# 8-25-97 Don't forget each recipe starts with ":0" !!! # # Procmail's expressions are completely compatible with egrep's expressions. # "sed" only uses Basic Regular Expressions, which differ substantially. # # For rules, ".*" matches any sequence of chars, except a newline # "* " starts a rule. The asterick has NO special meaning there. # "^" matches the start of a line # # Exit Codes # (from /usr/include/sysexits.h ) # Number Reason # 67 No User # 68 No Host # 77 Permission Denied # # Note: $LINEBUF defaults to 2048 characters. This is the "length # of the internal line buffers". # # 1-14-2000: Block all of telepolis.com. Started getting "weekend" spam. # 1-19-2000: Block all of theglobe.com. # 3-21-2000: Trying to block ivillage.com. They don't send email out # with valid headers. ...can't unsubscribe! Wrote exodus.net # to ask them for their help. # 3-29-2000: Rewriting formail options. # I also prevented a pipe from starting in col.1 of a bounce rule. # 4-24-2000: Moved to waltz.rahul.net. # 5-12-2000: Added -c to formail scripts. # Commented out formail rule that inserts good "From " header, # as for some reason it strips out a good "From " header now that # I moved to rahul.net, and won't put it back in. # 5-16-2000: Removed hotmail blocks, as they are now blocked with a2i's nojunk. # 30Jan2001: Added "MAILER-DAEMON@rahul.net" to allow list, as it seems # to get trashed otherwise. # 19Feb2001: Added -bk to formail rules so body would bounce intact. # 23Feb2001: Body bounces, but "There's nobody...." msg is appended to end. # I'm rewriting formail filter to insert custom header first time through, # then replace that header with "There's nobody...." msg. 2nd time through. # 4-10-2001: Added two filters to direct junk email that has an # Nojunk status line to two different email boxes. # 5-4-2001: Adding sshartma@fastlink.com - Receives satellite today subscription. # 22May2001: Trying to add some RBL capacity. From www.waltdnes.org # The scripts are pretty complicated. Hope they work out of the box. # 16Jul2001: ORBS going to subscription based. www.orbl.org opened. # Inserted code to query orbl. # Moved the archive email part of this rc from being immediately after # These comments to after the lookups of spam, as I'm tired of seeing # all the archived spam. # 31Jul2001: Seriously rewrote the recipies. Many new odd behaviours of # procmail discovered. Put in "SHELL=/bin/sh" because it has been stated # procmail doesn't work with csh or its variants. # 13Aug2001: Addeed a line to catch an email that is "for " # because smartertimes mail list emails were being bounced. I need to watch # what is let in that is undesired, however. # 27Sep2001: Added a check here and to rcvdrc2 to catch email coming from # an email server that doesn't have a known hostname. # 3Oct2001: Implementing IP-based filters here. I thought .nojunk.patterns was # catching it, but I now realize that only works for non-fastlink email. # 15Oct2001: orbl.org appears dead and delisted from DNS. # 19Oct2001: Fixed broken X-Loop rule. It was matching *any* X-Loop, # causing some valid stuff to bounce. # 31-Jul-2002: Adding formail.relays.monkeys.com to stop formmail.cgi stuff. # 26-Nov-2002: a2i switching mail delivery to mauve or violet. # 13-Dec-2002: a2i now processing email in linux, so no more "nslookup". # Use "host" instead. # 18-May-2004: There are now so many spam proxies that I'm taking out # the nice formail "no such user" reply. Too many of these are sent # to innocent victims. # 22-Jan-2007: Took out formail.relays.monkeys.com - it blocked gmail.com # email and it went 100% matching on 3/15/2004! # 22-Jan-2007: Changed bl.reynolds.net.au to dnsbl.net.au - they changed # their name 1-Mar-2006! # 22-Jan-2007: Removed opm.blitzed.org. Project ended May 2006! # 22-Jan-2007: flowgoaway.com seems to have gone away. # # SHELL=/bin/sh NL=" " # VERBOSE=on LOGFILE=$HOME/procmail.logfile LOG="Just a debug line.$NL" # rejected senders go into folder 'badguys' :0: procmail.lock * ^X-Nojunk-Status: RH Mail/badguys # all other rejects go into folder 'scams' :0: procmail.lock * ^X-Nojunk-Status: (RS|RB|RT) Mail/scams # # allow mozilla.org in :0: procmail.lock * ^FROM.*nobody@mozilla\.org.* /var/spool/mail/scottp # 25Aug2003 Block Sobig virus :0 * ^X-MailScanner: Found to be clean { LOG="Another Sobig virus caught." :0 /dev/null } # 20Sep2003: Block Sven worm which disguises itself as a Windows # security update. :0 * > 140000 * < 165000 { :0 BD * b3IAAABBZG1pbgAAAEdFVCBodHRwOi8vd3cyLmZjZS52dXRici5jei9iaW4vY291bnRlci5naWYv /dev/null } # 04Mar2004 spammer who gives return address as arbitrary yahoo.com addr # Somebody on linuxquestions.org says it's the MyDoom virus, forging # admin@fastlink.com as the "From: " addressor :0 * ^X-Return-Path: .*yahoo.com.* { LOG="Another yahoo.com spam." :0 /dev/null } # # Check the blocking lists (DUL/ORBS/RBL/RSS). # The variable IPEXTERNAL is initialised as "XXXXXX". # If it isn't changed after the lookups, we assume that the email is internal, and do not check. # This is what avoids running DUL and DSSL against your ISP's dialups when # another user at your ISP emails you. # Note the "(.*$)+" which allows multiple linefeeds. This allows matching # *EVEN IF THERE ARE OTHER INTERVENING HEADERS*, such as "From:". FINALPATTERN # is the tail end of the matching pattern that is used only on the # "Received: from" header immediately below the handoff to your ISP. This # catches mailer software like SMI-8.6, which doesn't list incoming IP addresses. # TMP=`pwd` PATH=/local/scripts:/local/bin:/bin:/usr/bin:/sbin:/usr/sbin:$TMP/bin:.:/usr/local/bin # VERBOSE=on # LOGABSTRACT=all WSPC = " " # space + tab SPC = "[$WSPC]" # regexp whitespace, the short name # SPC was chosen because you use this # a lot in condition lines. NSPC = "[^$WSPC]" # negation of whitespace IPEXTERNAL="XXXXXX" # INSERT="Received: from.\*.*[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+.*\](.*$)+" # RAHUL="(.*$)+Delivered-To.+scottp@rahul.net(.*$)" # RAHUL="(.*$)+Received: by (.*$)" FINALPATTERN="()\/Received: from.*" # PATTERN="()\/Received: from.*\[.*[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+.*\].*" UCE="uce.pl" # :0 # Dump my ISP's preamble, then # Look at first "Received: from" line, grab the line. *$ ${RAHUL}${FINALPATTERN} { NEXTHEADER=${MATCH} :0 * IPEXTERNAL ?? XXXXXX * NEXTHEADER ?? Received: from .*\[.*\].*by.* # Now go find the IP addr in the "Received: from" line. { INCLUDERC=rcvdrc2 } # # Having returned from rcvdrc2, IPEXTERNAL will be set to the IP addr that sent # the email, or to XXXXXX if not found. Proceed further if an IP addr has # been found. :0 *$!IPEXTERNAL ?? XXXXXX { # # Decompose the IP address in IPEXTERNAL into its 4 parts and # reverse the order as expected by DNS-based lookup lists. :0 * IPEXTERNAL ?? ()\/[0-9]+ { QUAD1=$MATCH :0 * IPEXTERNAL ?? [0-9]+\.\/[0-9]+ { QUAD2=$MATCH :0 * IPEXTERNAL ?? [0-9]+\.[0-9]+\.\/[0-9]+ { QUAD3=$MATCH :0 * IPEXTERNAL ?? [0-9]+\.[0-9]+\.[0-9]+\.\/[0-9]+ { REVERSED="${MATCH}.${QUAD3}.${QUAD2}.${QUAD1}" # # Capture the output of an "host" query into the var NSLOOKUP. # If it contains the "magic number" (127.0.0.3 for DUL and # 127.0.0.2 for other lists) slap on an X-Reject: header. # Next 4 groups check and report on DUL, ORBS, RBL, and RSS. # orbz.org is dead. Replaced with dsbl.org. # Debug LOG="Reversed dotted quad is: ${REVERSED}${NL}" # 20Aug2003: Special go-to-hell for maktoob.net 1 per 2 second email bounces. :0 *$IPEXTERNAL ?? 195.172.126.104 { EXITCODE=77 :0 /dev/null } # special exception for reporting geocities abuse. :0 *$IPEXTERNAL ?? 66.218.69.([0-9]) { :0: procmail.lock /var/spool/mail/scottp } # 7-Aug-2003: Special exception for dyndns.org :0 *$IPEXTERNAL ?? 66.151.188.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { :0: procmail.lock /var/spool/mail/scottp } # I think rahul's support emails bounce because they originate # from localhost. Let me pre-accept 127.0.0.1 :0 *$IPEXTERNAL ?? 127\.0\.0\.1 { :0: procmail.lock /var/spool/mail/scottp } # preaccept www.donotcall.gov :0 *$IPEXTERNAL ?? 218.196.16.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { :0: procmail.lock /var/spool/mail/scottp } # preaccept smtp802.mail.sc5.yahoo.com (Jacecko mail output server) :0 *$IPEXTERNAL ?? 66.163.168.181 { :0: procmail.lock /var/spool/mail/scottp } NSLOOKUP=`host ${REVERSED}.list.dsbl.org` :0 *$NSLOOKUP ?? 127\.0\.0\.2 { LOG="Rejected: ${IPEXTERNAL} See dsbl.org" :0 | ${UCE} } NSLOOKUP=`host ${REVERSED}.multihop.dsbl.org` :0 *$NSLOOKUP ?? 127\.0\.0\.2 { LOG="Rejected: ${IPEXTERNAL} See dsbl.org" :0 | ${UCE} } NSLOOKUP=`host ${REVERSED}.dnsbl.njabl.org` :0 *$NSLOOKUP ?? 127\.0\.0\.(2|3) # 2 = open relays and direct spam sources # 3 = dial-up IP ranges { LOG="Rejected: ${IPEXTERNAL} See http://njabl.org" :0 | ${UCE} } NSLOOKUP=`host ${REVERSED}.orbz.gst-group.co.uk` :0 *$NSLOOKUP ?? 127\.0\.0\.2 { LOG="Rejected: ${IPEXTERNAL} was in INPUTS orbz.gst-group.co.uk output list." :0 | ${UCE} } :0 *$NSLOOKUP ?? 127\.0\.0\.3 { LOG="Rejected: ${IPEXTERNAL} was in OUTPUTS orbz.gst-group.co.uk input list." :0 | ${UCE} } :0 *$NSLOOKUP ?? 