* IPEXTERNAL ?? 63.215.143.(([0-9])|([0-9][0-9])|((1|2)[[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 05Sep2002: cais internet - horny-4-you.com spam
#   63.218.227.0/24
:0
* IPEXTERNAL ?? 63.218.227.(([0-9])|([0-9][0-9])|((1|2)[[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 16Aug2002: New randbad block
#   63.219.150.0/23
:0
* IPEXTERNAL ?? 63.219.15(0|1).(([0-9])|([0-9][0-9])|((1|2)[[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 22Aug2002: International Travel - buy this for $500 spam
#   63.226.30.192/28
:0
* IPEXTERNAL ?? 63.226.30.((19[2-9])|(2[0-7]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 24Jul2002: Heartland America - unsub'ed list server
#   63.226.159.48/28
:0
* IPEXTERNAL ?? 63.226.159.((4(8|9))|(5[0-5]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 29Jul2002: gekcosoftware.com spam inside US Worst block
#   63.230.15.0/24
:0
* IPEXTERNAL ?? 63.230.15.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 18Oct2001: Blocking "Take Two Int. Soft." unconf. opt-in listserver
#   63.237.158.32/28
:0
* IPEXTERNAL ?? 63.237.158.((3[2-9])|((4|5)[0-9])|(6[0-3]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 13Aug2002: www.golf.com spam
#   63.238.152.0/24
:0
* IPEXTERNAL ?? 63.238.152.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 8Oct2001: Blocking Blue Mountain ecards (bmarts.com).  Sits on cerf.net
#   63.241.62.44, 47, 49
:0
* IPEXTERNAL ?? 63.241.62.4(4|7|9)
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 08May2003: "slks inc" spam
#   63.251.54.64/27
:0
* IPEXTERNAL ?? 63.251.54.((6[4-9])|((7|8)[0-9])|(9[0-5]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 30Nov2002: etracks.com spam
#   63.251.59.0/24
:0
* IPEXTERNAL ?? 63.251.59.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 17Jul2002: spam within verio
#  64.0.132.10
:0
* IPEXTERNAL ?? 64.0.132.10
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 25Jul2002: hotmail nonsense
#  64.4.8.0/24
#  64.4.9.0/24
#  64.4.12.252
#  64.4.14.94
#  64.4.15.0/24
#  64.4.19.209
#  64.4.21.0/24
#  64.4.23.0/24
#  64.4.33.214
#  64.4.36.195
#  64.4.37.0/24
#  209.185.241.0/24
#  216.33.241.192
:0
* IPEXTERNAL ?? ((64.4.((12.252)|(14.94)|(19.209)|(33.214)|(36.195)|\
(8.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(9.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(15.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(2(1|3).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(37.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))))|\
(209.185.241.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(216.33.241.192))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 09Oct2002: Warner Music Australia (in AOL block
#   64.12.33.0/24
:0
* IPEXTERNAL ?? 64.12.33.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 21Aug2002: adpro solutions spam in glendale
#   64.14.199.48/28
#   64.14.199.0/28  3-Sep-2002
:0
* IPEXTERNAL ?? 64.14.199.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 21Aug2002: mailmetoday.com - free email server but not much cust. svc.
#   64.14.239.225
:0
* IPEXTERNAL ?? 64.14.239.225
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 10Oct2002: lobsterhost.com inside cybercon
#   64.37.108.0/24
:0
* IPEXTERNAL ?? 64.37.108.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 09Oct2002: workdaydeals.net in rackspew
#   64.49.237.0/24
:0
* IPEXTERNAL ?? 64.49.237.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 26Sep2002: thesuperspecialdeals.com in rackspew
#   64.49.243.0/24
:0
* IPEXTERNAL ?? 64.49.243.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 03Dec2002: elphnet.com spam, et al
#   64.49.251.0/24
:0
* IPEXTERNAL ?? 64.49.251.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 23Oct2002: travelzoo.com - inside exodus
#   64.56.194.0/24
:0
* IPEXTERNAL ?? 64.56.194.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 11Nov2002: "Blue Gravity Communications"
#   64.57.64.0/19  big block but they don't say how they've reallocated it.
:0
* IPEXTERNAL ?? 64.57.((6[4-9])|((7|8)[0-9])|(9[0-5])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 21Apr2003: 3wcorp - marketing spam
#  64.88.128.0/19
:0
* IPEXTERNAL ?? 64.88.1((2(8|9))|((3|4|5)[0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 26Sep2002: run1.hsm-mailerdirect.com in C&W space
#   64.70.20.0/24
#   64.70.44.0/24
:0
* IPEXTERNAL ?? 64.70.(20|44).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 6Oct2001: Blocking "SkyNet" from slygreetings.com
#   64.23.55.0/25
#   64.23.32.200/29
#   64.23.66.192/26
:0
* IPEXTERNAL ?? 64.23.((55.(([0-9])|([0-9][0-9])|(1[0-1][0-9])|(12[0-7])))|\
(66.((19[2-9])|(2[0-5][0-9])))|\
(32.20[0-7]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 18Aug2002: highspeedmedia.com spammer
#  64.27.110.0/24  (but hispeed only shows 64.27.64.0 - 64.27.127.255)
:0
* IPEXTERNAL ?? 64.27.110.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 6Aug2002: highspeedmedia.com spammer
#  64.32.35.0/24
:0
* IPEXTERNAL ?? 64.32.35.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 31Oct2001: "Hostway Corporation" because of quizyourfriends.com/siteprotect.com
#  64.41.64.0/24
#  64.41.179.0/24  IGN Entertainment, in exodus space
:0
* IPEXTERNAL ?? 64.41.(64|179).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 10Feb2003: dataoffers.com spam
#  65.18.184.0/24
:0
* IPEXTERNAL ?? 65.18.184.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 16Jul2002: some comcast spammer
#  68.48.216.0/24
:0
* IPEXTERNAL ?? 68.48.216.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 10Jun2003: nevada cox spammer
#  68.100.169.0/24
:0
* IPEXTERNAL ?? 68.100.169.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 20Dec2002: optin spam, inside charter communications
#  68.114.114.0/24
:0
* IPEXTERNAL ?? 68.114.114.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 19Jul2002: Netblock for some rackspace spew
#  6Aug2002: Try removing it.
#   64.49.23.0..31.255
#:0
#* IPEXTERNAL ?? 64.39.((2[3-9])|(3(0|1))).[0-9]+
#{
# EXITCODE=77
# :0
# | ${UCE}
#}
#
# 11Jul2002: "smartweb" - spam from linkgift.com
#  64.57.212.0/24
:0
* IPEXTERNAL ?? 64.57.212.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 7Oct2001: Netblock for rush2win.com in Exodus IP space.
#  64.69.168.64/29
:0
* IPEXTERNAL ?? 64.69.168.((6[4-9])|(7(0|1)))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 11Jul2002: Blocking "outerspacegames.com" - exodus space
#   64.70.1.64/28
:0
* IPEXTERNAL ?? 64.70.1.((6[4-9])|(7[0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 21Aug2002: Blocking all of hispeed hosting space
#   64.106.128.0/18
:0
* IPEXTERNAL ?? 64.106.1((2(8|9))|([3-8][0-9])|(9(0|1))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 09Oct2002: spammer inside level3
#   64.156.210.0/24
:0
* IPEXTERNAL ?? 64.156.210.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Jul2002: italian mortgage spammer
#  80.16.0.0/16
:0
* IPEXTERNAL ?? 80.16.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 02-Feb-2005: .ru sending koi-8 email
#  80.178.18.0/24
:0
* IPEXTERNAL ?? 80.178.18.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 02-Feb-2005: .ru sending koi-8 email
#  81.9.34.0/24
:0
* IPEXTERNAL ?? 81.9.34.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 03-Feb-2005: korean "big-5" spam
#  219.81.136.0/24
# 216.164.131.0/24
# 83.198.156.0/24
:0
* IPEXTERNAL ?? 21((9.81.136.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(6.164.131.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(83.198.156.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 7Aug2002: .es sex spammer  (dialup "adu1t site")
#  80.34.0.0/16
:0
* IPEXTERNAL ?? 80.34.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 24Jul2003: spam from 80.46.156.1
#  80.46.156.0/24
:0
* IPEXTERNAL ?? 80.46.156.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 19Nov2002: .cz spam
#  80.83.64.0/20
:0
* IPEXTERNAL ?? 80.83.((6[4-9])|(7[0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 25Jul2002: some fastlink.com.jo misdirected email
#  80.90.160.0/22
:0
* IPEXTERNAL ?? 80.90.16[0-4].(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 07Oct2002: twelvehorses.com and others in Ireland
#  80.93.2.0/24
:0
* IPEXTERNAL ?? 80.90.2.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 18Jul2002: sex spam with fastlink.com addrs in from and to  - .it
#  80.206.225.0/24
:0
* IPEXTERNAL ?? 80.206.225.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 17Jul2002: sex spam with fastlink.com addrs in from and to
#  80.208.58.0/24
:0
* IPEXTERNAL ?? 80.208.58.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
# 25Jul2002: .it spam
#   151.1.0.0/16
:0
* IPEXTERNAL ?? 151.1.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
# 15Jul2002: adult block inside verio - mach 10 hosting
#   157.238.56.0/21
#   157.238.138.0/24
#   198.87.241.0/24
:0
* IPEXTERNAL ?? 1(57.238.((5[6-9])|(6[0-3])|(138)).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))|\
(98.87.241.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 29Oct2002: eircom Ireland - unresponsive
#  159.134.0.0/16
:0
* IPEXTERNAL ?? 159.134.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 29Feb2003: toner cartridge spam
#  170.208.0.0/24
:0
* IPEXTERNAL ?? 170.208.0.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Oct2002: ISP w/o AUP.
#  209.217.0.0/18
:0
* IPEXTERNAL ?? 209.217.(([0-9])|([1-5][0-9])|(6[0-3])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
# 30Sep2001: Netblock for advertising.com/inyouremail.com  Spew for
#   hosted by Exodus.  Ignoring all spamcop.net complaints.
#   209.225.6.96/27 209.225.34.79
:0
* IPEXTERNAL ?? 209.225.6.((9[6-9])|(1(([0-1][0-9])|(2[0-7]))))
{
 EXITCODE=77
 :0
 | ${UCE}
}
# 1Oct2001: Another netblock for advertising.com/inyouremail.com  Spew for
#   hosted by Exodus.  Ignoring all spamcop.net complaints.
#   209.225..0.0..209.225.95.255
#   FYI 209.225.54.64/26 egreetings.com using links to www.imgegrt.com
#   and ads.adsag.com (209.225.54.97 and 209.225.54.119) in this space. 20-Nov-02
:0
* IPEXTERNAL ?? 209.225.(([0-8][0-9])|(9[0-5])).[0-9]+
{
 EXITCODE=77
 :0
 | ${UCE}
}
# 15Jul2002: verio spam block - registered to Bosnia!?
#   161.58.84.0/24
:0
* IPEXTERNAL ?? 161.58.84.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 2Aug2002: PMP-AU girlfriends spam
#  203.1.20.0/22
:0
* IPEXTERNAL ?? 203.1.2[0-3].(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Aug2002: Aus Broad Comm - unconf opt-in list spam
#  203.2.218.0/24
:0
* IPEXTERNAL ?? 203.2.218.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 30Jul2002: Start blocking Australian spammers within uunet.au
#  203.2.192.0/24
:0
* IPEXTERNAL ?? 203.2.192.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 25Jul2002: .au school w/open relay at 203.8.208.13
#  203.8.208.0/24
:0
* IPEXTERNAL ?? 203.8.208.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 26Jul2002: .au school spammer
#  203.13.68.0..71.255
:0
* IPEXTERNAL ?? 203.13.((6(8|9))|(7(0|1))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 08Oct2002: .au spam spammer
#  203.16.208.0/20
:0
* IPEXTERNAL ?? 203.16.2((0[8-9])|(1[0-5])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Oct2002: .au spam spammer
#  203.22.0.0/16
:0
* IPEXTERNAL ?? 203.22.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 08Oct2002: .au spam spammer
#  203.24.88.0/23
:0
* IPEXTERNAL ?? 203.24.8(8|9).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 16Jul2002: Blocking "Pacific Internet"
#  203.26.8.0..11.255
:0
* IPEXTERNAL ?? 203.26.((8|9)|(1(0|1))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 25Jul2002: .au spamblock
#  203.30.180.0/24
:0
* IPEXTERNAL ?? 203.30.180.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Jul2002: Blocking "PSINet Australia"
#  203.32.160.0/20
:0
* IPEXTERNAL ?? 203.32.1((6[0-9])|(7[0-5])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 19Jul2002: Netway Technologies, .au
#  203.33.252.0/23
:0
* IPEXTERNAL ?? 203.33.25(2|3).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 28Sep2002: .au spam
#  203.34.81.0/24
:0
* IPEXTERNAL ?? 203.34.81.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 16Jul2002: .au spam
#  203.34.152.0/23
:0
* IPEXTERNAL ?? 203.34.15(2|3).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 17Jul2002: .au spam
#  203.35.0.0/16
:0
* IPEXTERNAL ?? 203.35.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 19Nov2001: Blocking "Telstra Internet AU" for Crazy Dave spam
#  203.36.0.0/18 added 9-Aug-2002 for infomail.com.au
#  203.40.0.0..56.255.255
:0
* IPEXTERNAL ?? 203.((3[6-9])|(4[0-9])|(5[0-6])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 28Jul2002: .au spam
#   203.57.38.0/24
:0
* IPEXTERNAL ?? 203.57.38.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 16Jul2002: .au spam
#   203.63.254.0/24
:0
* IPEXTERNAL ?? 203.63.254.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 19Oct2001: Blocking Taiwan edu block - known spammers within
#   203.68.94.0/24
:0
* IPEXTERNAL ?? 203.68.94.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 8Oct2001: Blocking "Brazin" - sanity.com.au spam
#   203.76.29.192/29
:0
* IPEXTERNAL ?? 203.76.29.19[2-9]
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 16Oct2001: Blocking "wishlist" inside globalcenter.net.au
#  203.89.223.128/26
:0
* IPEXTERNAL ?? 203.89.223.1((2[8-9])|([3-8][0-9])|(9[0-1]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 27Aug2002: direct to MX spam
#  203.89.236.0/24
:0
* IPEXTERNAL ?? 203.89.236.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 28Mar2003: channelv .au spam
#  203.111.28.0/24
:0
* IPEXTERNAL ?? 203.111.28.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 21Aug2002: apple singapore spam
#  203.120.14.0/23
:0
* IPEXTERNAL ?? 203.120.1(4|5).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 23Jul2002: .in - india
#  203.129.244.0/22
:0
* IPEXTERNAL ?? 203.129.24[4-7].(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 3Oct2001: Blocking au.uu.net netblock for chaosmusic.com.
#  203.166.28.0/24
:0
* IPEXTERNAL ?? 203.166.28.1(([6-8][0-9])|(9[0-1]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Jul2002: Blocking au.uu.net netblock for returnity.com.au
#  203.166.49.0/24
:0
* IPEXTERNAL ?? 203.166.49.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 21Aug2002: .ph spam
#  203.172.0.0/16
:0
* IPEXTERNAL ?? 203.172.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 8Nov2001: Blocking "Next Media Interactive" refuse relay testing.
#  203.194.149.32/26
#  203.194.149.64/26
:0
* IPEXTERNAL ?? 203.194.149.((3[2-9])|([4-9][0-9])|(1[0-1][0-9])|(12[0-7]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 16Jul2002: Blocking India
#  203.199.0.0/16
:0
* IPEXTERNAL ?? 203.199.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 13Aug2002: some .au spam
#  203.202.124.0/24
:0
* IPEXTERNAL ?? 203.202.124.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 19Dec2002: comindico .au spam
#  203.220.0.0/16
:0
* IPEXTERNAL ?? 203.220.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 14Oct2001: Blocking "Korea NIC" all of Korea
#   203.232.0.0/12
:0
* IPEXTERNAL ?? 203.23[2-9].(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 02Feb2003: themailtrail spam
#   204.188.52.0/24
:0
* IPEXTERNAL ?? 204.188.52.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 08Oct2002: .nl spam
#  213.73.0.0/16
:0
* IPEXTERNAL ?? 213.73.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 10Dec2002: .nl spam - chello
#  213.93.192.0/19
:0
* IPEXTERNAL ?? 213.93.((19[2-9])|(2[0-3])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 19Jul2002: .es spam
#  213.96.10.0/15
:0
* IPEXTERNAL ?? 213.9(6|7).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 19Jul2002: .eg Egypt spam
#  213.131.64.0..77.255
:0
* IPEXTERNAL ?? 213.131.((6[4-9])|(7[0-7])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 9Aug2002: PCNET .ro (Romania)
#  213.154.128.0/19
:0
* IPEXTERNAL ?? 213.154.1((2(8|9))|([3-8][0-9])|(9(0|1))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 24-Mar-2005: education spam
#  213.158.169.0/24
:0
* IPEXTERNAL ?? 213.158.169.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 19Jul2002: .it spam
#  213.217.149.0/24
:0
* IPEXTERNAL ?? 213.217.149.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 23Apr2003: Xpress newsletter spam
#  213.149.190.0/24
:0
* IPEXTERNAL ?? 213.149.190.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 3Oct2001: Blocking cybercon netblock for colonize.com.
# for some reason it blocks efax.com (Arrgh!) Tried one repair.
# 216.15.203.192/26
# 216.15.251.0/24
# 216.15.250.0/24
# 216.15.128.0/17
#
:0
* IPEXTERNAL ?? ((216.15.203.((19[2-9])|(2[0-5][0-9])))|\
(216.15.251.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(216.15.250.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(216.15.((1((2(8|9))|([3-9][0-9])))|(2[0-5][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 12Oct2001: Blocking easyridercasino.com
#  216.6.10.0/23
:0
* IPEXTERNAL ?? 216.6.1(0|1).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Jul2002: Blocking africaonline ghana
#  216.6.50.0/23
:0
* IPEXTERNAL ?? 216.6.5(0|1).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 07Oct2002: "Carribean Trading and Sales 2000 Inc."
#  216.7.129.0/27
#  216.7.132.0/24  11Nov2002
:0
* IPEXTERNAL ?? 216.7.1(29|30|32).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 13ct2001: Blocking "Tube.e Communications" for freeasiaxx.com
#  216.18.85.0/25
#
:0
* IPEXTERNAL ?? 216.18.85.(([0-9])|([0-9][0-9])|(1[0-1][0-9])|(12[0-7]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 11Oct2001: Blocking deremate.com - Spanish newsletter spam.
#  216.25.228.64/26
:0
* IPEXTERNAL ?? 216.25.228.((6[4-9])|([7-9][0-9])|(1[0-1][0-9])|(12[0-7]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
# 29Sep2001: Netblock for customer-email.com.  Spew for gaming MSN,
#   hosted by Exodus, ignore all spamcop.net complaints.
#   216.32.31.128/26
:0
* IPEXTERNAL ?? 216.32.31.1((2[8-9])|([3-5][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 1Nov2001: Blocking "AmericanGreetings" egreetings.com
#  216.33.97.64/26
#  64.14.122.0/24  20-Nov-2002
#  216.33.111.128/24  18-Dec-02
:0
* IPEXTERNAL ?? ((216.33.97.((6[4-9])|([7-9][0-9])|(1[0-1][0-9])|(12[0-7])))|\
(64.14.122.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(216.33.111.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))))
{
 EXITCODE=77
 :0
 | ${UCE}
}
# 29Sep2001: Netblock for planetofmusic.com.  Spew for
#   hosted by Exodus.  Ignoring all spamcop.net complaints.
#   216.34.214.48/28
:0
* IPEXTERNAL ?? 216.34.214.((4[8-9])|(5[0-9])|(6[0-3]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 3Oct2001: Blocking exodus netblock for jackpot.com
#  216.34.216.0/24  jackpot.com
:0
* IPEXTERNAL ?? 216.34.216.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 11Oct2001: Blocking processrequest.com inside exodus.net
#  216.39.66.0/24
:0
* IPEXTERNAL ?? 216.39.66.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 4Oct2001: Blocking "e2 Communications" netblock for processrequest.com
#    216.39.67.0/25
:0
* IPEXTERNAL ?? 216.39.67.(([0-9])|([0-9][0-9])|((1((0|1)[0-9])|2[0-7])))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 9Aug2002: EV1 - 
#  216.40.238.0/24   10Oct2002
#    216.40.215.0/24
:0
* IPEXTERNAL ?? 216.40.2((15)|(38)).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 11Jul2002: Blocking mcafee.com's AS17473
#   216.49.88.0/21
:0
* IPEXTERNAL ?? 216.49.((8(8|9))|(9[0-5])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Jul2002: JDR Media known spammer
#  216.52.219.0/24
:0
* IPEXTERNAL ?? 216.52.219.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 09Oct2002: DirectSynergy spammer
#  216.52.222.0/24
:0
* IPEXTERNAL ?? 216.52.222.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 18Oct2002: "Virtual hosting group"
#  216.65.13.0/24
:0
* IPEXTERNAL ?? 216.65.13.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 19Aug2002: .ca sex url spam
#  216.83.15.0/24
:0
* IPEXTERNAL ?? 216.83.15.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 18Jul2002: Ultimate Sports Info - primaryclick.com, ultimatesports.info
#  216.87.56.224/28
:0
* IPEXTERNAL ?? 216.87.56.2((2[4-9])|(3[0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 12Aug2002: "Colosseum Online", .ca spam
#  216.94.0.0/24
:0
* IPEXTERNAL ?? 216.94.0.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 17Oct2001: Blocking "Virtual Service" as fantasyteam.com - stupid pig newsletter.
#  216.94.197.0/24
:0
* IPEXTERNAL ?? 216.94.197.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 1Aug2002: E-centives
#   216.109.72.0/24
:0
* IPEXTERNAL ?? 216.109.72.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 3Oct2001: Blocking "America's Lotto" netblock for customoffers.com.
#   216.109.84.128/28
#   216.109.73.0/24  28Jul2002: New netblock for them.
:0
* IPEXTERNAL ?? 216.109.((73.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(84.((12[8-9])|(13[0-9])|(14[0-3]))))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 10Oct2002: Custom Offers LLC block
#   216.109.92.0/24  (why block a /28 in exodus space?)
:0
* IPEXTERNAL ?? 216.109.92.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 19Aug2002: rackspace crap - nz travel spam
#   216.110.45.0/24
#   216.110.32.0/24  22-Nov-02 nana-e sighting
#   216.110.33.0/24  22-Nov-02 nana-e sighting
#   216.110.34.0/24  22-Nov-02 nana-e sighting
#   216.110.35.0/24  22-Nov-02 nana-e sighting
#   216.110.36.0/24  22-Nov-02 nana-e sighting
#   216.110.37.0/24  22-Nov-02 nana-e sighting
#   216.110.38.0/24  22-Nov-02 nana-e sighting
#   216.110.39.0/24  22-Nov-02 nana-e sighting
:0
* IPEXTERNAL ?? 216.110.(3[2-9]|45).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 11Aug2002: 
#   216.116.106.0/24
:0
* IPEXTERNAL ?? 216.116.106.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 11Oct2001: Blocking "Pythonvideo, Inc" redlightmail.com netblock.