127\.0\.0\.9 { LOG="Rejected: ${IPEXTERNAL} was in REFUSES POSTMASTER EMAIL orbz.gst-group.co.uk postmaster list." :0 | ${UCE} } NSLOOKUP=`host ${REVERSED}.dialups.mail-abuse.org` :0 *$NSLOOKUP ?? 127\.0\.0\.3 { LOG="Rejected: ${IPEXTERNAL} was in DUL (mail-abuse.org)." :0 | ${UCE} } NSLOOKUP=`host ${REVERSED}.blackholes.mail-abuse.org` :0 *$NSLOOKUP ?? 127\.0\.0\.2 { LOG="Rejected: ${IPEXTERNAL} was in blackholes.mail-abuse.org." :0 | ${UCE} } NSLOOKUP=`host ${REVERSED}.dnsbl.net.au` :0 *$NSLOOKUP ?? 127\.0\.0\.2 { LOG="Rejected: ${IPEXTERNAL} was in dnsbl.net.au. Open Socks Proxy Server." :0 | ${UCE} } NSLOOKUP=`host ${REVERSED}.bl.spamcop.net` :0 *$NSLOOKUP ?? 127\.0\.0\.2 { LOG="Rejected: ${IPEXTERNAL} was in bl.spamcop.net." :0 | ${UCE} } # # And since we're checking for relays, lets check for the (in)famous SMI-8.6 and # SGI.8.X anonymizing open relays. Note that only the header immediately below the # handoff header is checked. This filter does not punish responsible netizens who # have gone to the trouble of putting up a non-relaying firewall machine # in front of their SMI-8.6 machine. # # Check my private list of open-relays. # INCLUDERC=open-relays :0 * NEXTHEADER ?? Received: from.*by.*(SMI-8\.6|SGI\.8\.[6-8]) { LOG="Rejected: ${IPEXTERNAL} was received direct from insecure SMI or SGI 8.6 system." :0 | ${UCE} } }}}}}} # :0 # IS_UNKNOWN ?? "" # { # LOG="Rejected: Your email server has no domain name registered." # } # Debug # VERBOSE=on # LOGABSTRACT=all # # 08Dec2002: at&t spamming server # 24.61.15.0/24 :0 * IPEXTERNAL ?? 24.61.15.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 4Aug2002: rr.com spam # 24.93.216.0/24 :0 * IPEXTERNAL ?? 24.93.216.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 30Nov2002: .ca spam # 24.201.61.0/24 :0 * IPEXTERNAL ?? 24.201.61.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 4Aug2002: .ar spam # 24.232.0.0/20 :0 * IPEXTERNAL ?? 24.232.(([0-9])|(1[0-5])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 29Dec2002: .rr spam # 24.242.9.0/24 :0 * IPEXTERNAL ?? 24.242.9.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 25Jul2002: .bo spam # 63.65.11.0/24 :0 * IPEXTERNAL ?? 63.65.11.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 19Jul2002: uunet block - rootsweb.com, myfamily.com spam # 63.92.88.0/22 :0 * IPEXTERNAL ?? 63.92.((8(8|9))|(9(0|1))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 30Jul2002: uunet block - match.com, inc. # 63.99.232.0/25 :0 * IPEXTERNAL ?? 63.99.232.(([0-9])|([0-9][0-9])|((1((0|1)[0-9])|(2[0-7])))) { EXITCODE=77 :0 | ${UCE} } # # 23Jul2002: "North Sky" spam - aboutws.com # 63.108.71.0/24 :0 * IPEXTERNAL ?? 63.108.71.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 11Jul2002: Blocking "pickle technologies" in Irvine for spam # 63.116.212.0/23 :0 * IPEXTERNAL ?? 63.116.21(2|3).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 17Oct2001: Blocking "Monster.com" fastweb.com # 63.121.30.161 :0 * IPEXTERNAL ?? 63.121.30.161 { EXITCODE=77 :0 | ${UCE} } # # 4Oct2001: Blocking "Lions Pride Enterprises" netblock for em5000.com. # 63.146.120.128/27 # 31Jul2002: Try uncommenting this, not in spews. #:0 #* IPEXTERNAL ?? 63.146.120.((12[8-9])|(1[3-5][0-9])) #{ # EXITCODE=77 # :0 # | ${UCE} #} # # 5Oct2001: Blocking "Internet Fulfilment(sic)" from naughtytoyshop.com # 63.207.179.0/24 :0 * IPEXTERNAL ?? 63.207.179.(([0-9])|([0-9][0-9])|((1|2)[[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 27Oct2002: www.xxxpostoffice.com inside Level3 # 63.215.143.0/24 :0 * IPEXTERNAL ?? 63.215.143.(([0-9])|([0-9][0-9])|((1|2)[[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 05Sep2002: cais internet - horny-4-you.com spam # 63.218.227.0/24 :0 * IPEXTERNAL ?? 63.218.227.(([0-9])|([0-9][0-9])|((1|2)[[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 16Aug2002: New randbad block # 63.219.150.0/23 :0 * IPEXTERNAL ?? 63.219.15(0|1).(([0-9])|([0-9][0-9])|((1|2)[[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 22Aug2002: International Travel - buy this for $500 spam # 63.226.30.192/28 :0 * IPEXTERNAL ?? 63.226.30.((19[2-9])|(2[0-7])) { EXITCODE=77 :0 | ${UCE} } # # 24Jul2002: Heartland America - unsub'ed list server # 63.226.159.48/28 :0 * IPEXTERNAL ?? 63.226.159.((4(8|9))|(5[0-5])) { EXITCODE=77 :0 | ${UCE} } # # 29Jul2002: gekcosoftware.com spam inside US Worst block # 63.230.15.0/24 :0 * IPEXTERNAL ?? 63.230.15.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 18Oct2001: Blocking "Take Two Int. Soft." unconf. opt-in listserver # 63.237.158.32/28 :0 * IPEXTERNAL ?? 63.237.158.((3[2-9])|((4|5)[0-9])|(6[0-3])) { EXITCODE=77 :0 | ${UCE} } # # 13Aug2002: www.golf.com spam # 63.238.152.0/24 :0 * IPEXTERNAL ?? 63.238.152.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 8Oct2001: Blocking Blue Mountain ecards (bmarts.com). Sits on cerf.net # 63.241.62.44, 47, 49 :0 * IPEXTERNAL ?? 63.241.62.4(4|7|9) { EXITCODE=77 :0 | ${UCE} } # # 08May2003: "slks inc" spam # 63.251.54.64/27 :0 * IPEXTERNAL ?? 63.251.54.((6[4-9])|((7|8)[0-9])|(9[0-5])) { EXITCODE=77 :0 | ${UCE} } # # 30Nov2002: etracks.com spam # 63.251.59.0/24 :0 * IPEXTERNAL ?? 63.251.59.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 17Jul2002: spam within verio # 64.0.132.10 :0 * IPEXTERNAL ?? 64.0.132.10 { EXITCODE=77 :0 | ${UCE} } # # 25Jul2002: hotmail nonsense # 64.4.8.0/24 # 64.4.9.0/24 # 64.4.12.252 # 64.4.14.94 # 64.4.15.0/24 # 64.4.19.209 # 64.4.21.0/24 # 64.4.23.0/24 # 64.4.33.214 # 64.4.36.195 # 64.4.37.0/24 # 209.185.241.0/24 # 216.33.241.192 :0 * IPEXTERNAL ?? ((64.4.((12.252)|(14.94)|(19.209)|(33.214)|(36.195)|\ (8.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (9.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (15.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (2(1|3).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (37.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))))|\ (209.185.241.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (216.33.241.192)) { EXITCODE=77 :0 | ${UCE} } # # 09Oct2002: Warner Music Australia (in AOL block # 64.12.33.0/24 :0 * IPEXTERNAL ?? 64.12.33.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 21Aug2002: adpro solutions spam in glendale # 64.14.199.48/28 # 64.14.199.0/28 3-Sep-2002 :0 * IPEXTERNAL ?? 64.14.199.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 21Aug2002: mailmetoday.com - free email server but not much cust. svc. # 64.14.239.225 :0 * IPEXTERNAL ?? 64.14.239.225 { EXITCODE=77 :0 | ${UCE} } # # 10Oct2002: lobsterhost.com inside cybercon # 64.37.108.0/24 :0 * IPEXTERNAL ?? 64.37.108.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 09Oct2002: workdaydeals.net in rackspew # 64.49.237.0/24 :0 * IPEXTERNAL ?? 64.49.237.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 26Sep2002: thesuperspecialdeals.com in rackspew # 64.49.243.0/24 :0 * IPEXTERNAL ?? 64.49.243.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 03Dec2002: elphnet.com spam, et al # 64.49.251.0/24 :0 * IPEXTERNAL ?? 64.49.251.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 23Oct2002: travelzoo.com - inside exodus # 64.56.194.0/24 :0 * IPEXTERNAL ?? 64.56.194.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 11Nov2002: "Blue Gravity Communications" # 64.57.64.0/19 big block but they don't say how they've reallocated it. :0 * IPEXTERNAL ?? 64.57.((6[4-9])|((7|8)[0-9])|(9[0-5])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 21Apr2003: 3wcorp - marketing spam # 64.88.128.0/19 :0 * IPEXTERNAL ?? 64.88.1((2(8|9))|((3|4|5)[0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 26Sep2002: run1.hsm-mailerdirect.com in C&W space # 64.70.20.0/24 # 64.70.44.0/24 :0 * IPEXTERNAL ?? 64.70.(20|44).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 6Oct2001: Blocking "SkyNet" from slygreetings.com # 64.23.55.0/25 # 64.23.32.200/29 # 64.23.66.192/26 :0 * IPEXTERNAL ?? 64.23.((55.(([0-9])|([0-9][0-9])|(1[0-1][0-9])|(12[0-7])))|\ (66.((19[2-9])|(2[0-5][0-9])))|\ (32.20[0-7])) { EXITCODE=77 :0 | ${UCE} } # # 18Aug2002: highspeedmedia.com spammer # 64.27.110.0/24 (but hispeed only shows 64.27.64.0 - 64.27.127.255) :0 * IPEXTERNAL ?? 64.27.110.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 6Aug2002: highspeedmedia.com spammer # 64.32.35.0/24 :0 * IPEXTERNAL ?? 64.32.35.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 31Oct2001: "Hostway Corporation" because of quizyourfriends.com/siteprotect.com # 64.41.64.0/24 # 64.41.179.0/24 IGN Entertainment, in exodus space :0 * IPEXTERNAL ?? 64.41.(64|179).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 10Feb2003: dataoffers.com spam # 65.18.184.0/24 :0 * IPEXTERNAL ?? 65.18.184.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 16Jul2002: some comcast spammer # 68.48.216.0/24 :0 * IPEXTERNAL ?? 68.48.216.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 10Jun2003: nevada cox spammer # 68.100.169.0/24 :0 * IPEXTERNAL ?? 68.100.169.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 20Dec2002: optin spam, inside charter communications # 68.114.114.0/24 :0 * IPEXTERNAL ?? 68.114.114.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 19Jul2002: Netblock for some rackspace spew # 6Aug2002: Try removing it. # 64.49.23.0..31.255 #:0 #* IPEXTERNAL ?? 