#   216.130.216.0/23
:0
* IPEXTERNAL ?? 216.130.21(6|7).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 18Feb2003: porn spam, with obfuscation and redirection
#   216.131.68.0/24
:0
* IPEXTERNAL ?? 216.131.68.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 17Jul2002: yahoo webmail spew
#   216.136.130.51
#   216.136.130.54
#   216.136.130.57
#   216.136.130.216
#   216.136.173.0/24
#   216.136.174.74
#   216.136.175.141
#   216.136.224.119
#   216.136.226.166
:0
* IPEXTERNAL ?? 216.136.((173.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|(174.74)|(175.141)|(224.119)|(226.166)|\
(130.5(1|4|7))|\
(130.216))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Jul2002: spammer
#   216.144.224.7
:0
* IPEXTERNAL ?? 216.144.224.7
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 07Oct2002: pickyourflick.com spammer
#   216.144.228.0/24
:0
* IPEXTERNAL ?? 216.144.228.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 10Dec2002: yahoo.com.au newsletter spam
#   216.145.54.0/24
:0
* IPEXTERNAL ?? 216.145.54.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Sep2002: ISDNet space, casino spammer
#   216.153.64.0/19
:0
* IPEXTERNAL ?? 216.153.((6[4-9])|((7|8)[0-9])|(9[0-5])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 26Jul2002: 9netave spam
#   216.156.0.0/16
:0
* IPEXTERNAL ?? 216.156.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 11Jul2002: Blocking Prime Internet Network - adult websites and refuse spamcop reports
#  216.158.128.0/19
:0
* IPEXTERNAL ?? 216.158.1((2(8|9))|([3-5][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 23Jul2002: North Plains - yourbigvote.com spam
#  216.162.101.0/24
:0
* IPEXTERNAL ?? 216.162.101.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 31Jul2002: spam from a .ca verio /32 block(!).  Think I'll do the whole /24.
#  216.167.37.0/24
:0
* IPEXTERNAL ?? 216.167.37.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 27Oct2002: digital forest spam - gave them three warnings
#  216.168.32.0/19
:0
* IPEXTERNAL ?? 216.168.((3[2-9])|((4|5)[0-9])|(6[0-3])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 2Aug2002: freerewards.com spam - exodus.net block
#  216.177.70.0/24
:0
* IPEXTERNAL ?? 216.177.70.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 31Aug2002: Net Depot spam out of a pop/imap auth server
#  216.180.225.0/24
:0
* IPEXTERNAL ?? 216.180.225.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 30Jul2002: Interelate - interelate.net spam  on inflow block
#  216.183.115.48/28
:0
* IPEXTERNAL ?? 216.183.115.((4(8|9))|(5[0-9])|(6[0-3]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 19Jul2002: O.S.T. Inc - gambling from .ca
#  216.187.76.0/22
:0
* IPEXTERNAL ?? 216.187.76.(([0-9])|([0-5][0-9])|(6[0-3]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 11Jul2002: web3000.com
#   216.207.80.0/24
:0
* IPEXTERNAL ?? 216.207.80.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 28Jul2002: AXA Assistance USA - spam with mail.com forged return addys
#   216.216.140.64/26
:0
* IPEXTERNAL ?? 216.216.140.((6[4-9])|((7|8)[0-9])|(9[0-5]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 28Sep2002: CyberGate spam
#   216.219.128.0/17
:0
* IPEXTERNAL ?? 216.219.((1((2(8|9))|([3-9][0-9])))|(2[0-5][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 18Jul2002: .gt (Guatemala) spam
#   216.230.128.0/18
:0
* IPEXTERNAL ?? 216.230.1((2(8|9))|([3-5][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 6Aug2002: block reported on spam-l
#   216.236.156.0/24
:0
* IPEXTERNAL ?? 216.236.156.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 14Oct2001: Blocking "AstroCenter" for astrocenter.com
#   216.239.209.128/28  (exodus.net)
:0
* IPEXTERNAL ?? 216.239.209.((12[8-9])|(13[0-9])|(14[0-3]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 17Jul2002: Block Targeted EMail Direct, mailstimulator.com spam, .cl block
#   216.241.0.0/16
:0
* IPEXTERNAL ?? 216.241.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 5Oct2001: Blocking "{any name here}" from ciberlynx.net
#   216.242.0.0/16
:0
* IPEXTERNAL ?? 216.242.[0-9]+.[0-9]+
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 17Jul2002: spam from edeltacom.com
#   216.248.176.0/24
:0
* IPEXTERNAL ?? 216.248.176.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 9Aug2002: Convergence Research - email to SMS phone
#   216.254.4.0/24
:0
* IPEXTERNAL ?? 216.254.4.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 16Jul2002: Blocking .it block - dialups
#   217.58.200.0/24
#   217.59.162.0/24
:0
* IPEXTERNAL ?? 217.((58.200.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(59.162.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 11Jul2002: Blocking .de block - dialups
#   217.80.0.0/13
:0
* IPEXTERNAL ?? 217.8[0-9].(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 16Aug2002: spammer in .sk block
#   217.11.245.0/24
:0
* IPEXTERNAL ?? 217.11.245.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 27May2003: skynet.be adsl spammer
#   217.136.209.0/24
:0
* IPEXTERNAL ?? 217.136.136.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 11Jul2002: Blocking .ch block
#   217.162.64.0/18
:0
* IPEXTERNAL ?? 217.162.((6[4-9])|([7-9][0-9])|(1(((0|1)[0-9])|(2[0-7])))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 22Oct2002: .ae block
#   217.164.0.0/15
:0
* IPEXTERNAL ?? 217.16(4|5).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 12Jul2002: Blocking a .fr block - spam
#   217.167.34.0/23
:0
* IPEXTERNAL ?? 217.167.3(4|5).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 10Oct2002: Screw .cn block - too much spam
#   218.0.0.0/8
:0
* IPEXTERNAL ?? 218.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 07Sep2005: Blocking spam
#   222.136.112.0/24
:0
* IPEXTERNAL ?? 222.136.112.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 25Jul2002: shockwave.com spam
#   63.251.52.0/24
#  63.251.252.0/24  luckysurf.com
:0
* IPEXTERNAL ?? 63.251.2?52.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 19Aug2002: gotomypc.com spam - expertcity.com
#   63.251.224.0/24
:0
* IPEXTERNAL ?? 63.251.224.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 4Oct2001: Blocking "Apple News" netblock for lists.apple.com
#    17.254.0.152
:0
* IPEXTERNAL ?? 17.254.0.152
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 30Nov2002: formmail spam
#   12.23.44.3
:0
* IPEXTERNAL ?? 12.23.44.3
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 30Jul2002: spam-l reported block
#   12.33.196.176/28
:0
* IPEXTERNAL ?? 12.33.196.1((7[6-9])|(8[0-9])|(9(0|1)))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 29Jul2002: Invesmart - invesmart.com spam
#    12.46.232.0/27
:0
* IPEXTERNAL ?? 12.46.232.(([0-9])|([0-2][0-9])|(3(0|1)))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Aug2002: fossil - spam
#    12.106.212.0/24
:0
* IPEXTERNAL ?? 12.106.212.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 02Dec2002: flowgo.com new spam
#    12.129.204.0/23
:0
* IPEXTERNAL ?? 12.129.20(4|5).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 11Nov2002: henson.com spam
#    12.146.198.0/24
:0
* IPEXTERNAL ?? 12.146.198.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 14Aug2002: M2 communications - spam
#    12.149.38.0/24
:0
* IPEXTERNAL ?? 12.149.38.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Jul2002: Block Inter-Mountain data storage - spam
#    12.165.106.0/24
:0
* IPEXTERNAL ?? 12.165.106.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 5Aug2002: AT&T direct-to-MX spam
#    12.245.0.0/16
:0
* IPEXTERNAL ?? 12.245.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 8Aug2002: Large .uy block (and most of central america)
#    200.0.0.0/8
:0
* IPEXTERNAL ?? 200.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Jul2002: .ar spam
#    200.9.212.0/23
:0
* IPEXTERNAL ?? 200.9.21(2|3).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 17Jul2002: .co spam
#    200.24.0.0/16
#    200.21.13.0/24  ImpSat
:0
* IPEXTERNAL ?? 200.((24.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(31.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 25Jul2002: .pe/.ec spam
#    200.37.0.0/16
#    200.41.0.0/16
:0
* IPEXTERNAL ?? 200.((37)|(41)).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 17Jul2002: .ar spam
#    200.42.0.0/16
:0
* IPEXTERNAL ?? 200.42.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 17Jul2002: .pe spam
#    200.48.0.0/16
:0
* IPEXTERNAL ?? 200.48.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 16Jul2002: Blocking someonelikesto(spam)you.com
#    65.19.140.0/24
:0
* IPEXTERNAL ?? 65.19.140.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Aug2002: spam from rr.com
#    65.33.8.0/24
:0
* IPEXTERNAL ?? 65.33.8.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 11Jul2002: Blocking known spamhaus
#    65.39.144.0/21
:0
* IPEXTERNAL ?? 65.39.1((4[4-9])|(5(0|1))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 22Oct2002: web server reseller, no abuse policy
#    65.77.24.0/23
:0
* IPEXTERNAL ?? 65.77.2(4|5).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 08Dec2002: 23rd century marketing group, spam
#    65.77.47.0/24
:0
* IPEXTERNAL ?? 65.77.47.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Aug2002: www.firstdentalplans.com spam from XO block
#    65.107.237.0/24
:0
* IPEXTERNAL ?? 65.107.237.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 05Dec2002: Multidata spam
#    65.118.181.0/24
:0
* IPEXTERNAL ?? 65.118.181.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 19Jul2002: Blocking dhs-club known spammer
#    65.120.168.0/22
:0
* IPEXTERNAL ?? 65.120.1((6(8|9))|(7(0|1))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 24Jul2002: block per spam-l
#    65.123.236.0/23
:0
* IPEXTERNAL ?? 65.123.23(6|7).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 11Jul2002: Blocking World Reach in Irvine
#    65.123.247.0/24
:0
* IPEXTERNAL ?? 65.123.247.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 25Oct2001: Blocking "Qwest Comms" netblock - too much spam
#    65.128.0.0/12
:0
* IPEXTERNAL ?? 65.1((2(8|9))|((3|4|5)[0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 23Jul2002: Beldar associates - spam
#    65.163.106.0/24
:0
* IPEXTERNAL ?? 65.163.106.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 4Oct2001: Blocking "Fred Lusky, L.L.C" netblock for snailfriends.com
#    65.166.232.0/24
:0
* IPEXTERNAL ?? 65.166.232.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 7Aug2002: sex membership spam - cogentco.com space
#   66.28.100.0/22  "new horizon collocation" for suzysfreeporn.com 29-Oct-2002
#   66.28.81.0/24  11-Feb-03
#   66.28.153.0/24  "ideaflood"
#   66.28.208.0/24
#   66.28.248.0/24  "www.teensdelivery.com"  11-Oct-2002
:0
* IPEXTERNAL ?? 66.28.((81)|(10[0-7]|153|208|248)).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 18Jul2002: GT Group Telecom - .ca sex spam
#   66.38.206.0/24
:0
* IPEXTERNAL ?? 66.38.206.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 28Aug2002: hispeed hosting - maktoob.com spam
#   66.70.92.0/24
#   66.70.18.0/24  Xu Hong spammer
:0
* IPEXTERNAL ?? 66.70.((18)|(92)).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 4Dec2002: rr.com dialup spammer
#   66.74.195.0/24
:0
* IPEXTERNAL ?? 66.74.195.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 18Jul2002: Sprint "BWG" - sex spam