64.39.((2[3-9])|(3(0|1))).[0-9]+ #{ # EXITCODE=77 # :0 # | ${UCE} #} # # 11Jul2002: "smartweb" - spam from linkgift.com # 64.57.212.0/24 :0 * IPEXTERNAL ?? 64.57.212.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 7Oct2001: Netblock for rush2win.com in Exodus IP space. # 64.69.168.64/29 :0 * IPEXTERNAL ?? 64.69.168.((6[4-9])|(7(0|1))) { EXITCODE=77 :0 | ${UCE} } # # 11Jul2002: Blocking "outerspacegames.com" - exodus space # 64.70.1.64/28 :0 * IPEXTERNAL ?? 64.70.1.((6[4-9])|(7[0-9])) { EXITCODE=77 :0 | ${UCE} } # # 21Aug2002: Blocking all of hispeed hosting space # 64.106.128.0/18 :0 * IPEXTERNAL ?? 64.106.1((2(8|9))|([3-8][0-9])|(9(0|1))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 09Oct2002: spammer inside level3 # 64.156.210.0/24 :0 * IPEXTERNAL ?? 64.156.210.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 15Jul2002: italian mortgage spammer # 80.16.0.0/16 :0 * IPEXTERNAL ?? 80.16.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 02-Feb-2005: .ru sending koi-8 email # 80.178.18.0/24 :0 * IPEXTERNAL ?? 80.178.18.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 02-Feb-2005: .ru sending koi-8 email # 81.9.34.0/24 :0 * IPEXTERNAL ?? 81.9.34.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 03-Feb-2005: korean "big-5" spam # 219.81.136.0/24 # 216.164.131.0/24 # 83.198.156.0/24 :0 * IPEXTERNAL ?? 21((9.81.136.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (6.164.131.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (83.198.156.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))) { EXITCODE=77 :0 | ${UCE} } # # 7Aug2002: .es sex spammer (dialup "adu1t site") # 80.34.0.0/16 :0 * IPEXTERNAL ?? 80.34.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 24Jul2003: spam from 80.46.156.1 # 80.46.156.0/24 :0 * IPEXTERNAL ?? 80.46.156.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 19Nov2002: .cz spam # 80.83.64.0/20 :0 * IPEXTERNAL ?? 80.83.((6[4-9])|(7[0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 25Jul2002: some fastlink.com.jo misdirected email # 80.90.160.0/22 :0 * IPEXTERNAL ?? 80.90.16[0-4].(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 07Oct2002: twelvehorses.com and others in Ireland # 80.93.2.0/24 :0 * IPEXTERNAL ?? 80.90.2.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 18Jul2002: sex spam with fastlink.com addrs in from and to - .it # 80.206.225.0/24 :0 * IPEXTERNAL ?? 80.206.225.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 17Jul2002: sex spam with fastlink.com addrs in from and to # 80.208.58.0/24 :0 * IPEXTERNAL ?? 80.208.58.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # 25Jul2002: .it spam # 151.1.0.0/16 :0 * IPEXTERNAL ?? 151.1.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # 15Jul2002: adult block inside verio - mach 10 hosting # 157.238.56.0/21 # 157.238.138.0/24 # 198.87.241.0/24 :0 * IPEXTERNAL ?? 1(57.238.((5[6-9])|(6[0-3])|(138)).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))|\ (98.87.241.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))) { EXITCODE=77 :0 | ${UCE} } # # 29Oct2002: eircom Ireland - unresponsive # 159.134.0.0/16 :0 * IPEXTERNAL ?? 159.134.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 29Feb2003: toner cartridge spam # 170.208.0.0/24 :0 * IPEXTERNAL ?? 170.208.0.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 15Oct2002: ISP w/o AUP. # 209.217.0.0/18 :0 * IPEXTERNAL ?? 209.217.(([0-9])|([1-5][0-9])|(6[0-3])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # 30Sep2001: Netblock for advertising.com/inyouremail.com Spew for # hosted by Exodus. Ignoring all spamcop.net complaints. # 209.225.6.96/27 209.225.34.79 :0 * IPEXTERNAL ?? 209.225.6.((9[6-9])|(1(([0-1][0-9])|(2[0-7])))) { EXITCODE=77 :0 | ${UCE} } # 1Oct2001: Another netblock for advertising.com/inyouremail.com Spew for # hosted by Exodus. Ignoring all spamcop.net complaints. # 209.225..0.0..209.225.95.255 # FYI 209.225.54.64/26 egreetings.com using links to www.imgegrt.com # and ads.adsag.com (209.225.54.97 and 209.225.54.119) in this space. 20-Nov-02 :0 * IPEXTERNAL ?? 209.225.(([0-8][0-9])|(9[0-5])).[0-9]+ { EXITCODE=77 :0 | ${UCE} } # 15Jul2002: verio spam block - registered to Bosnia!? # 161.58.84.0/24 :0 * IPEXTERNAL ?? 161.58.84.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 2Aug2002: PMP-AU girlfriends spam # 203.1.20.0/22 :0 * IPEXTERNAL ?? 203.1.2[0-3].(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 15Aug2002: Aus Broad Comm - unconf opt-in list spam # 203.2.218.0/24 :0 * IPEXTERNAL ?? 203.2.218.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 30Jul2002: Start blocking Australian spammers within uunet.au # 203.2.192.0/24 :0 * IPEXTERNAL ?? 203.2.192.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 25Jul2002: .au school w/open relay at 203.8.208.13 # 203.8.208.0/24 :0 * IPEXTERNAL ?? 203.8.208.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 26Jul2002: .au school spammer # 203.13.68.0..71.255 :0 * IPEXTERNAL ?? 203.13.((6(8|9))|(7(0|1))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 08Oct2002: .au spam spammer # 203.16.208.0/20 :0 * IPEXTERNAL ?? 203.16.2((0[8-9])|(1[0-5])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 15Oct2002: .au spam spammer # 203.22.0.0/16 :0 * IPEXTERNAL ?? 203.22.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 08Oct2002: .au spam spammer # 203.24.88.0/23 :0 * IPEXTERNAL ?? 203.24.8(8|9).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 16Jul2002: Blocking "Pacific Internet" # 203.26.8.0..11.255 :0 * IPEXTERNAL ?? 203.26.((8|9)|(1(0|1))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 25Jul2002: .au spamblock # 203.30.180.0/24 :0 * IPEXTERNAL ?? 203.30.180.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 15Jul2002: Blocking "PSINet Australia" # 203.32.160.0/20 :0 * IPEXTERNAL ?? 203.32.1((6[0-9])|(7[0-5])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 19Jul2002: Netway Technologies, .au # 203.33.252.0/23 :0 * IPEXTERNAL ?? 203.33.25(2|3).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 28Sep2002: .au spam # 203.34.81.0/24 :0 * IPEXTERNAL ?? 203.34.81.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 16Jul2002: .au spam # 203.34.152.0/23 :0 * IPEXTERNAL ?? 203.34.15(2|3).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 17Jul2002: .au spam # 203.35.0.0/16 :0 * IPEXTERNAL ?? 203.35.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 19Nov2001: Blocking "Telstra Internet AU" for Crazy Dave spam # 203.36.0.0/18 added 9-Aug-2002 for infomail.com.au # 203.40.0.0..56.255.255 :0 * IPEXTERNAL ?? 203.((3[6-9])|(4[0-9])|(5[0-6])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 28Jul2002: .au spam # 203.57.38.0/24 :0 * IPEXTERNAL ?? 203.57.38.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 16Jul2002: .au spam # 203.63.254.0/24 :0 * IPEXTERNAL ?? 203.63.254.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 19Oct2001: Blocking Taiwan edu block - known spammers within # 203.68.94.0/24 :0 * IPEXTERNAL ?? 203.68.94.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 8Oct2001: Blocking "Brazin" - sanity.com.au spam # 203.76.29.192/29 :0 * IPEXTERNAL ?? 203.76.29.19[2-9] { EXITCODE=77 :0 | ${UCE} } # # 16Oct2001: Blocking "wishlist" inside globalcenter.net.au # 203.89.223.128/26 :0 * IPEXTERNAL ?? 203.89.223.1((2[8-9])|([3-8][0-9])|(9[0-1])) { EXITCODE=77 :0 | ${UCE} } # # 27Aug2002: direct to MX spam # 203.89.236.0/24 :0 * IPEXTERNAL ?? 203.89.236.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 28Mar2003: channelv .au spam # 203.111.28.0/24 :0 * IPEXTERNAL ?? 203.111.28.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 21Aug2002: apple singapore spam # 203.120.14.0/23 :0 * IPEXTERNAL ?? 203.120.1(4|5).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 23Jul2002: .in - india # 203.129.244.0/22 :0 * IPEXTERNAL ?? 203.129.24[4-7].(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 3Oct2001: Blocking au.uu.net netblock for chaosmusic.com. # 203.166.28.0/24 :0 * IPEXTERNAL ?? 203.166.28.1(([6-8][0-9])|(9[0-1])) { EXITCODE=77 :0 | ${UCE} } # # 15Jul2002: Blocking au.uu.net netblock for returnity.com.au # 203.166.49.0/24 :0 * IPEXTERNAL ?? 203.166.49.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 21Aug2002: .ph spam # 203.172.0.0/16 :0 * IPEXTERNAL ?? 203.172.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 8Nov2001: Blocking "Next Media Interactive" refuse relay testing. # 203.194.149.32/26 # 203.194.149.64/26 :0 * IPEXTERNAL ?? 203.194.149.((3[2-9])|([4-9][0-9])|(1[0-1][0-9])|(12[0-7])) { EXITCODE=77 :0 | ${UCE} } # # 16Jul2002: Blocking India # 203.199.0.0/16 :0 * IPEXTERNAL ?? 203.199.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 13Aug2002: some .au spam # 203.202.124.0/24 :0 * IPEXTERNAL ?? 203.202.124.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 19Dec2002: comindico .au spam # 203.220.0.0/16 :0 * IPEXTERNAL ?? 203.220.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 14Oct2001: Blocking "Korea NIC" all of Korea # 203.232.0.0/12 :0 * IPEXTERNAL ?? 203.23[2-9].(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 02Feb2003: themailtrail spam # 204.188.52.0/24 :0 * IPEXTERNAL ?? 204.188.52.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 08Oct2002: .nl spam # 213.73.0.0/16 :0 * IPEXTERNAL ?? 213.73.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 10Dec2002: .nl spam - chello # 213.93.192.0/19 :0 * IPEXTERNAL ?? 213.93.((19[2-9])|(2[0-3])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 19Jul2002: .es spam # 213.96.10.0/15 :0 * IPEXTERNAL ?? 213.9(6|7).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 19Jul2002: .eg Egypt spam # 213.131.64.0..77.255 :0 * IPEXTERNAL ?? 213.131.((6[4-9])|(7[0-7])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 9Aug2002: PCNET .ro (Romania) # 213.154.128.0/19 :0 * IPEXTERNAL ?? 213.154.1((2(8|9))|([3-8][0-9])|(9(0|1))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 24-Mar-2005: education spam # 213.158.169.0/24 :0 * IPEXTERNAL ?? 213.158.169.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 19Jul2002: .it spam # 213.217.149.0/24 :0 * IPEXTERNAL ?? 213.217.149.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 23Apr2003: Xpress newsletter spam # 213.149.190.0/24 :0 * IPEXTERNAL ?? 213.149.190.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 3Oct2001: Blocking cybercon netblock for colonize.com. # for some reason it blocks efax.com (Arrgh!) Tried one repair. # 216.15.203.192/26 # 216.15.251.0/24 # 216.15.250.0/24 # 216.15.128.0/17 # :0 * IPEXTERNAL ?? ((216.15.203.((19[2-9])|(2[0-5][0-9])))|\ (216.15.251.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (216.15.250.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (216.15.((1((2(8|9))|([3-9][0-9])))|(2[0-5][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))) { EXITCODE=77 :0 | ${UCE} } # # 12Oct2001: Blocking easyridercasino.com # 216.6.10.0/23 :0 * IPEXTERNAL ?? 216.6.1(0|1).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 15Jul2002: Blocking africaonline ghana # 216.6.50.0/23 :0 * IPEXTERNAL ?? 216.6.5(0|1).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 07Oct2002: "Carribean Trading and Sales 2000 Inc." # 216.7.129.0/27 # 216.7.132.0/24 11Nov2002 :0 * IPEXTERNAL ?? 216.7.1(29|30|32).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 13ct2001: Blocking "Tube.e Communications" for freeasiaxx.com # 216.18.85.0/25 # :0 * IPEXTERNAL ?? 216.18.85.(([0-9])|([0-9][0-9])|(1[0-1][0-9])|(12[0-7])) { EXITCODE=77 :0 | ${UCE} } # # 11Oct2001: Blocking deremate.com - Spanish newsletter spam. # 216.25.228.64/26 :0 * IPEXTERNAL ?? 216.25.228.((6[4-9])|([7-9][0-9])|(1[0-1][0-9])|(12[0-7])) { EXITCODE=77 :0 | ${UCE} } # 29Sep2001: Netblock for customer-email.com. Spew for gaming MSN, # hosted by Exodus, ignore all spamcop.net complaints. # 216.32.31.128/26 :0 * IPEXTERNAL ?? 216.32.31.1((2[8-9])|([3-5][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 1Nov2001: Blocking "AmericanGreetings" egreetings.com # 216.33.97.64/26 # 64.14.122.0/24 20-Nov-2002 # 216.33.111.128/24 18-Dec-02 :0 * IPEXTERNAL ?? ((216.33.97.((6[4-9])|([7-9][0-9])|(1[0-1][0-9])|(12[0-7])))|\ (64.14.122.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (216.33.111.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))) { EXITCODE=77 :0 | ${UCE} } # 29Sep2001: Netblock for planetofmusic.com. Spew for # hosted by Exodus. Ignoring all spamcop.net complaints. # 216.34.214.48/28 :0 * IPEXTERNAL ?? 216.34.214.((4[8-9])|(5[0-9])|(6[0-3])) { EXITCODE=77 :0 | ${UCE} } # # 3Oct2001: Blocking exodus netblock for jackpot.com # 216.34.216.0/24 jackpot.com :0 * IPEXTERNAL ?? 216.34.216.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 11Oct2001: Blocking processrequest.com inside exodus.net # 216.39.66.0/24 :0 * IPEXTERNAL ?? 216.39.66.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 4Oct2001: Blocking "e2 Communications" netblock for processrequest.com # 216.39.67.0/25 :0 * IPEXTERNAL ?? 216.39.67.(([0-9])|([0-9][0-9])|((1((0|1)[0-9])|2[0-7]))) { EXITCODE=77 :0 | ${UCE} } # # 9Aug2002: EV1 - # 216.40.238.0/24 10Oct2002 # 216.40.215.0/24 :0 * IPEXTERNAL ?? 216.40.2((15)|(38)).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 11Jul2002: Blocking mcafee.com's AS17473 # 216.49.88.0/21 :0 * IPEXTERNAL ?? 216.49.((8(8|9))|(9[0-5])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 15Jul2002: JDR Media known spammer # 216.52.219.0/24 :0 * IPEXTERNAL ?? 216.52.219.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 09Oct2002: DirectSynergy spammer # 216.52.222.0/24 :0 * IPEXTERNAL ?? 216.52.222.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 18Oct2002: "Virtual hosting group" # 216.65.13.0/24 :0 * IPEXTERNAL ?? 216.65.13.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 19Aug2002: .ca sex url spam # 216.83.15.0/24 :0 * IPEXTERNAL ?? 216.83.15.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 18Jul2002: Ultimate Sports Info - primaryclick.com, ultimatesports.info # 216.87.56.224/28 :0 * IPEXTERNAL ?? 216.87.56.2((2[4-9])|(3[0-9])) { EXITCODE=77 :0 | ${UCE} } # # 12Aug2002: "Colosseum Online", .ca spam # 216.94.0.0/24 :0 * IPEXTERNAL ?? 216.94.0.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 17Oct2001: Blocking "Virtual Service" as fantasyteam.com - stupid pig newsletter. # 216.94.197.0/24 :0 * IPEXTERNAL ?? 216.94.197.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 1Aug2002: E-centives # 216.109.72.0/24 :0 * IPEXTERNAL ?? 216.109.72.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 3Oct2001: Blocking "America's Lotto" netblock for customoffers.com. # 216.109.84.128/28 # 216.109.73.0/24 28Jul2002: New netblock for them. :0 * IPEXTERNAL ?? 216.109.((73.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (84.((12[8-9])|(13[0-9])|(14[0-3])))) { EXITCODE=77 :0 | ${UCE} } # # 10Oct2002: Custom Offers LLC block # 216.109.92.0/24 (why block a /28 in exodus space?) :0 * IPEXTERNAL ?? 216.109.92.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 19Aug2002: rackspace crap - nz travel spam # 216.110.45.0/24 # 216.110.32.0/24 22-Nov-02 nana-e sighting # 216.110.33.0/24 22-Nov-02 nana-e sighting # 216.110.34.0/24 22-Nov-02 nana-e sighting # 216.110.35.0/24 22-Nov-02 nana-e sighting # 216.110.36.0/24 22-Nov-02 nana-e sighting # 216.110.37.0/24 22-Nov-02 nana-e sighting # 216.110.38.0/24 22-Nov-02 nana-e sighting # 216.110.39.0/24 22-Nov-02 nana-e sighting :0 * IPEXTERNAL ?? 216.110.(3[2-9]|45).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 11Aug2002: # 216.116.106.0/24 :0 * IPEXTERNAL ?? 216.116.106.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 11Oct2001: Blocking "Pythonvideo, Inc" redlightmail.com netblock. # 216.130.216.0/23 :0 * IPEXTERNAL ?? 216.130.21(6|7).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 18Feb2003: porn spam, with obfuscation and redirection # 216.131.68.0/24 :0 * IPEXTERNAL ?? 216.131.68.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 17Jul2002: yahoo webmail spew # 216.136.130.51 # 216.136.130.54 # 216.136.130.57 # 216.136.130.216 # 216.136.173.0/24 # 216.136.174.74 # 216.136.175.141 # 216.136.224.119 # 216.136.226.166 :0 * IPEXTERNAL ?? 216.136.((173.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|(174.74)|(175.141)|(224.119)|(226.166)|\ (130.5(1|4|7))|\ (130.216)) { EXITCODE=77 :0 | ${UCE} } # # 15Jul2002: spammer # 216.144.224.7 :0 * IPEXTERNAL ?? 216.144.224.7 { EXITCODE=77 :0 | ${UCE} } # # 07Oct2002: pickyourflick.com spammer # 216.144.228.0/24 :0 * IPEXTERNAL ?? 216.144.228.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 10Dec2002: yahoo.com.au newsletter spam # 216.145.54.0/24 :0 * IPEXTERNAL ?? 216.145.54.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 15Sep2002: ISDNet space, casino spammer # 216.153.64.0/19 :0 * IPEXTERNAL ?? 216.153.((6[4-9])|((7|8)[0-9])|(9[0-5])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 26Jul2002: 9netave spam # 216.156.0.0/16 :0 * IPEXTERNAL ?? 216.156.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 11Jul2002: Blocking Prime Internet Network - adult websites and refuse spamcop reports # 216.158.128.0/19 :0 * IPEXTERNAL ?? 216.158.1((2(8|9))|([3-5][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 23Jul2002: North Plains - yourbigvote.com spam # 216.162.101.0/24 :0 * IPEXTERNAL ?? 216.162.101.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 31Jul2002: spam from a .ca verio /32 block(!). Think I'll do the whole /24. # 216.167.37.0/24 :0 * IPEXTERNAL ?? 216.167.37.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 27Oct2002: digital forest spam - gave them three warnings # 216.168.32.0/19 :0 * IPEXTERNAL ?? 216.168.((3[2-9])|((4|5)[0-9])|(6[0-3])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 2Aug2002: freerewards.com spam - exodus.net block # 216.177.70.0/24 :0 * IPEXTERNAL ?? 216.177.70.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 31Aug2002: Net Depot spam out of a pop/imap auth server # 216.180.225.0/24 :0 * IPEXTERNAL ?? 216.180.225.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 30Jul2002: Interelate - interelate.net spam on inflow block # 216.183.115.48/28 :0 * IPEXTERNAL ?? 216.183.115.((4(8|9))|(5[0-9])|(6[0-3])) { EXITCODE=77 :0 | ${UCE} } # # 19Jul2002: O.S.T. Inc - gambling from .ca # 216.187.76.0/22 :0 * IPEXTERNAL ?? 216.187.76.(([0-9])|([0-5][0-9])|(6[0-3])) { EXITCODE=77 :0 | ${UCE} } # # 11Jul2002: web3000.com # 216.207.80.0/24 :0 * IPEXTERNAL ?? 