# 30Jul2002: Removed - Sprint has a conscience, so report to abuse instead.
#   66.87.139.0/24  (it's a /16, but try blocking smaller portion 1st)
#   i.e. securityfocus.com is 66.38.151.10, .19, .27
# :0
# * IPEXTERNAL ?? 66.87.139.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
# {
#  EXITCODE=77
#  :0
#  | ${UCE}
# }
#
# 29Jul2002: LightRealm block - selfhelpguides.com
#    66.111.64.0/19
:0
* IPEXTERNAL ?? 66.111.((6[4-9])|((7|8)[0-9])|(9[0-5])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 4Oct2001: Blocking "Fred Lusky, L.L.C" netblock for  
#    66.114.199.0/24
:0
* IPEXTERNAL ?? 66.114.199.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 07Feb2003: optinxmail.com
# 66.115.190.0/24
:0
* IPEXTERNAL ?? 66.115.190.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 08Dec2002: spam block - waterydesigns.com
#    66.124.82.0/24
:0
* IPEXTERNAL ?? 66.124.82.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 12Jul2002: spam block
#    66.134.163.0/24
:0
* IPEXTERNAL ?? 66.134.163.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 17Jul2002: Hunting Beach, Bandview, spam block
#    66.148.63.0/24
:0
* IPEXTERNAL ?? 66.148.63.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 10Oct2002: "CP Cyber Wurx" block
#    66.154.0.0/18
:0
* IPEXTERNAL ?? 66.154.(([0-9])|([1-8][0-9])|(9[0-5])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Jul2002: spectrum access - weight loss and sex spam
#    66.170.96.0/20
:0
* IPEXTERNAL ?? 66.170.((9[6-9])|(1((0[0-9])|(1(0|1))))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 07Oct2002: Charter Comm - ft worth tx spammer
#    66.169.112.0/20
:0
* IPEXTERNAL ?? 66.169.1((1[2-9])|(2[0-7])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 20Aug2002: misdirected .py email
#    66.178.33.0/23
:0
* IPEXTERNAL ?? 66.178.3(3|4).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Jul2002: DirectStuff.com
#    66.179.17.0/24
:0
* IPEXTERNAL ?? 66.179.17.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 23Jul2002: usagreetings.com spam
#    66.180.237.0/24
:0
* IPEXTERNAL ?? 66.180.237.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 12Jul2002: likewhoa.com for sex spam
#    66.181.160.0/20
:0
* IPEXTERNAL ?? 66.181.1((6[0-9])|(7[0-5])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 17Jul2002: spam from uunet
#    65.192.213.0/24
#    65.196.61.0/24
:0
* IPEXTERNAL ?? 66.192.((61)|(213)).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Jul2002: spam from uunet (music)
#    65.213.188.0/24
:0
* IPEXTERNAL ?? 66.213.188.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Jul2002: az media spam
#    66.197.0.0..95.255
:0
* IPEXTERNAL ?? 66.197.(([0-8][0-9])|(9[0-5])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 01May2003: azoogle.com
#    66.197.140.0/24
#    66.197.170.0/24
:0
* IPEXTERNAL ?? 66.197.1(4|7)0.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 18Jul2002: internetseer look-alike as in spam-l
#    209.123.178.0/27
:0
* IPEXTERNAL ?? 209.123.178.(([0-9])|([1-2][0-9])|(3(0|1)))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 30Oct2002: interactive marketing group - spam
#    209.125.37.0/24
:0
* IPEXTERNAL ?? 209.125.37.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 13Oct2001: Blocking "Launch" for launch-media.net
#    209.132.229.0/23
:0
* IPEXTERNAL ?? 209.132.2((29)|(3(0|1))).(([0-9])|([0-9][0-9])|(((1|2)[0-9][0-9])))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 17Feb2003: ice???.net for cooleremail spam
#   209.246.228.0/24
:0
* IPEXTERNAL ?? 209.246.228.(([0-9])|([0-9][0-9])|(((1|2)[0-9][0-9])))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 24Oct2001: Blocking "Creative Marketing Zone" netblock - Ralsky company
#    65.174.218.0/23
:0
* IPEXTERNAL ?? 65.174.21(8|9).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 17Jul2002: spam from "Niuniu Ji"? in cybercon.com space
#    66.201.64.0/18
:0
* IPEXTERNAL ?? 66.201.((6[4-9])|([7-9][0-9])|(1((0|1)[0-9])|(2[0-7]))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 1Aug2002: Internet Presence, Inc. - "gateway.inetpres.com" 
#    66.207.201.0/24
:0
* IPEXTERNAL ?? 66.207.201.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 10Oct2002: www.netleadsource.com in rackspace
#  66.216.113.0/24
:0
* IPEXTERNAL ?? 66.216.113.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 04Sep2002: ms83.com spam
#  66.216.109.0/24
:0
* IPEXTERNAL ?? 66.216.109.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 11Aug2002: c0olmail.com spammer
#    66.216.110.0/24
:0
* IPEXTERNAL ?? 66.216.110.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 11Jul2002: yahoo bulk blocks
#    66.218.64.0/18
#  66.218.73.0/24  try smaller blocking 7-Feb-2003
#  66.218.66.0/24  03-Jun-2003
#  66.218.69.0/24  19-Feb-2003
:0
# * IPEXTERNAL ?? 66.218.((6[4-9])|((7|8)[0-9])|(9[0-5])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
* IPEXTERNAL ?? 66.218.(66|69|73).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Jul2002: oin60.com, oin50.com
#    66.236.248.0/24
:0
* IPEXTERNAL ?? 66.236.248.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 27Jun2003: new bulk emailer
#    66.238.134.0/24
:0
* IPEXTERNAL ?? 66.238.134.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 5Aug2002: Broadspire, inc - hsmmailer.net
#    66.240.128.0/26  - block this if spam continues
#  66.240.190.0/24  - only block this first time
:0
* IPEXTERNAL ?? 66.240.190.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 18Jul2002: cogento.ca block spamming for www.teenranch4free.com
#    66.250.72.0/24
:0
* IPEXTERNAL ?? 66.250.72.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 18Jul2002: myfreerewards.com
#    66.250.127.0/24
:0
* IPEXTERNAL ?? 66.250.127.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 4Oct2001: Blocking "iVillage/Knowledge Web" netblock for advertising.com
#    209.157.220.0/25
:0
* IPEXTERNAL ?? 209.157.220.(([0-9])|([0-9][0-9])|(([0-1][0-1][0-9])|(12[0-7])))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 4Oct2001: Blocking "IVillage" netblock for ivillage.com
#    216.35.47.0/24
#   209.185.162.0/24
:0
* IPEXTERNAL ?? ((216.35.47.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(209.185.162.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 4Oct2001: Blocking "Editorial America Iberica" netblock
#   for zdnet-es.com 212.49.152.0/24
:0
* IPEXTERNAL ?? 212.49.152.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 9Aug2002: Still pm0.net blocking, but Verio blocks removed due to action.
#  128.121.122.32/27
#  128.121.231.0/24
#  129.250.225.0/24  7-Feb-2003
#  128.121.253.0/24  9-Sep-2003: registeredwinners.com spam
#  161.58.160.0/24
#  161.58.223.0/25
#  209.133.65.0/25
#  209.133.67.128/25
#  209.196.17.106
#  209.235.17.89
#  216.205.123.78
#  216.205.125.120-4
#  216.205.21.0/25
#  216.205.91.0/26
# 161.58.202.0/24
:0
* IPEXTERNAL ?? ((128.121.122.((3[2-9])|([4-5][0-9])|(6[0-3])))|\
(128.121.231.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(129.250.225.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(128.121.253.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(161.58.160.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(161.58.223.(([0-9])|([0-9][0-9])|(1((0|1)[0-9])|(2[0-7]))))|\
(209.133.67.((1(2[8-9])|([3-9][0-9]))|(2[0-5][0-9])))|\
(209.196.17.106)|\
(209.235.17.89)|\
(216.205.123.78)|\
(216.205.125.12[0-4])|\
(216.205.21.(([0-9])|([0-9][0-9])|(1((0|1)[0-9])|(2[0-7]))))|\
(216.205.68.10[6-9])|\
(216.205.91.(([0-9])|((1[0-9])|(2[0-7])))))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 9Aug2002: Digital Connexxions - marketing spam
#  209.47.251.0/24
#  209.167.239.0/24
:0
* IPEXTERNAL ?? 209.((47.251)|(167.239)).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Jul2002: interliant - bestmail.com spam
#  209.196.45.0/24
:0
* IPEXTERNAL ?? 209.196.45.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 28Jul2002: .cm spam
#  209.198.243.0/24
:0
* IPEXTERNAL ?? 209.198.243.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Jul2002: eloan.com and webshots.com - in verio space
#  128.242.103.0/24  ulimit.com
#  128.242.104.0/24  eloan.com, webshots.com
#  128.242.207.0/24  Plumeus - Montreal QB in a .226/32 (!)
:0
* IPEXTERNAL ?? 128.242.((10(3|4))|(207)).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 23Apr2003: optinmedia spam
#  128.242.100.0/23
:0
* IPEXTERNAL ?? 128.242.10(0|1).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 4Oct2001: Kim Marin block (from NANAE) for optin.com  (still reg 23Apr2003)
#  65.208.106.128/26
:0
* IPEXTERNAL ?? 65.208.106.1((2[8-9])|([3-8][0-9])|(9[0-1]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 14Aug2002: Ion-Entertainment spam
#  65.241.155.0/24
:0
* IPEXTERNAL ?? 65.241.155.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 19Aug2002: Infostrada Housing - .it spam toner cartridge spam bouncing
#   through this network
#   193.70.192.0/22
:0
* IPEXTERNAL ?? 193.70.19([2-5]).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 3Aug2002: emf-fem.org mortgage spam
#   193.121.138.0/24
:0
* IPEXTERNAL ?? 193.121.138.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 16Jul2002: block oxfordbusinessgroup.com - unsubscribed newsletter