216.207.80.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 28Jul2002: AXA Assistance USA - spam with mail.com forged return addys # 216.216.140.64/26 :0 * IPEXTERNAL ?? 216.216.140.((6[4-9])|((7|8)[0-9])|(9[0-5])) { EXITCODE=77 :0 | ${UCE} } # # 28Sep2002: CyberGate spam # 216.219.128.0/17 :0 * IPEXTERNAL ?? 216.219.((1((2(8|9))|([3-9][0-9])))|(2[0-5][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 18Jul2002: .gt (Guatemala) spam # 216.230.128.0/18 :0 * IPEXTERNAL ?? 216.230.1((2(8|9))|([3-5][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 6Aug2002: block reported on spam-l # 216.236.156.0/24 :0 * IPEXTERNAL ?? 216.236.156.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 14Oct2001: Blocking "AstroCenter" for astrocenter.com # 216.239.209.128/28 (exodus.net) :0 * IPEXTERNAL ?? 216.239.209.((12[8-9])|(13[0-9])|(14[0-3])) { EXITCODE=77 :0 | ${UCE} } # # 17Jul2002: Block Targeted EMail Direct, mailstimulator.com spam, .cl block # 216.241.0.0/16 :0 * IPEXTERNAL ?? 216.241.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 5Oct2001: Blocking "{any name here}" from ciberlynx.net # 216.242.0.0/16 :0 * IPEXTERNAL ?? 216.242.[0-9]+.[0-9]+ { EXITCODE=77 :0 | ${UCE} } # # 17Jul2002: spam from edeltacom.com # 216.248.176.0/24 :0 * IPEXTERNAL ?? 216.248.176.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 9Aug2002: Convergence Research - email to SMS phone # 216.254.4.0/24 :0 * IPEXTERNAL ?? 216.254.4.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 16Jul2002: Blocking .it block - dialups # 217.58.200.0/24 # 217.59.162.0/24 :0 * IPEXTERNAL ?? 217.((58.200.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (59.162.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))) { EXITCODE=77 :0 | ${UCE} } # # 11Jul2002: Blocking .de block - dialups # 217.80.0.0/13 :0 * IPEXTERNAL ?? 217.8[0-9].(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 16Aug2002: spammer in .sk block # 217.11.245.0/24 :0 * IPEXTERNAL ?? 217.11.245.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 27May2003: skynet.be adsl spammer # 217.136.209.0/24 :0 * IPEXTERNAL ?? 217.136.136.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 11Jul2002: Blocking .ch block # 217.162.64.0/18 :0 * IPEXTERNAL ?? 217.162.((6[4-9])|([7-9][0-9])|(1(((0|1)[0-9])|(2[0-7])))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 22Oct2002: .ae block # 217.164.0.0/15 :0 * IPEXTERNAL ?? 217.16(4|5).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 12Jul2002: Blocking a .fr block - spam # 217.167.34.0/23 :0 * IPEXTERNAL ?? 217.167.3(4|5).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 10Oct2002: Screw .cn block - too much spam # 218.0.0.0/8 :0 * IPEXTERNAL ?? 218.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 07Sep2005: Blocking spam # 222.136.112.0/24 :0 * IPEXTERNAL ?? 222.136.112.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 25Jul2002: shockwave.com spam # 63.251.52.0/24 # 63.251.252.0/24 luckysurf.com :0 * IPEXTERNAL ?? 63.251.2?52.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 19Aug2002: gotomypc.com spam - expertcity.com # 63.251.224.0/24 :0 * IPEXTERNAL ?? 63.251.224.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 4Oct2001: Blocking "Apple News" netblock for lists.apple.com # 17.254.0.152 :0 * IPEXTERNAL ?? 17.254.0.152 { EXITCODE=77 :0 | ${UCE} } # # 30Nov2002: formmail spam # 12.23.44.3 :0 * IPEXTERNAL ?? 12.23.44.3 { EXITCODE=77 :0 | ${UCE} } # # 30Jul2002: spam-l reported block # 12.33.196.176/28 :0 * IPEXTERNAL ?? 12.33.196.1((7[6-9])|(8[0-9])|(9(0|1))) { EXITCODE=77 :0 | ${UCE} } # # 29Jul2002: Invesmart - invesmart.com spam # 12.46.232.0/27 :0 * IPEXTERNAL ?? 12.46.232.(([0-9])|([0-2][0-9])|(3(0|1))) { EXITCODE=77 :0 | ${UCE} } # # 15Aug2002: fossil - spam # 12.106.212.0/24 :0 * IPEXTERNAL ?? 12.106.212.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 02Dec2002: flowgo.com new spam # 12.129.204.0/23 :0 * IPEXTERNAL ?? 12.129.20(4|5).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 11Nov2002: henson.com spam # 12.146.198.0/24 :0 * IPEXTERNAL ?? 12.146.198.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 14Aug2002: M2 communications - spam # 12.149.38.0/24 :0 * IPEXTERNAL ?? 12.149.38.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 15Jul2002: Block Inter-Mountain data storage - spam # 12.165.106.0/24 :0 * IPEXTERNAL ?? 12.165.106.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 5Aug2002: AT&T direct-to-MX spam # 12.245.0.0/16 :0 * IPEXTERNAL ?? 12.245.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 8Aug2002: Large .uy block (and most of central america) # 200.0.0.0/8 :0 * IPEXTERNAL ?? 200.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 15Jul2002: .ar spam # 200.9.212.0/23 :0 * IPEXTERNAL ?? 200.9.21(2|3).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 17Jul2002: .co spam # 200.24.0.0/16 # 200.21.13.0/24 ImpSat :0 * IPEXTERNAL ?? 200.((24.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (31.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))) { EXITCODE=77 :0 | ${UCE} } # # 25Jul2002: .pe/.ec spam # 200.37.0.0/16 # 200.41.0.0/16 :0 * IPEXTERNAL ?? 200.((37)|(41)).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 17Jul2002: .ar spam # 200.42.0.0/16 :0 * IPEXTERNAL ?? 200.42.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 17Jul2002: .pe spam # 200.48.0.0/16 :0 * IPEXTERNAL ?? 200.48.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 16Jul2002: Blocking someonelikesto(spam)you.com # 65.19.140.0/24 :0 * IPEXTERNAL ?? 65.19.140.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 15Aug2002: spam from rr.com # 65.33.8.0/24 :0 * IPEXTERNAL ?? 65.33.8.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 11Jul2002: Blocking known spamhaus # 65.39.144.0/21 :0 * IPEXTERNAL ?? 65.39.1((4[4-9])|(5(0|1))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 22Oct2002: web server reseller, no abuse policy # 65.77.24.0/23 :0 * IPEXTERNAL ?? 65.77.2(4|5).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 08Dec2002: 23rd century marketing group, spam # 65.77.47.0/24 :0 * IPEXTERNAL ?? 65.77.47.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 15Aug2002: www.firstdentalplans.com spam from XO block # 65.107.237.0/24 :0 * IPEXTERNAL ?? 65.107.237.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 05Dec2002: Multidata spam # 65.118.181.0/24 :0 * IPEXTERNAL ?? 65.118.181.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 19Jul2002: Blocking dhs-club known spammer # 65.120.168.0/22 :0 * IPEXTERNAL ?? 65.120.1((6(8|9))|(7(0|1))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 24Jul2002: block per spam-l # 65.123.236.0/23 :0 * IPEXTERNAL ?? 65.123.23(6|7).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 11Jul2002: Blocking World Reach in Irvine # 65.123.247.0/24 :0 * IPEXTERNAL ?? 65.123.247.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 25Oct2001: Blocking "Qwest Comms" netblock - too much spam # 65.128.0.0/12 :0 * IPEXTERNAL ?? 65.1((2(8|9))|((3|4|5)[0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 23Jul2002: Beldar associates - spam # 65.163.106.0/24 :0 * IPEXTERNAL ?? 65.163.106.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 4Oct2001: Blocking "Fred Lusky, L.L.C" netblock for snailfriends.com # 65.166.232.0/24 :0 * IPEXTERNAL ?? 65.166.232.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 7Aug2002: sex membership spam - cogentco.com space # 66.28.100.0/22 "new horizon collocation" for suzysfreeporn.com 29-Oct-2002 # 66.28.81.0/24 11-Feb-03 # 66.28.153.0/24 "ideaflood" # 66.28.208.0/24 # 66.28.248.0/24 "www.teensdelivery.com" 11-Oct-2002 :0 * IPEXTERNAL ?? 66.28.((81)|(10[0-7]|153|208|248)).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 18Jul2002: GT Group Telecom - .ca sex spam # 66.38.206.0/24 :0 * IPEXTERNAL ?? 66.38.206.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 28Aug2002: hispeed hosting - maktoob.com spam # 66.70.92.0/24 # 66.70.18.0/24 Xu Hong spammer :0 * IPEXTERNAL ?? 66.70.((18)|(92)).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 4Dec2002: rr.com dialup spammer # 66.74.195.0/24 :0 * IPEXTERNAL ?? 66.74.195.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 18Jul2002: Sprint "BWG" - sex spam # 30Jul2002: Removed - Sprint has a conscience, so report to abuse instead. # 66.87.139.0/24 (it's a /16, but try blocking smaller portion 1st) # i.e. securityfocus.com is 66.38.151.10, .19, .27 # :0 # * IPEXTERNAL ?? 66.87.139.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) # { # EXITCODE=77 # :0 # | ${UCE} # } # # 29Jul2002: LightRealm block - selfhelpguides.com # 66.111.64.0/19 :0 * IPEXTERNAL ?? 66.111.((6[4-9])|((7|8)[0-9])|(9[0-5])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 4Oct2001: Blocking "Fred Lusky, L.L.C" netblock for # 66.114.199.0/24 :0 * IPEXTERNAL ?? 66.114.199.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 07Feb2003: optinxmail.com # 66.115.190.0/24 :0 * IPEXTERNAL ?? 66.115.190.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 08Dec2002: spam block - waterydesigns.com # 66.124.82.0/24 :0 * IPEXTERNAL ?? 66.124.82.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 12Jul2002: spam block # 66.134.163.0/24 :0 * IPEXTERNAL ?? 66.134.163.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 17Jul2002: Hunting Beach, Bandview, spam block # 66.148.63.0/24 :0 * IPEXTERNAL ?? 66.148.63.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 10Oct2002: "CP Cyber Wurx" block # 66.154.0.0/18 :0 * IPEXTERNAL ?? 66.154.(([0-9])|([1-8][0-9])|(9[0-5])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 15Jul2002: spectrum access - weight loss and sex spam # 66.170.96.0/20 :0 * IPEXTERNAL ?? 66.170.((9[6-9])|(1((0[0-9])|(1(0|1))))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 07Oct2002: Charter Comm - ft worth tx spammer # 66.169.112.0/20 :0 * IPEXTERNAL ?? 66.169.1((1[2-9])|(2[0-7])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 20Aug2002: misdirected .py email # 66.178.33.0/23 :0 * IPEXTERNAL ?? 66.178.3(3|4).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 15Jul2002: DirectStuff.com # 66.179.17.0/24 :0 * IPEXTERNAL ?? 66.179.17.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 23Jul2002: usagreetings.com spam # 66.180.237.0/24 :0 * IPEXTERNAL ?? 66.180.237.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 12Jul2002: likewhoa.com for sex spam # 66.181.160.0/20 :0 * IPEXTERNAL ?? 66.181.1((6[0-9])|(7[0-5])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 17Jul2002: spam from uunet # 65.192.213.0/24 # 65.196.61.0/24 :0 * IPEXTERNAL ?? 66.192.((61)|(213)).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 15Jul2002: spam from uunet (music) # 65.213.188.0/24 :0 * IPEXTERNAL ?? 66.213.188.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 15Jul2002: az media spam # 66.197.0.0..95.255 :0 * IPEXTERNAL ?? 66.197.(([0-8][0-9])|(9[0-5])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 01May2003: azoogle.com # 66.197.140.0/24 # 66.197.170.0/24 :0 * IPEXTERNAL ?? 66.197.1(4|7)0.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 18Jul2002: internetseer look-alike as in spam-l # 209.123.178.0/27 :0 * IPEXTERNAL ?? 209.123.178.(([0-9])|([1-2][0-9])|(3(0|1))) { EXITCODE=77 :0 | ${UCE} } # # 30Oct2002: interactive marketing group - spam # 209.125.37.0/24 :0 * IPEXTERNAL ?? 209.125.37.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 13Oct2001: Blocking "Launch" for launch-media.net # 209.132.229.0/23 :0 * IPEXTERNAL ?? 209.132.2((29)|(3(0|1))).(([0-9])|([0-9][0-9])|(((1|2)[0-9][0-9]))) { EXITCODE=77 :0 | ${UCE} } # # 17Feb2003: ice???.net for cooleremail spam # 209.246.228.0/24 :0 * IPEXTERNAL ?? 209.246.228.(([0-9])|([0-9][0-9])|(((1|2)[0-9][0-9]))) { EXITCODE=77 :0 | ${UCE} } # # 24Oct2001: Blocking "Creative Marketing Zone" netblock - Ralsky company # 65.174.218.0/23 :0 * IPEXTERNAL ?? 65.174.21(8|9).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 17Jul2002: spam from "Niuniu Ji"? in cybercon.com space # 66.201.64.0/18 :0 * IPEXTERNAL ?? 66.201.((6[4-9])|([7-9][0-9])|(1((0|1)[0-9])|(2[0-7]))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 1Aug2002: Internet Presence, Inc. - "gateway.inetpres.com" # 66.207.201.0/24 :0 * IPEXTERNAL ?? 66.207.201.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 10Oct2002: www.netleadsource.com in rackspace # 66.216.113.0/24 :0 * IPEXTERNAL ?? 66.216.113.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 04Sep2002: ms83.com spam # 66.216.109.0/24 :0 * IPEXTERNAL ?? 66.216.109.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 11Aug2002: c0olmail.com spammer # 66.216.110.0/24 :0 * IPEXTERNAL ?? 66.216.110.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 11Jul2002: yahoo bulk blocks # 66.218.64.0/18 # 66.218.73.0/24 try smaller blocking 7-Feb-2003 # 66.218.66.0/24 03-Jun-2003 # 66.218.69.0/24 19-Feb-2003 :0 # * IPEXTERNAL ?? 66.218.((6[4-9])|((7|8)[0-9])|(9[0-5])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) * IPEXTERNAL ?? 66.218.(66|69|73).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 15Jul2002: oin60.com, oin50.com # 66.236.248.0/24 :0 * IPEXTERNAL ?? 66.236.248.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 27Jun2003: new bulk emailer # 66.238.134.0/24 :0 * IPEXTERNAL ?? 66.238.134.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 5Aug2002: Broadspire, inc - hsmmailer.net # 66.240.128.0/26 - block this if spam continues # 66.240.190.0/24 - only block this first time :0 * IPEXTERNAL ?? 66.240.190.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 18Jul2002: cogento.ca block spamming for www.teenranch4free.com # 66.250.72.0/24 :0 * IPEXTERNAL ?? 66.250.72.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 18Jul2002: myfreerewards.com # 66.250.127.0/24 :0 * IPEXTERNAL ?? 66.250.127.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 4Oct2001: Blocking "iVillage/Knowledge Web" netblock for advertising.com # 209.157.220.0/25 :0 * IPEXTERNAL ?? 209.157.220.(([0-9])|([0-9][0-9])|(([0-1][0-1][0-9])|(12[0-7]))) { EXITCODE=77 :0 | ${UCE} } # # 4Oct2001: Blocking "IVillage" netblock for ivillage.com # 216.35.47.0/24 # 209.185.162.0/24 :0 * IPEXTERNAL ?? ((216.35.47.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (209.185.162.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))) { EXITCODE=77 :0 | ${UCE} } # # 4Oct2001: Blocking "Editorial America Iberica" netblock # for zdnet-es.com 212.49.152.0/24 :0 * IPEXTERNAL ?? 212.49.152.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 9Aug2002: Still pm0.net blocking, but Verio blocks removed due to action. # 128.121.122.32/27 # 128.121.231.0/24 # 129.250.225.0/24 7-Feb-2003 # 128.121.253.0/24 9-Sep-2003: registeredwinners.com spam # 161.58.160.0/24 # 161.58.223.0/25 # 209.133.65.0/25 # 209.133.67.128/25 # 209.196.17.106 # 209.235.17.89 # 216.205.123.78 # 216.205.125.120-4 # 216.205.21.0/25 # 216.205.91.0/26 # 161.58.202.0/24 :0 * IPEXTERNAL ?? ((128.121.122.((3[2-9])|([4-5][0-9])|(6[0-3])))|\ (128.121.231.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (129.250.225.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (128.121.253.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (161.58.160.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (161.58.223.(([0-9])|([0-9][0-9])|(1((0|1)[0-9])|(2[0-7]))))|\ (209.133.67.((1(2[8-9])|([3-9][0-9]))|(2[0-5][0-9])))|\ (209.196.17.106)|\ (209.235.17.89)|\ (216.205.123.78)|\ (216.205.125.12[0-4])|\ (216.205.21.(([0-9])|([0-9][0-9])|(1((0|1)[0-9])|(2[0-7]))))|\ (216.205.68.10[6-9])|\ (216.205.91.(([0-9])|((1[0-9])|(2[0-7]))))) { EXITCODE=77 :0 | ${UCE} } # # 9Aug2002: Digital Connexxions - marketing spam # 209.47.251.0/24 # 209.167.239.0/24 :0 * IPEXTERNAL ?? 209.((47.251)|(167.239)).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 15Jul2002: interliant - bestmail.com spam # 209.196.45.0/24 :0 * IPEXTERNAL ?? 209.196.45.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 28Jul2002: .cm spam # 209.198.243.0/24 :0 * IPEXTERNAL ?? 209.198.243.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 15Jul2002: eloan.com and webshots.com - in verio space # 128.242.103.0/24 ulimit.com # 128.242.104.0/24 eloan.com, webshots.com # 128.242.207.0/24 Plumeus - Montreal QB in a .226/32 (!) :0 * IPEXTERNAL ?? 128.242.((10(3|4))|(207)).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 23Apr2003: optinmedia spam # 128.242.100.0/23 :0 * IPEXTERNAL ?? 128.242.10(0|1).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 4Oct2001: Kim Marin block (from NANAE) for optin.com (still reg 23Apr2003) # 65.208.106.128/26 :0 * IPEXTERNAL ?? 65.208.106.1((2[8-9])|([3-8][0-9])|(9[0-1])) { EXITCODE=77 :0 | ${UCE} } # # 14Aug2002: Ion-Entertainment spam # 65.241.155.0/24 :0 * IPEXTERNAL ?? 65.241.155.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 19Aug2002: Infostrada Housing - .it spam toner cartridge spam bouncing # through this network # 193.70.192.0/22 :0 * IPEXTERNAL ?? 193.70.19([2-5]).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 3Aug2002: emf-fem.org mortgage spam # 193.121.138.0/24 :0 * IPEXTERNAL ?? 193.121.138.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 16Jul2002: block oxfordbusinessgroup.com - unsubscribed newsletter # 15Oct2002: widening block to entire ISP. # 193.192.96.0/19 :0 * IPEXTERNAL ?? 193.192.((9[6-9])|(10([0-9])|(11[0-8]))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 19Jul2002: block spammer in .gb area # 193.195.96.0/24 :0 * IPEXTERNAL ?? 193.195.96.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 30Jul2002: spam-l reported block, .ua space # 194.44.120.0/22 :0 * IPEXTERNAL ?? 194.44.12[0-7].(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 19Aug2002: .cz spam # 194.108.145.0/24 :0 * IPEXTERNAL ?? 194.108.145.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 28Jul2002: .lb spam # 194.126.5.0/24 :0 * IPEXTERNAL ?? 194.126.5.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 5Oct2001: Blocking uk.xo.com for www.xara.com # 194.143.183.0/24 :0 * IPEXTERNAL ?? 194.143.183.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 28Sep2002: .my spam # 61.6.0.0..191.255 :0 * IPEXTERNAL ?? 61.6.(([0-9])|([1-9][0-9])|(1(([0-9])|([1-8][0-9])|(9(0|1))))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 29Jul2002: Blocking ..au intrapower services # 61.8.96.0/19 :0 * IPEXTERNAL ?? 61.8.((9[6-9])|(1(((0|1)[0-9])|(2[07])))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 18Jul2002: Blocking .hk cable # 61.10.96.0/19 :0 * IPEXTERNAL ?? 