#  15Oct2002: widening block to entire ISP.
#   193.192.96.0/19
:0
* IPEXTERNAL ?? 193.192.((9[6-9])|(10([0-9])|(11[0-8]))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 19Jul2002: block spammer in .gb area
#   193.195.96.0/24
:0
* IPEXTERNAL ?? 193.195.96.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 30Jul2002: spam-l reported block, .ua space
#   194.44.120.0/22
:0
* IPEXTERNAL ?? 194.44.12[0-7].(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 19Aug2002: .cz spam
#   194.108.145.0/24
:0
* IPEXTERNAL ?? 194.108.145.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 28Jul2002: .lb spam
#   194.126.5.0/24
:0
* IPEXTERNAL ?? 194.126.5.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 5Oct2001: Blocking uk.xo.com  for www.xara.com
#   194.143.183.0/24 
:0
* IPEXTERNAL ?? 194.143.183.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 28Sep2002: .my spam
#   61.6.0.0..191.255
:0
* IPEXTERNAL ?? 61.6.(([0-9])|([1-9][0-9])|(1(([0-9])|([1-8][0-9])|(9(0|1))))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 29Jul2002: Blocking ..au intrapower services
#   61.8.96.0/19
:0
* IPEXTERNAL ?? 61.8.((9[6-9])|(1(((0|1)[0-9])|(2[07])))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 18Jul2002: Blocking .hk cable
#   61.10.96.0/19
:0
* IPEXTERNAL ?? 61.10.((9[6-9])|(1(((0|1)[0-9])|(2[07])))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 16Jul2002: Blocking .tw
#   61.56.0.0..67.255.255
:0
* IPEXTERNAL ?? 61.((5[6-9])|(6[0-7])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 24Jul2002: Blocking .kr
#   61.77.16.0..29.255
:0
* IPEXTERNAL ?? 61.77.((1[6-9])|(2[0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 24Jul2002: Blocking .kr
#   61.72.100.0..119.255
:0
* IPEXTERNAL ?? 61.72.(1(0|1)[0-9]).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 18Jul2002: Blocking .jp blocks
#   61.127.9.0/24
:0
* IPEXTERNAL ?? 61.127.9.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 24Jul2002: Blocking .cn blocks
#   61.134.0.0/16
#   61.139.0.0/16
:0
* IPEXTERNAL ?? 61.13(4|9).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 25Jul2002: Blocking .cn blocks
#   61.144.0.0/12
:0
* IPEXTERNAL ?? 61.1((4[4-9])|(5[0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 16Jul2002: Blocking .cn
#   61.168.0.0..175.255.255
#   61.183.0.0/23
#   61.240.0.0/14
:0
* IPEXTERNAL ?? 61.((1((6(8|9))|(7[0-5])|(83)))|(24[0-3])).\
(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 25Jul2002: Blocking .jp blocks
#   61.214.0.0/17
:0
* IPEXTERNAL ?? 61.214.(([0-9])|([0-9][0-9])|(1(((0|1)[0-9])|(2[0-7])))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 22Jul2002: Blocking hinet.net blocks
#   61.220.72.0/24
#   61.228.0.0/14
:0
* IPEXTERNAL ?? 61.((2((2(8|9))|(3(0|1))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(220.72.[0-9]+))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 14Jul2002: Blocking uk cyber cafe area
#   62.6.158.0/24
:0
* IPEXTERNAL ?? 62.6.158.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 03Sep2002: jazztel.com unconfirmed list server
#   62.14.0.0/15
:0
* IPEXTERNAL ?? 62.1(4|5).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 6Aug2002: Blocking uk direct-to-mx spam
#   62.31.119.0/24
:0
* IPEXTERNAL ?? 62.31.119.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 11Nov2002: .nl spam source
#   62.58.50.0/24
:0
* IPEXTERNAL ?? 62.58.50.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 19Aug2002: dialup area that refuses spamcop reports
#   62.60.0.0/19
:0
* IPEXTERNAL ?? 62.60.(([0-9])|((1|2)([0-9]))|(3(0|1))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 30Jul2002: upgraded to /16.  .es spam
#   62.81.0.0/16
:0
* IPEXTERNAL ?? 62.81.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 11Jul2002: .cz domain due to spamming
#   62.105.0.0/19
:0
* IPEXTERNAL ?? 62.105.(([0-9])|((1|2)[0-9])|(3(0|1))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 24-Mar-2005: list server
#   62.114.150.0/24
:0
* IPEXTERNAL ?? 62.114.150.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Jul2002: .de spam
#   62.138.167.0/24
#   62.157.183.0/24
:0
* IPEXTERNAL ?? 62.((138.167.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(157.183.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 25Jul2002: .kw spam 
#   62.150.0.0/16
:0
* IPEXTERNAL ?? 62.150.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 18Jul2002: .de spam 
#   62.159.207.0/24
:0
* IPEXTERNAL ?? 62.159.207.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 16Jul2002: .uk spam 
#   62.172.122.0/24
:0
* IPEXTERNAL ?? 62.172.122.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 16Jul2002: .uk spam dialup uunet block
#   62.188.134.0/24
:0
* IPEXTERNAL ?? 62.188.134.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 7Oct2001: Blocking virtgame.com - numerous "authentication codes"
#   130.94.121.0/29
:0
* IPEXTERNAL ?? 130.94.121.(([0-9])|(1[0-5]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 27Jul2002: .tw hinet spam
#  163.29.0.0/16
:0
* IPEXTERNAL ?? 163.29.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 17Jul2002: .cl - spam
#  164.77.32.0..255.255
:0
* IPEXTERNAL ?? 164.77.((3[2-9])|([4-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 31Oct2001: Blocking "Singapore Telco"
#  165.21.0.0/16
:0
* IPEXTERNAL ?? 165.21.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 28Sep2002: .kr
#  168.126.0.0/16
:0
* IPEXTERNAL ?? 168.126.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 27Nov2002: Telefonica de Argentina
#  168.226.0.0/16
:0
* IPEXTERNAL ?? 168.226.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 24Jul2002: Universidad Centroamericana .sv spam
#  168.243.0.0/16
:0
* IPEXTERNAL ?? 168.243.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 18Jul2002: CNET - spam
#  206.16.0.0/22
:0
* IPEXTERNAL ?? 206.16.[0-7].(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 13Dec2002: verizon spam
# 11Jul2003: unblocked because somebody valid is at 206.46.170.106
#   206.46.170.0/24
# :0
# * IPEXTERNAL ?? 206.46.170.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
# {
#  EXITCODE=77
#  :0
#  | ${UCE}
# }
#
# 7Oct2001: Blocking single IP - french domain spamming US email mktg.
#   206.49.157.36/32
:0
* IPEXTERNAL ?? 206.49.157.36
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 25Oct2001: Blocking "Admin Nacional de Tele..." adinet.com.uy
#  206.99.44.0/24
#  206.99.54.0/24
:0
* IPEXTERNAL ?? 206.99.(4|5)4.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 12Aug2002: Blocking The Global Tap Corp for starlinehosting.com spam
#   206.104.238.0/24
:0
* IPEXTERNAL ?? 206.104.238.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 8Oct2001: Blocking "romaintic-sex.com" domain
#   206.135.90.((146)|(15(1|2)))
:0
* IPEXTERNAL ?? 206.135.90.((146)|(15(1|2)))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 5Oct2001: Blocking "unknown" mail server from kidstuff.com
#   206.150.208.231
:0
* IPEXTERNAL ?? 206.150.208.231
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 16Jul2002: Forget fighting the subblocks - block the entire /16
#   200.40.0.0/16
:0
* IPEXTERNAL ?? 200.40.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 11Jul2002: .ar spam
#    200.45.191.0/24
:0
* IPEXTERNAL ?? 200.45.191.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 23Jul2002: .mx block
#   200.53.64.0/23
:0
* IPEXTERNAL ?? 200.53.6(4|5).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 3Aug2002: .uy block
#   200.60.133.0/24
:0
* IPEXTERNAL ?? 200.60.133.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 17Jul2002: .ar block
#   200.63.0.0/16
:0
* IPEXTERNAL ?? 200.63.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 16Jul2002: Uninet S.A. - .mx spam
#   200.67.0.0/16
:0
* IPEXTERNAL ?? 200.67.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 16Jul2002: NSS S.A. - .ar spam
#   200.69.0.0/16
:0
* IPEXTERNAL ?? 200.69.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Jul2002: sex spam from Chile
#   200.72.0.0..223.255
:0
* IPEXTERNAL ?? 200.72.(([0-9])|([0-9][0-9])|(1[0-9][0-9])|(2(((0|1)[0-9])|(2[0-3])))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 12Jul2002: Blocking Brazil
#   200.158.0.0/17
#   200.161.0.0/16
#   200.177.0.0/16
#   200.176.0.0/16
:0
* IPEXTERNAL ?? 200.((158.(([0-9])|([0-9][0-9])|(1[0-1][0-9])|(12[0-7])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(1(61|76|77).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 14Jul2002: Blocking Brazil
#   200.207.0.0/17
:0
* IPEXTERNAL ?? 200.207.(([0-9])|([0-9][0-9])|(1[0-1][0-9])|(12[0-7])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Jul2002: Blocking Brazil
#   200.204.0.0/16
#   200.225.0.0/16
#   200.231.0.0/16  .br, .pr
#   200.248.0.0/16
:0
* IPEXTERNAL ?? 200.2((04)|(25)|(31)|(48)).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
# 10Oct2001: Blocking "uol.com.br"
#   200.246.5.102
#   200.230.198.82
:0
* IPEXTERNAL ?? ((200.246.5.102)|\
(200.230.198.82))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 19Jul2002: Blocking Verado, Inc - toner cartridge spam
#   64.78.146.0/24
:0
* IPEXTERNAL ?? 64.78.146.(([0-9])|([0-9][0-9])|((1|2)[[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Jul2002: Netgain Technology
#   64.83.222.0/24
:0
* IPEXTERNAL ?? 64.83.222.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 6Oct2001: Blocking "cavecreek.net" from emailbucks.com