61.10.((9[6-9])|(1(((0|1)[0-9])|(2[07])))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 16Jul2002: Blocking .tw # 61.56.0.0..67.255.255 :0 * IPEXTERNAL ?? 61.((5[6-9])|(6[0-7])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 24Jul2002: Blocking .kr # 61.77.16.0..29.255 :0 * IPEXTERNAL ?? 61.77.((1[6-9])|(2[0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 24Jul2002: Blocking .kr # 61.72.100.0..119.255 :0 * IPEXTERNAL ?? 61.72.(1(0|1)[0-9]).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 18Jul2002: Blocking .jp blocks # 61.127.9.0/24 :0 * IPEXTERNAL ?? 61.127.9.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 24Jul2002: Blocking .cn blocks # 61.134.0.0/16 # 61.139.0.0/16 :0 * IPEXTERNAL ?? 61.13(4|9).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 25Jul2002: Blocking .cn blocks # 61.144.0.0/12 :0 * IPEXTERNAL ?? 61.1((4[4-9])|(5[0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 16Jul2002: Blocking .cn # 61.168.0.0..175.255.255 # 61.183.0.0/23 # 61.240.0.0/14 :0 * IPEXTERNAL ?? 61.((1((6(8|9))|(7[0-5])|(83)))|(24[0-3])).\ (([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 25Jul2002: Blocking .jp blocks # 61.214.0.0/17 :0 * IPEXTERNAL ?? 61.214.(([0-9])|([0-9][0-9])|(1(((0|1)[0-9])|(2[0-7])))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 22Jul2002: Blocking hinet.net blocks # 61.220.72.0/24 # 61.228.0.0/14 :0 * IPEXTERNAL ?? 61.((2((2(8|9))|(3(0|1))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (220.72.[0-9]+)) { EXITCODE=77 :0 | ${UCE} } # # 14Jul2002: Blocking uk cyber cafe area # 62.6.158.0/24 :0 * IPEXTERNAL ?? 62.6.158.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 03Sep2002: jazztel.com unconfirmed list server # 62.14.0.0/15 :0 * IPEXTERNAL ?? 62.1(4|5).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 6Aug2002: Blocking uk direct-to-mx spam # 62.31.119.0/24 :0 * IPEXTERNAL ?? 62.31.119.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 11Nov2002: .nl spam source # 62.58.50.0/24 :0 * IPEXTERNAL ?? 62.58.50.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 19Aug2002: dialup area that refuses spamcop reports # 62.60.0.0/19 :0 * IPEXTERNAL ?? 62.60.(([0-9])|((1|2)([0-9]))|(3(0|1))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 30Jul2002: upgraded to /16. .es spam # 62.81.0.0/16 :0 * IPEXTERNAL ?? 62.81.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 11Jul2002: .cz domain due to spamming # 62.105.0.0/19 :0 * IPEXTERNAL ?? 62.105.(([0-9])|((1|2)[0-9])|(3(0|1))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 24-Mar-2005: list server # 62.114.150.0/24 :0 * IPEXTERNAL ?? 62.114.150.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 15Jul2002: .de spam # 62.138.167.0/24 # 62.157.183.0/24 :0 * IPEXTERNAL ?? 62.((138.167.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (157.183.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))) { EXITCODE=77 :0 | ${UCE} } # # 25Jul2002: .kw spam # 62.150.0.0/16 :0 * IPEXTERNAL ?? 62.150.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 18Jul2002: .de spam # 62.159.207.0/24 :0 * IPEXTERNAL ?? 62.159.207.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 16Jul2002: .uk spam # 62.172.122.0/24 :0 * IPEXTERNAL ?? 62.172.122.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 16Jul2002: .uk spam dialup uunet block # 62.188.134.0/24 :0 * IPEXTERNAL ?? 62.188.134.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 7Oct2001: Blocking virtgame.com - numerous "authentication codes" # 130.94.121.0/29 :0 * IPEXTERNAL ?? 130.94.121.(([0-9])|(1[0-5])) { EXITCODE=77 :0 | ${UCE} } # # 27Jul2002: .tw hinet spam # 163.29.0.0/16 :0 * IPEXTERNAL ?? 163.29.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 17Jul2002: .cl - spam # 164.77.32.0..255.255 :0 * IPEXTERNAL ?? 164.77.((3[2-9])|([4-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 31Oct2001: Blocking "Singapore Telco" # 165.21.0.0/16 :0 * IPEXTERNAL ?? 165.21.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 28Sep2002: .kr # 168.126.0.0/16 :0 * IPEXTERNAL ?? 168.126.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 27Nov2002: Telefonica de Argentina # 168.226.0.0/16 :0 * IPEXTERNAL ?? 168.226.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 24Jul2002: Universidad Centroamericana .sv spam # 168.243.0.0/16 :0 * IPEXTERNAL ?? 168.243.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 18Jul2002: CNET - spam # 206.16.0.0/22 :0 * IPEXTERNAL ?? 206.16.[0-7].(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 13Dec2002: verizon spam # 11Jul2003: unblocked because somebody valid is at 206.46.170.106 # 206.46.170.0/24 # :0 # * IPEXTERNAL ?? 206.46.170.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) # { # EXITCODE=77 # :0 # | ${UCE} # } # # 7Oct2001: Blocking single IP - french domain spamming US email mktg. # 206.49.157.36/32 :0 * IPEXTERNAL ?? 206.49.157.36 { EXITCODE=77 :0 | ${UCE} } # # 25Oct2001: Blocking "Admin Nacional de Tele..." adinet.com.uy # 206.99.44.0/24 # 206.99.54.0/24 :0 * IPEXTERNAL ?? 206.99.(4|5)4.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 12Aug2002: Blocking The Global Tap Corp for starlinehosting.com spam # 206.104.238.0/24 :0 * IPEXTERNAL ?? 206.104.238.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 8Oct2001: Blocking "romaintic-sex.com" domain # 206.135.90.((146)|(15(1|2))) :0 * IPEXTERNAL ?? 206.135.90.((146)|(15(1|2))) { EXITCODE=77 :0 | ${UCE} } # # 5Oct2001: Blocking "unknown" mail server from kidstuff.com # 206.150.208.231 :0 * IPEXTERNAL ?? 206.150.208.231 { EXITCODE=77 :0 | ${UCE} } # # 16Jul2002: Forget fighting the subblocks - block the entire /16 # 200.40.0.0/16 :0 * IPEXTERNAL ?? 200.40.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 11Jul2002: .ar spam # 200.45.191.0/24 :0 * IPEXTERNAL ?? 200.45.191.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 23Jul2002: .mx block # 200.53.64.0/23 :0 * IPEXTERNAL ?? 200.53.6(4|5).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 3Aug2002: .uy block # 200.60.133.0/24 :0 * IPEXTERNAL ?? 200.60.133.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 17Jul2002: .ar block # 200.63.0.0/16 :0 * IPEXTERNAL ?? 200.63.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 16Jul2002: Uninet S.A. - .mx spam # 200.67.0.0/16 :0 * IPEXTERNAL ?? 200.67.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 16Jul2002: NSS S.A. - .ar spam # 200.69.0.0/16 :0 * IPEXTERNAL ?? 200.69.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 15Jul2002: sex spam from Chile # 200.72.0.0..223.255 :0 * IPEXTERNAL ?? 200.72.(([0-9])|([0-9][0-9])|(1[0-9][0-9])|(2(((0|1)[0-9])|(2[0-3])))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 12Jul2002: Blocking Brazil # 200.158.0.0/17 # 200.161.0.0/16 # 200.177.0.0/16 # 200.176.0.0/16 :0 * IPEXTERNAL ?? 200.((158.(([0-9])|([0-9][0-9])|(1[0-1][0-9])|(12[0-7])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (1(61|76|77).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))) { EXITCODE=77 :0 | ${UCE} } # # 14Jul2002: Blocking Brazil # 200.207.0.0/17 :0 * IPEXTERNAL ?? 200.207.(([0-9])|([0-9][0-9])|(1[0-1][0-9])|(12[0-7])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 15Jul2002: Blocking Brazil # 200.204.0.0/16 # 200.225.0.0/16 # 200.231.0.0/16 .br, .pr # 200.248.0.0/16 :0 * IPEXTERNAL ?? 200.2((04)|(25)|(31)|(48)).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # 10Oct2001: Blocking "uol.com.br" # 200.246.5.102 # 200.230.198.82 :0 * IPEXTERNAL ?? ((200.246.5.102)|\ (200.230.198.82)) { EXITCODE=77 :0 | ${UCE} } # # 19Jul2002: Blocking Verado, Inc - toner cartridge spam # 64.78.146.0/24 :0 * IPEXTERNAL ?? 64.78.146.(([0-9])|([0-9][0-9])|((1|2)[[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 15Jul2002: Netgain Technology # 64.83.222.0/24 :0 * IPEXTERNAL ?? 64.83.222.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 6Oct2001: Blocking "cavecreek.net" from emailbucks.com # 64.38.192.0/18 (taken out 27-May-2003) # let in 64.38.207.77 == alibis.com # 63.209.159.0/25 (Level3) # This is a big block, but they are big spammers. Casino spam. :0 * IPEXTERNAL ?? (63.209.159.(([0-9])|([0-9][0-9])|(1[0-1][0-9])|(12[0-7]))) # (64.38.((19[2-9])|(2[0-5][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ { EXITCODE=77 :0 | ${UCE} } # # 19Jul2002: .uy spam # 207.3.112.0/20 :0 * IPEXTERNAL ?? 207.3.1((1[2-9])|(2[0-7])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 10Oct2002: cnn.com news alerts # 207.25.80.0/24 :0 * IPEXTERNAL ?? 207.25.80.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 6Oct2001: Blocking "TrackingSoft LLC" from interferenza.net # 207.65.74.0/24 :0 * IPEXTERNAL ?? 207.65.74.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 21Aug2002: some .jo email list # 194.165.142.0/24 :0 * IPEXTERNAL ?? 194.165.142.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 22Jul2005: spam # 213.100.28.0/24 :0 * IPEXTERNAL ?? 213.100.28.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 27Jul2005: spam # 81.211.64.0/24 :0 * IPEXTERNAL ?? 81.211.64.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 28Jul2005: spam # 81.156.228.0/24 :0 * IPEXTERNAL ?? 81.156.228.