#   64.38.192.0/18  (taken out 27-May-2003)
#  let in 64.38.207.77  == alibis.com
#   63.209.159.0/25 (Level3)
#   This is a big block, but they are big spammers.  Casino spam.
:0
* IPEXTERNAL ?? (63.209.159.(([0-9])|([0-9][0-9])|(1[0-1][0-9])|(12[0-7])))
# (64.38.((19[2-9])|(2[0-5][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 19Jul2002: .uy spam
#   207.3.112.0/20
:0
* IPEXTERNAL ?? 207.3.1((1[2-9])|(2[0-7])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 10Oct2002: cnn.com news alerts
#   207.25.80.0/24
:0
* IPEXTERNAL ?? 207.25.80.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 6Oct2001: Blocking "TrackingSoft LLC" from interferenza.net
#   207.65.74.0/24
:0
* IPEXTERNAL ?? 207.65.74.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 21Aug2002: some .jo email list
#   194.165.142.0/24
:0
* IPEXTERNAL ?? 194.165.142.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 22Jul2005: spam
#   213.100.28.0/24
:0
* IPEXTERNAL ?? 213.100.28.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 27Jul2005: spam
#   81.211.64.0/24
:0
* IPEXTERNAL ?? 81.211.64.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 28Jul2005: spam
#   81.156.228.0/24
:0
* IPEXTERNAL ?? 81.156.228.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 27Jul2005: spam
#   81.211.64.0/24
:0
* IPEXTERNAL ?? 81.211.64.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 26Jul2005: spam
#   70.106.86.0/24
:0
* IPEXTERNAL ?? 70.106.86.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 22Jul2005: spam
#   83.22.255.0/24
:0
* IPEXTERNAL ?? 83.22.255.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Nov2005: spam from .jp
#   220.221.87.0/24
:0
* IPEXTERNAL ?? 220.221.87.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 22Jun2005: somebody forging fastlink.com email trying to phish passwords
#   194.165.145.0/24
#   194.165.155.0/24
:0
* IPEXTERNAL ?? 194.165.1(4|5)5.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 24Jun2005: somebody forging fastlink.com email trying to phish passwords
#   59.167.35.71
#   61.8.32.0/24
#   61.8.34.0/24
#   61.8.43.0/24
#   61.8.46.0/24
#   62.215.248.0/24
#   64.19.111.0/24
#   70.107.11.0/24
#   82.55.102.0/24
#   83.110.168.0/24
#   84.235.37.0/24
#   86.108.20.227
#   151.203.114.0/24
#   193.188.95.0/24
#	212.38.145.0/24
# 212.38.147.0/24
# 213.186.0.0/16
# 217.15.18.0/24
:0
* IPEXTERNAL ?? (59.167.35.71)|(61.8.[3[2|4]|4[2|6]].(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(64.19.111.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(62.215.248.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(193.188.95.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(70.107.11.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(82.55.102.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(83.110.168.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(84.235.37.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(86.108.20.227)|\
(151.203.114.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(212.38.145.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(212.38.147.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(213.186.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(217.15.18.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 23Nov2005: fbi.gov, cia.com virus
#   80.90.167.0/22, 212.118.0.0/16, 212.38.133.117 221.168.138.148
#   86.108.21.16 212.35.73.45 144.131.135.134 86.96.172.0/24 86.108.14.39
:0
* IPEXTERNAL ?? (80.90.1((6[7-9])|(70)).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(212.118.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(212.38.133.117)|(221.168.138.148)|(66.56.94.235)|(67.181.171.124)|\
(208.5.197.185)|(212.35.74.198)|(86.108.21.16)|\
(212.35.73.45)|(144.131.135.134)|(86.96.195.81)|\
(86.96.172.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(86.108.14.39)
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 13Dec2005: some .tw spam
#   203.67.158.0/24
:0
* IPEXTERNAL ?? 203.67.158.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 08Dec2002: some .de spam, uunet.de space
#   194.172.110.0/23
:0
* IPEXTERNAL ?? 194.172.11(0|1).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 27Dec2005: some .uy spam
#   200.125.9.0/24
:0
* IPEXTERNAL ?? 200.125.9.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 05Dec2005: spam
#   60.47.195.128 & 62.42.68.206
:0
* IPEXTERNAL ?? ((60.47.195.128)|(62.42.68.206))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 06Dec2005: paypal scam spam
#   68.111.43.212 83.103.76.255 193.231.120.240
:0
* IPEXTERNAL ?? ((68.111.43.212)|(83.103.76.255)|(193.231.120.240))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 23Jul2002: Merchantile Sistemi - .it spam
#   194.184.59.0/24
:0
* IPEXTERNAL ?? 194.184.59.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 14Jul2002: Block - spam-l reported
#   194.198.208.0/24
:0
* IPEXTERNAL ?? 194.198.208.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 06Dec2005: dildo spam
#   194.165.98.0/24
:0
* IPEXTERNAL ?? 194.165.98.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 30Nov2002: Demon Internet .uk spam
#   194.217.242.0/24
:0
* IPEXTERNAL ?? 194.217.242.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 24Apr2003: spam newsletters .cy
#   195.14.133.0/24
:0
* IPEXTERNAL ?? 195.14.133.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Jul2002: Block Panda Software - .es
#   195.55.170.0/23
:0
* IPEXTERNAL ?? 195.55.17(0|1).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 13Aug2002: D0nbass Regional Information System, .ua spam
#   195.58.228.0/22
:0
* IPEXTERNAL ?? 195.58.2((2(8|9))|(3(0|1))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 05Dec2002: spammer
#   195.65.255.0/24
:0
* IPEXTERNAL ?? 195.65.255.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 16Aug2002: ringtones.com (and 412 domains registered to 195.82.119.102!)
#   195.82.119.0/24
:0
* IPEXTERNAL ?? 195.82.119.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 10Oct2002: "ovum uk"
#   195.110.87.0/24
:0
* IPEXTERNAL ?? 195.110.87.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Jul2002: Block Support Net - Netherlands for redlightmail spam
#   195.114.228.0/22
:0
* IPEXTERNAL ?? 195.114.2((2(8|9))|(3(0|1))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 20Feb2003: .ru spam promoting geocities website
#   195.133.149.0/24
:0
* IPEXTERNAL ?? 195.133.149.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 2Aug2002: maktoob.net spam
#   195.172.126.0/24
:0
* IPEXTERNAL ?? 195.172.126.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 18Jul2002: Netsurvey Bolinder AB - .se
#   195.178.190.0/24
:0
* IPEXTERNAL ?? 195.178.190.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 16Oct2002: .kw (Kwait) spam
#   195.226.227.0/24
:0
* IPEXTERNAL ?? 195.226.227.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 16Jul2002: .ru spam
#   195.239.67.0/24
:0
* IPEXTERNAL ?? 195.239.67.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 26Jul2002: .cz,.it spam
#   195.250.0.0/16
:0
* IPEXTERNAL ?? 195.250.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 6Oct2001: Blocking "Heath Lambert Group" spammer.
#   194.205.96.224/27
:0
* IPEXTERNAL ?? 194.205.96.2((2[4-9])|([3-5])([0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 6Aug2002: .uk spam in link information technology
#   194.205.217.224/27
:0
* IPEXTERNAL ?? 194.205.96.2((2[4-9])|([3-5])([0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Jul2002: herpipo s.l. - .es spam
#   194.224.50.0/23
:0
* IPEXTERNAL ?? 194.224.5(0|1).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 18Jul2002: .ca dialups
#   134.22.64.0/24
:0
* IPEXTERNAL ?? 134.22.64.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 9Aug2002: eserverhost.com spam
#   139.81.32.0/24
:0
* IPEXTERNAL ?? 139.81.32.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 30Jul2002: Telestra, .au spam, bigpond.com
#   139.134.0.0/16
:0
* IPEXTERNAL ?? 139.134.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 7Oct2001: Blocking talkcity.com
#   206.112.100.64/26
:0
* IPEXTERNAL ?? 206.112.100.((6[4-9])|([7-9][0-9])|(1[0-1][0-9])|(12[0-7]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Aug2002: some email list spam inside "hooked Inc"
#   206.169.246.0/24
:0
* IPEXTERNAL ?? 206.169.246.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 06Dec2002: scientific instruments - inside verio
#   206.184.231.0/24
:0
* IPEXTERNAL ?? 206.184.231.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 16Aug2002: PPPoX block - spam
#  64.109.1.0/24
:0
* IPEXTERNAL ?? 64.109.1.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 12Jul2002: Blocking sex spam
#   64.119.202.0/24
:0
* IPEXTERNAL ?? 64.119.202.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 7Oct2001: Blocking "freesex.net" inside city-guide.com.
#   64.159.95.252
:0
* IPEXTERNAL ?? 64.159.95.252
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 7Oct2001: Blocking "paltalk.com"
#   199.106.211.55
:0
* IPEXTERNAL ?? 199.106.211.55
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Jul2002: Blocking Bradford & Reed, Inc. for mailbits.com spam
#   199.106.236.0/22
#   209.117.250.0/24
:0
* IPEXTERNAL ?? ((199.106.23([6-9]).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(209.117.250.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Jul2002: Blocking mtvi.com spam
#   199.107.184.0/24
:0
* IPEXTERNAL ?? 199.107.184.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 14Aug2002: 2000greetings.com spam
#   199.218.5.0/24
:0
* IPEXTERNAL ?? 199.218.5.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 1Nov2001: Blocking luckysurf.com email server.  Sits on Level3.
#   64.156.212.0/24
#   64.211.251.0/24
:0
* IPEXTERNAL ?? (64.156.212.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(64.211.251.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Jul2002: More level3 spam dailyripple.com
#   64.156.187.0/24
:0
* IPEXTERNAL ?? 64.156.187.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 8Oct2001: Blocking pornmail.com email server.  Sits on Level3.
#   64.156.213.55
:0
* IPEXTERNAL ?? 64.156.213.55
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 29Jul2002: Blocking sf adsl in SBC space
#   64.162.50.56/29
:0
* IPEXTERNAL ?? 64.162.50.((5[6-9])|(6[0-3]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 19Feb2003: arabia spam, continues despite reporting
#   64.191.4.0/24
:0
* IPEXTERNAL ?? 64.191.4.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 14Jul2002: Blocking section of dialtone internet - spam.
#   64.239.102.0/24
:0
* IPEXTERNAL ?? 64.239.102.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 30Oct2002: some spammer in dialtone internet
#   64.239.105.0/24
:0
* IPEXTERNAL ?? 64.239.105.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 1Aug2002: EV1 - known spammer
#   64.246.0.0/16
:0
* IPEXTERNAL ?? 64.246.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 16Jul2002: Block part of Infolink Communications because of spam
#   64.251.0.0/19
:0
* IPEXTERNAL ?? 64.251.(([0-9])|((1|2)[0-9])|(3(0|1))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 9Aug2002: new spam block as reported in spam-l
#  64.253.199.0/24
:0
* IPEXTERNAL ?? 64.253.199.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 8Oct2001: Blocking lifeminders.com email server.  Sits on PSINET.
#   38.202.37.197
:0
* IPEXTERNAL ?? 38.202.37.197
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 11Jul2002: dailydepot.com
#   198.64.133.0/24
:0
* IPEXTERNAL ?? 198.64.133.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 16Jul2002: S&S Computers - virus spam addressed to and from fastlink.com
#   198.67.8.0/24
:0
* IPEXTERNAL ?? 198.67.8.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 30Aug2002: gpmnet.com (GlobalPoint Media) spam
#   198.92.251.0/24
:0
* IPEXTERNAL ?? 198.92.251.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 12Jul2002: opinionsurveys.com
#   198.172.112.0/20
:0
* IPEXTERNAL ?? 198.172.1((1[2-9])|(2[0-7])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 16Jul2002: funk software spam
#   198.186.160.0/24
:0
* IPEXTERNAL ?? 198.186.160.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 11Oct2001: Blocking "Bid Or Buy, Inc" Australian netblock.
#   209.207.168.199
:0
* IPEXTERNAL ?? 209.207.168.199
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Jul2002: real networks - spam
#   209.210.138.0/24
:0
* IPEXTERNAL ?? 209.210.138.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 16Jul2002: .th block for sex spam
#   202.29.80.0/23
:0
* IPEXTERNAL ?? 202.29.8(0|1).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 27Jul2002: .in block for sex spam
#   202.54.6.0/24
:0
* IPEXTERNAL ?? 202.54.6.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 11Oct2001: Blocking sex site within australianhosting.net netblock.
#   202.56.32.0/20
:0
* IPEXTERNAL ?? 202.56.((3[2-9])|((4|5)[0-9])|(6[0-3])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 25Oct2001: Blocking "Hostworks" netblock because of ticketek newsletters
#   202.58.32.0/20
:0
* IPEXTERNAL ?? 202.58.((3[2-9])|((4|5)[0-9])|(6[0-3])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 23Jul2002: .hk spam
#   202.66.0.0/16
:0
* IPEXTERNAL ?? 202.66.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 25Sep2002: .au education spam
#   202.71.175.0/24
:0
* IPEXTERNAL ?? 202.71.175.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 31Jul2002: .hk spam - salon multimedia centre
#   202.84.237.0/24
:0
* IPEXTERNAL ?? 202.84.237.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 21Aug2002: Quantum Internet - shopfast.com.au spam
#   202.92.112.0/24
:0
* IPEXTERNAL ?? 202.92.112.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 7Aug2002: More .cn "international drivers license"
#   202.98.192/19
:0
* IPEXTERNAL ?? 202.98.((19[2-9])|(2(((0|1)[0-9]))|(2[0-3]))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 08Dec2002: HGH spam coming from here
#   202.99.192.0/19
:0
* IPEXTERNAL ?? 202.99.((19[2-9])|(2(((0|1)[0-9]))|(2[0-3]))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Jul2002: Blocking a home loan spam block in China
#   202.105.0.0/16
#   202.110.0.0/16
:0
* IPEXTERNAL ?? 202.1((05)|(10)).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 29Jul2002: ilink.net in .hk
#   202.123.212.0/24
:0
* IPEXTERNAL ?? 202.123.212.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 12Aug2002: Eastern Telecoms Phils - spam
#   202.164.160.0/19
:0
* IPEXTERNAL ?? 202.164.1(([6-8][0-9])|(9(0|1))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 5Oct2001: Blocking a home loan spam from a Malasian netblock
#   202.188.63.192/28
:0
* IPEXTERNAL ?? 202.188.63.((19[2-9])|(2((0|1)[0-9])|(2[0-3])))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 24Jul2002: apnic spam
#   203.129.240.0/22
:0
* IPEXTERNAL ?? 203.129.24[0-3].(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Jul2002: Blocking msn.com mobile confirmation number spam
#  207.68.174.0/24
#  207.68.162.0/24  hotmail spanish spam
:0
* IPEXTERNAL ?? 207.68.1(62|74).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 27Jul2002: block msn.com for uce newsletter
#  207.82.250.0/24
:0
* IPEXTERNAL ?? 207.82.250.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 29Oct2002: XO communications block
#  207.88.179.0/24
:0
* IPEXTERNAL ?? 207.88.179.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 11Oct2001: Blocking macromedia.com - hosted by concentric.net
#  207.88.221.26
:0
* IPEXTERNAL ?? 207.88.221.26
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 17Jul2002: Mostly .cn and hong kong blocks, apnic
#  210.0.0.0/8
:0
* IPEXTERNAL ?? 210.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Jul2002: some Korea, japan, china namespace
#   211.0.0.0/8
:0
* IPEXTERNAL ?? 211.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 28Jul2005: account security spoofs
#  212.38.143.0/24
:0
* IPEXTERNAL ?? 212.38.143.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 11Oct2001: Spam from "Galactica.it" netblock
#  212.41.208.0/24
:0
* IPEXTERNAL ?? 212.41.208.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 11Aug2002: .ee spam
#  212.47.216.0/21
:0
* IPEXTERNAL ?? 212.47.2((1[6-9])|(2[0-3])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 11Dec2002: some "we want to buy your company" spam
#  212.51.61.0/24
:0
* IPEXTERNAL ?? 212.51.61.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 8Aug2002: .ru spam
#  212.57.128.0/18
:0
* IPEXTERNAL ?? 212.57.1((2(8|9))|([3-8][0-9])|(9(0|1))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 04Sep2002: .cz spam
#  212.71.128.0/18
:0
* IPEXTERNAL ?? 212.71.1((2(8|9))|([3-8][0-9])|(9(0|1))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 7Aug2002: .es spam
#  212.80.128.0/24
:0
* IPEXTERNAL ?? 212.80.128.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 27Jul2002: .gb freeserv block
#  212.100.96.0/24
:0
* IPEXTERNAL ?? 212.100.96.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 04Dec2002: .nl home dsl spam
#  212.120.0.0/16
:0
* IPEXTERNAL ?? 212.120.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 10Oct2002: .ru spam
#  212.122.0.0/16
:0
* IPEXTERNAL ?? 212.122.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 28Sep2002: .it spam
#  212.131.0.0/16
:0
* IPEXTERNAL ?? 212.131.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 4Aug2002: .pl spam
#  212.160.0.0/16
:0
* IPEXTERNAL ?? 212.160.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 28Jul2002: .de spam
#  212.162.12.0/24
:0
* IPEXTERNAL ?? 212.162.12.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Jul2002: online pharmacy spam
#   212.185.119.0/24
:0
* IPEXTERNAL ?? 212.185.119.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 06Dec2002: israel spam, goldenlines.net.il
#   212.199.195.0/24
:0
* IPEXTERNAL ?? 212.199.195.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 6Oct2001: Blocking "Click Precision, S.A." - unconf. opt-in newsletter
#   212.239.56.24/29
:0
* IPEXTERNAL ?? 212.239.56.((2[4-9])|(3([0-1])))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Jul2002: .it spam
#  212.210.234.0/24
:0
* IPEXTERNAL ?? 212.210.234.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 12Oct2001: Blocking Brazilian block because of easysex
#  200.251.139.0/24
:0
* IPEXTERNAL ?? 200.251.139.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 7-Feb-2003: spammer myvirtualdeals.com
#  65.61.189.0/24
:0
* IPEXTERNAL ?? 65.61.189.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 14Oct2001: Blocking Broadwing dialup netblock (Broadwing spam, et al)
#  65.88.144.0/20
:0
* IPEXTERNAL ?? 65.88.1((4[4-9])|(5(0|1))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 17Jul2002: Adanced Photo Marketing, .au spam
#  24Jul2002: Expanding to all of globix
#  209.10.0.0/15
:0
* IPEXTERNAL ?? 209.1(0|1).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Oct2001: Blocking crushlink, in rackspace.com's space.
#  6Aug2002: Try removing it.
#  209.61.154.0/24
#  209.61.191.57, 209.61.155.23
#:0
#* IPEXTERNAL ?? ((209.61.154.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
#(209.61.191.57)|(209.61.155.23))
#{
# EXITCODE=77
# :0
# | ${UCE}
#}
#
# 25Oct2001: Blocking "E-centives"
#  209.67.193.160/28
# But also blocks efax.com (arrgh!) 207.213.246
:0
* IPEXTERNAL ?? 209.67.193.1((6[0-9])|(7[0-5]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 14Aug2002: block SMB Productions - sex spam
#  209.76.164.0/24
:0
* IPEXTERNAL ?? 209.76.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 19Aug2002: block elink communications for spam and nanas posts
#  209.83.168.0/23
:0
* IPEXTERNAL ?? 209.83.16(8|9).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 5Aug2002: block "suite500" in costa mesa for ad360.com spam
#  209.87.144.0/20
:0
* IPEXTERNAL ?? 209.87.1((4[4-9])|(5[0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Oct2001: Blocking sex-central.net, and huge genuity.net block 
#  4.0.0.0/8
# Unfortunately, it blocks spamcop.net too!  Trying sending a
# complaint to genuity about their false DNS record.
# :0
# * IPEXTERNAL ?? 4.[0-9]+
# {
#  EXITCODE=77
#  :0
#  | ${UCE}
# }
#
# 16Oct2001: Blocking "twistedhumor.com" inside cybercon.com
#  216.15.191.128/27
#  66.77.58.0/24
:0
* IPEXTERNAL ?? (216.15.191.1((2(8|9))|((3|4|5)[0-9]))|\
   (66.77.58.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 12Nov2002: spanish spammer
#  208.147.179.0/24
:0
* IPEXTERNAL ?? 208.147.179.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 16Oct2001: Blocking "MessageMedia" inside inflow.com (mm0.com)
#  208.169.22.0/23
:0
* IPEXTERNAL ?? 208.169.2(2|3).[0-9]+
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Jul2002: sex spam
#  208.179.229.0/24
:0
* IPEXTERNAL ?? 208.169.229.[0-9]+
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 7Feb2003: remarkablehost.com
#  208.186.168.0/24
:0
* IPEXTERNAL ?? 208.186.168.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 21Aug2002: bell dialup pool in plano, tx
#  208.188.22.0/23
:0
* IPEXTERNAL ?? 208.188.2(2|3).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 29Aug2002: mail list spam
#  208.179.229.0/24
:0
* IPEXTERNAL ?? 208.179.229.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 04Sep2002: probable new spammer
#  208.214.22.0/24
:0
* IPEXTERNAL ?? 208.214.22.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 31Jul2002: Prime Tel advertising - on spews level2 list
#  208.236.8.0/22
:0
* IPEXTERNAL ?? 208.236.(8|9|1(0|1)).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 5Aug2002: Expanded "Internet Connect" to their entire block
#  208.244.152.0/20
:0
* IPEXTERNAL ?? 208.244.15[2-9].(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 27Jul2002: mortgage spam
#  208.248.234.16/28
:0
* IPEXTERNAL ?? 208.248.234.((1[6-9])|(2[0-9])|(3(0|1)))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 5Aug2002: Blocking Vivendi/Universal-Flipside - spamming iwin.com also
#  208.254.63.0/24
:0
* IPEXTERNAL ?? 208.254.63.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 5Oct2001: Blocking
#  208.254.222.6 mail1.roi1.net (Preapproved Visa card)
:0
* IPEXTERNAL ?? 208.254.222.6
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 16Oct2001: Blocking "angelfire dispatch" inside lycos.com
#  209.202.225.101
#  209.202.225.108 more spam 23Jul2002
:0
* IPEXTERNAL ?? 209.202.225.10(1|8)
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 28Jul2002: chewy.com - bargaindog.com spam
#  66.28.231.0/24
#  63.123.235.0/24
:0
* IPEXTERNAL ?? 6((6.28.231.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\
(3.123.235.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 17Oct2001: Blocking "IME Publishing" for sex adverts.
#  66.40.57.0/24
:0
* IPEXTERNAL ?? 66.40.57.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 17Jul2002: azogle spam in .ca space
#  66.46.150.0/24
:0
* IPEXTERNAL ?? 66.46.150.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 20Nov2002: .uy spam in Global Crossing space
#  67.17.0.0/20
:0
* IPEXTERNAL ?? 67.17.(([0-9])|(1[0-5])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 9Aug2002: PPoX SBC in Plano, TX
#  67.38.0.0/20
# Blocks bugtraq at 66.38.151.19, .27
# :0
# * IPEXTERNAL ?? 66.38.(([0-9])|(1[0-5])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
# {
#  EXITCODE=77
#  :0
#  | ${UCE}
# }
#
# 24Jul2003: lists.superoffers.net listserver spam
#  204.0.142.0/24
:0
* IPEXTERNAL ?? 204.0.143.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 17Oct2001: Blocking "Link Exchange" listbuilder.com
#  204.71.191.0/24
:0
* IPEXTERNAL ?? 204.71.191.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 9Aug2002: iceweb.net spam
#  204.97.4.0/24
:0
* IPEXTERNAL ?? 204.97.4.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 6Aug2002: dump attbi.com into block - clueless users
#  204.127.198.0/24
:0
* IPEXTERNAL ?? 204.127.198.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 25Jul2002: wizcom.com mortgage spam
#  204.152.143.0/24
:0
* IPEXTERNAL ?? 204.152.143.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 25Jul2002: exodus space spam - starwave corp
#  204.202.128.0/20
:0
* IPEXTERNAL ?? 204.202.1((2(8|9))|(3[0-9])|(4[0-3])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 4Oct2001: Blocking "Double Click" netblock for launch.2clk.net
#  204.253.104.0/23
:0
* IPEXTERNAL ?? 204.253.10[4-5].(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Jul2002: patuxent publishing - sex spam ai.net
#  205.134.172.0/24
:0
* IPEXTERNAL ?? 205.134.172.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 18Apr2003: cm02.net bulk emailer
#  205.149.143.0/24
:0
* IPEXTERNAL ?? 205.149.143.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 17Oct2001: Blocking "Quantum Computer Services" myownemail.com
#  207.51.255.192/27
:0
* IPEXTERNAL ?? 207.51.192.((19[2-9])|(2(((0|1)[0-9])|(2[0-3]))))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 18Oct2001: Blocking "global hyperlink" sex mail
#  209.202.80.0/23
:0
* IPEXTERNAL ?? 209.202.8(0|1).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 8Aug2002: block inglesa.net for spam with "atomicDOT" tracer in it
#  209.234.155.0/24
:0
* IPEXTERNAL ?? 209.234.155.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 19Oct2001: Blocking "bventure-net" monographias newsletter
#  212.239.17.0/24
:0
* IPEXTERNAL ?? 212.239.17.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 03Nov2005:
#  220.116.204.0/24
:0
* IPEXTERNAL ?? 220.116.204.((0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 14Jul2005:
#  212.70.52.0/24
:0
* IPEXTERNAL ?? 212.70.52.((0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 31Oct2005: spam
#  222.172.145.0/24
:0
* IPEXTERNAL ?? 212.172.145.((0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 03Nov2005: spam from pandasoftware.es
#  212.170.234.0/24
:0
* IPEXTERNAL ?? 212.170.234.((0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 03Nov2005: spam 
#  222.50.101.0/24
:0
* IPEXTERNAL ?? 222.50.101.((0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 03Nov2005: spam 
#  219.157.219.0/24
:0
* IPEXTERNAL ?? 219.157.219.((0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 03Nov2005: spam 
#  61.51.127.0/24
:0
* IPEXTERNAL ?? 61.51.127.((0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 19Jul2005:
#  83.112.82.0/24
:0
* IPEXTERNAL ?? 83.112.82.((0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 20Jul2005:
#  58.35.93.0/24
:0
* IPEXTERNAL ?? 58.35.93.((0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 28Sep2002: .my spam
#  219.92.0.0/15
:0
* IPEXTERNAL ?? 219.9(2|3).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 24Jul2002: korea .kr
#  219.240.0.0/15
:0
* IPEXTERNAL ?? 219.24(0|1).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 28Oct2001: Blocking "ION Entertainment" for sexrave.com
#  4.19.93.128/25
:0
* IPEXTERNAL ?? 4.19.93.(((12[8-9])|(1[3-9][0-9]))|(2[0-5][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 23Jul2002: Blocking "OCDD Data" sex spam
#  4.38.38.0/24
:0
* IPEXTERNAL ?? 4.38.38.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 31Oct2001: Blocking austrialian microsoft newsletters
#  207.46.239.0/24
:0
* IPEXTERNAL ?? 207.46.239.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 11Nov2002: "AppliedTheory Communications" - humornetwork.com spam - sprint
#  207.127.97.0/24
# Note: Sun forum is at 207.127.128.64 so be careful about expanding this block
:0
* IPEXTERNAL ?? 207.127.97.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 25Jul2002: look communications - .ca spam
#  207.136.64.0/18
:0
* IPEXTERNAL ?? 207.136.((6[4-9])|([7-9][0-9])|(1(((0|1)[0-9])|(2[0-7])))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 28Mar2003 Monster Pipes - wael_fakry@arabia.com spam
#  207.142.132.0/24
:0
* IPEXTERNAL ?? 207.142.132.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 31Aug2002: toner cart spam
#  207.158.132.0/24
:0
* IPEXTERNAL ?? 207.158.132.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 16Oct2002: spam from gamespy industries
#  207.38.0.0/23
:0
* IPEXTERNAL ?? 207.38.(0|1).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 18Jul2002: spam inside att.ca space
#  207.245.11.218
:0
* IPEXTERNAL ?? 207.245.11.218
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Jul2002: Blocking "Premire Technology" for 3G Wireless spam
#  205.183.255.0/24
# Taking out - filters news.randori.com 209.155.82.53
:0
* IPEXTERNAL ?? 205.183.255.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 15Jul2002: Blocking eisners - loan spam
#  205.238.220.0/24
:0
* IPEXTERNAL ?? 209.238.220.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 16Jul2002: Blocking ciberlynx
#  205.244.68.0/22
#  205.244.94.0/23
:0
* IPEXTERNAL ?? 209.244.((6(8|9))|(7(0|1))|(9(4|5))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 9Aug2002: direct-to-MX spam from .ar
#  209.13.0.0/16
:0
* IPEXTERNAL ?? 209.13.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 30Oct2001: Blocking "etracks.com" etracks.com
#  209.19.106.0/24
:0
* IPEXTERNAL ?? 209.19.106.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 16Nov2001: Blocking "Net Atlantic" spammmer relay.netatlantic.com
#  140.239.165.176/28
#  209.113.172/24
:0
* IPEXTERNAL ?? (140.239.165.((17[6-9])|(18[0-9])|(19(0|1))))|\
(209.113.172.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 20Aug2002: bluenile.com in level3
#  209.247.86.0/24
:0
* IPEXTERNAL ?? 209.247.86.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 09Oct2002: some foreign spam
#  145.228.80.0/24
:0
* IPEXTERNAL ?? 145.228.80.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 28Jul2002: callnet - ontario .ca spam
#  149.99.202.0/24
:0
* IPEXTERNAL ?? 149.99.202.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 04Feb2004: book spam
#  [66.81.51.243])
:0
* IPEXTERNAL ?? 66.81.51.243
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
# 11Jul2002: "Telstra Internet AU" bigpond.com spam
#  144.135.0.0/16
#  144.137.0.0/16
#  144.139.0.0/16
#  144.140.0.0/16
:0
* IPEXTERNAL ?? 144.(\
(1((3(5|7|9))|(40)).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))))
{
 EXITCODE=77
 :0
 | ${UCE}
}
#
#
# VERBOSE=off
# 
# First, dump these guys, as I've received too much junk
# from them.
:0
* ^From.+((civics@geocities\.com)|(hinet\.net\.au)|(xoom\.com)|(battleofthesexes\.com)|(Presidnt-d*@d-int-*\.com)|(tripod\.com)|(cdsid\.com\.br)|(clic\.net)|(mailxxxpress\.com)|(krycek\.emailpub\.com)|(hotgames\.com)|(Friend@public\.com)|(chatcity\.com\.au)|(telepolis\.com)|(netgate\.com\.uy)|(jbwere\.com\.au)|(JORGE\.PIGNATARO@ROCHE\.COM)).*
{
  EXITCODE=77
  :0c
  * < 60000
  $HOME/mailbackup/rejected
  :0ic
   | "cd $HOME/mailbackup/rejected && rm \-f dummy `ls \-1t msg.* | sed \-e 1,80d`"
  :0
    | ${UCE}
}
:0
* ^From.+((UNKNOWN)|(togglethis\.com)|(NARRAMEHEFACTUM@email\.msn\.com)|(dailydirt\.com)|(fgomez@conrad\.com\.uy)|(bluemountain\.com)|(sinectis\.com\.ar)|(DIGITALRIVER\.COM)|(askjasmine\.com)|(infobeat\.com)|(theglobe\.com)|(movinet\.com\.uy)|(netlife\.co\.ae)|(peacefire\.org)|(ringtone\.com)|(programacion@conciertofm.com)).*
{
 EXITCODE=77
  :0c
  * < 60000
  $HOME/mailbackup/rejected
  :0ic
   | "cd $HOME/mailbackup/rejected && rm \-f dummy `ls \-1t msg.* | sed \-e 1,80d`"
  :0
    | ${UCE}
}
#
:0
* ^Subject.+((Virtual Flower Bouquet)|(WBS Newsletter)).*
{
 EXITCODE=77
  :0c
  * < 60000
  $HOME/mailbackup/rejected
  :0ic
   | "cd $HOME/mailbackup/rejected && rm \-f dummy `ls \-1t msg.* | sed \-e 1,80d`"
  :0
    | ${UCE}
}
#
# Start archiving stuff that comes in.
:0c:
 $HOME/mailbackup/all.email
# 
# Allow some non-standard stuff in.
#
# 17-May-2005 SEP: I think I need to specifically assign $MAIL,
# or it's set to blank in here.
MAIL=/var/spool/mail/scottp
:0w: procmail.lock
* ^TO.*((craigslist.org)|(CMPLISTS\.CMP\.COM)|(MAILER-DAEMON)).*
 $MAIL

# 10Aug2001: Trying not to bounce MAILER-DAEMON@rahul.net emails!
:0w: procmail.lock
* ^FROM_MAILER
 $MAIL
:0: procmail.lock
* ^Subject.+Windows NT.*
 $MAIL
# 4-Dec-2002: Some spammer forging "From: admin@fastlink.com" and
#  the "To: " lines to various people, so I spam :(
:0:
* ()\/^From.+(admin@fastlink.com).*
 $MAIL
#
# Special pass rule; some of these people don't format
# their messages properly.
#
:0:
* ()\/^From.+((hos.com)|(niteowl)|(varbiz)|(Jantelope)|(tips@tipworld.com)|(art@tape.com)|(duncanetal)|(dawnie)|(support@rahul.net)|(scottp@rahul.net)|(MAILER-DAEMON@rahul.net)).*
 $MAIL

:0:
* ()\/^From:.+(support@rahul.net).*
 $MAIL

:0
* ^X-Loop: auto-filter@fastlink.com
  /dev/null

#
# New, 2-22-98:  Bounce email not addressed to spackard, sales, or info.
# Mod, 17-Jul-2002: If it has a "from" (sales|spackard)@fastlink.com, then filter.
:0: procmail.lock
* !^FROM.*((mmaille@cartalk\.com)|(anchordesk@email\.zdlists\.com)|(listserv\.acura\.com)|(a2i)|(shelob.julianhaight.com)|(mozilla\.org)).*
* !^TO.+((((admin|postmaster|webmaster|abuse|spam|development|spackard|hiscott|info|sales|talkback|scottp)\@fastlink.com)|(scottp@rahul.net)|ssharma|(anchordesk@EMAIL\.ZDLISTS\.COM)|cartalk\-pfn@fastlink.com)|(acuralist@listserv.acura.com)).*
* !^Received:\/.+for \<(sales|admin|postmaster|webmaster|abuse|spam|development|spackard|hiscott|info|talkback|scottp)@fastlink.com\>.+
* !^Received:\/.+for \<scottp@rahul.net\>.+
  {
  :0c
  * < 60000
    $HOME/mailbackup/rejected
  :0ic
   | cd $HOME/mailbackup/rejected && rm \-f dummy `ls \-1t msg.* | sed \-e 1,80d`
#  :0c
#   | formail -bkcrt -A 'X-Loop: auto-filter@fastlink.com' -A 'X-foobar: foobar' \
#     -i 'From:' -i 'X-Sender:' -i 'Received:' -i 'X-Return-Path:' \
#     -i 'Content-Type:' -i 'Date:' \
#   | perl -pi -e "s/^X-foobar: foobar/There's nobody by that name in the fastlink.com domain.\nYou probably meant to send this to fastlink.com.au, fastlink.net, or\nfastlink.com.jo.\nThis message has been automatically generated, though a human being did create it.\nRegards, Admin  001 /" \
#   | perl -pi -e "s/^From:.*/From: admin\@fastlink.com/" \
#   | /usr/sbin/sendmail
  :0
    | ${UCE}
  }
#
# Last, keep the rest, as the "bounce" rule should have
# filtered out all the non-packard email.
:0c
* < 60000
$HOME/mailbackup
:0c
 | cd $HOME/mailbackup && rm \-f dummy `ls \-1t msg.* | sed \-e 1,80d`
:0: procmail.lock
 /var/spool/mail/scottp