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 27Jul2005: spam # 81.211.64.0/24 :0 * IPEXTERNAL ?? 81.211.64.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 26Jul2005: spam # 70.106.86.0/24 :0 * IPEXTERNAL ?? 70.106.86.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 22Jul2005: spam # 83.22.255.0/24 :0 * IPEXTERNAL ?? 83.22.255.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 15Nov2005: spam from .jp # 220.221.87.0/24 :0 * IPEXTERNAL ?? 220.221.87.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 22Jun2005: somebody forging fastlink.com email trying to phish passwords # 194.165.145.0/24 # 194.165.155.0/24 :0 * IPEXTERNAL ?? 194.165.1(4|5)5.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 24Jun2005: somebody forging fastlink.com email trying to phish passwords # 59.167.35.71 # 61.8.32.0/24 # 61.8.34.0/24 # 61.8.43.0/24 # 61.8.46.0/24 # 62.215.248.0/24 # 64.19.111.0/24 # 70.107.11.0/24 # 82.55.102.0/24 # 83.110.168.0/24 # 84.235.37.0/24 # 86.108.20.227 # 151.203.114.0/24 # 193.188.95.0/24 # 212.38.145.0/24 # 212.38.147.0/24 # 213.186.0.0/16 # 217.15.18.0/24 :0 * IPEXTERNAL ?? (59.167.35.71)|(61.8.[3[2|4]|4[2|6]].(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (64.19.111.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (62.215.248.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (193.188.95.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (70.107.11.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (82.55.102.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (83.110.168.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (84.235.37.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (86.108.20.227)|\ (151.203.114.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (212.38.145.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (212.38.147.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (213.186.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (217.15.18.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))) { EXITCODE=77 :0 | ${UCE} } # # 23Nov2005: fbi.gov, cia.com virus # 80.90.167.0/22, 212.118.0.0/16, 212.38.133.117 221.168.138.148 # 86.108.21.16 212.35.73.45 144.131.135.134 86.96.172.0/24 86.108.14.39 :0 * IPEXTERNAL ?? (80.90.1((6[7-9])|(70)).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (212.118.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (212.38.133.117)|(221.168.138.148)|(66.56.94.235)|(67.181.171.124)|\ (208.5.197.185)|(212.35.74.198)|(86.108.21.16)|\ (212.35.73.45)|(144.131.135.134)|(86.96.195.81)|\ (86.96.172.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (86.108.14.39) { EXITCODE=77 :0 | ${UCE} } # # 13Dec2005: some .tw spam # 203.67.158.0/24 :0 * IPEXTERNAL ?? 203.67.158.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 08Dec2002: some .de spam, uunet.de space # 194.172.110.0/23 :0 * IPEXTERNAL ?? 194.172.11(0|1).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 27Dec2005: some .uy spam # 200.125.9.0/24 :0 * IPEXTERNAL ?? 200.125.9.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 05Dec2005: spam # 60.47.195.128 & 62.42.68.206 :0 * IPEXTERNAL ?? ((60.47.195.128)|(62.42.68.206)) { EXITCODE=77 :0 | ${UCE} } # # 06Dec2005: paypal scam spam # 68.111.43.212 83.103.76.255 193.231.120.240 :0 * IPEXTERNAL ?? ((68.111.43.212)|(83.103.76.255)|(193.231.120.240)) { EXITCODE=77 :0 | ${UCE} } # # 23Jul2002: Merchantile Sistemi - .it spam # 194.184.59.0/24 :0 * IPEXTERNAL ?? 194.184.59.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 14Jul2002: Block - spam-l reported # 194.198.208.0/24 :0 * IPEXTERNAL ?? 194.198.208.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 06Dec2005: dildo spam # 194.165.98.0/24 :0 * IPEXTERNAL ?? 194.165.98.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 30Nov2002: Demon Internet .uk spam # 194.217.242.0/24 :0 * IPEXTERNAL ?? 194.217.242.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 24Apr2003: spam newsletters .cy # 195.14.133.0/24 :0 * IPEXTERNAL ?? 195.14.133.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 15Jul2002: Block Panda Software - .es # 195.55.170.0/23 :0 * IPEXTERNAL ?? 195.55.17(0|1).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 13Aug2002: D0nbass Regional Information System, .ua spam # 195.58.228.0/22 :0 * IPEXTERNAL ?? 195.58.2((2(8|9))|(3(0|1))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 05Dec2002: spammer # 195.65.255.0/24 :0 * IPEXTERNAL ?? 195.65.255.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 16Aug2002: ringtones.com (and 412 domains registered to 195.82.119.102!) # 195.82.119.0/24 :0 * IPEXTERNAL ?? 195.82.119.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 10Oct2002: "ovum uk" # 195.110.87.0/24 :0 * IPEXTERNAL ?? 195.110.87.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 15Jul2002: Block Support Net - Netherlands for redlightmail spam # 195.114.228.0/22 :0 * IPEXTERNAL ?? 195.114.2((2(8|9))|(3(0|1))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 20Feb2003: .ru spam promoting geocities website # 195.133.149.0/24 :0 * IPEXTERNAL ?? 195.133.149.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 2Aug2002: maktoob.net spam # 195.172.126.0/24 :0 * IPEXTERNAL ?? 195.172.126.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 18Jul2002: Netsurvey Bolinder AB - .se # 195.178.190.0/24 :0 * IPEXTERNAL ?? 195.178.190.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 16Oct2002: .kw (Kwait) spam # 195.226.227.0/24 :0 * IPEXTERNAL ?? 195.226.227.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 16Jul2002: .ru spam # 195.239.67.0/24 :0 * IPEXTERNAL ?? 195.239.67.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 26Jul2002: .cz,.it spam # 195.250.0.0/16 :0 * IPEXTERNAL ?? 195.250.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 6Oct2001: Blocking "Heath Lambert Group" spammer. # 194.205.96.224/27 :0 * IPEXTERNAL ?? 194.205.96.2((2[4-9])|([3-5])([0-9])) { EXITCODE=77 :0 | ${UCE} } # # 6Aug2002: .uk spam in link information technology # 194.205.217.224/27 :0 * IPEXTERNAL ?? 194.205.96.2((2[4-9])|([3-5])([0-9])) { EXITCODE=77 :0 | ${UCE} } # # 15Jul2002: herpipo s.l. - .es spam # 194.224.50.0/23 :0 * IPEXTERNAL ?? 194.224.5(0|1).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 18Jul2002: .ca dialups # 134.22.64.0/24 :0 * IPEXTERNAL ?? 134.22.64.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 9Aug2002: eserverhost.com spam # 139.81.32.0/24 :0 * IPEXTERNAL ?? 139.81.32.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 30Jul2002: Telestra, .au spam, bigpond.com # 139.134.0.0/16 :0 * IPEXTERNAL ?? 139.134.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 7Oct2001: Blocking talkcity.com # 206.112.100.64/26 :0 * IPEXTERNAL ?? 206.112.100.((6[4-9])|([7-9][0-9])|(1[0-1][0-9])|(12[0-7])) { EXITCODE=77 :0 | ${UCE} } # # 15Aug2002: some email list spam inside "hooked Inc" # 206.169.246.0/24 :0 * IPEXTERNAL ?? 206.169.246.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 06Dec2002: scientific instruments - inside verio # 206.184.231.0/24 :0 * IPEXTERNAL ?? 206.184.231.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 16Aug2002: PPPoX block - spam # 64.109.1.0/24 :0 * IPEXTERNAL ?? 64.109.1.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 12Jul2002: Blocking sex spam # 64.119.202.0/24 :0 * IPEXTERNAL ?? 64.119.202.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 7Oct2001: Blocking "freesex.net" inside city-guide.com. # 64.159.95.252 :0 * IPEXTERNAL ?? 64.159.95.252 { EXITCODE=77 :0 | ${UCE} } # # 7Oct2001: Blocking "paltalk.com" # 199.106.211.55 :0 * IPEXTERNAL ?? 199.106.211.55 { EXITCODE=77 :0 | ${UCE} } # # 15Jul2002: Blocking Bradford & Reed, Inc. for mailbits.com spam # 199.106.236.0/22 # 209.117.250.0/24 :0 * IPEXTERNAL ?? ((199.106.23([6-9]).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (209.117.250.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))) { EXITCODE=77 :0 | ${UCE} } # # 15Jul2002: Blocking mtvi.com spam # 199.107.184.0/24 :0 * IPEXTERNAL ?? 199.107.184.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 14Aug2002: 2000greetings.com spam # 199.218.5.0/24 :0 * IPEXTERNAL ?? 199.218.5.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 1Nov2001: Blocking luckysurf.com email server. Sits on Level3. # 64.156.212.0/24 # 64.211.251.0/24 :0 * IPEXTERNAL ?? (64.156.212.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (64.211.251.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))) { EXITCODE=77 :0 | ${UCE} } # # 15Jul2002: More level3 spam dailyripple.com # 64.156.187.0/24 :0 * IPEXTERNAL ?? 64.156.187.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 8Oct2001: Blocking pornmail.com email server. Sits on Level3. # 64.156.213.55 :0 * IPEXTERNAL ?? 64.156.213.55 { EXITCODE=77 :0 | ${UCE} } # # 29Jul2002: Blocking sf adsl in SBC space # 64.162.50.56/29 :0 * IPEXTERNAL ?? 64.162.50.((5[6-9])|(6[0-3])) { EXITCODE=77 :0 | ${UCE} } # # 19Feb2003: arabia spam, continues despite reporting # 64.191.4.0/24 :0 * IPEXTERNAL ?? 64.191.4.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 14Jul2002: Blocking section of dialtone internet - spam. # 64.239.102.0/24 :0 * IPEXTERNAL ?? 64.239.102.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 30Oct2002: some spammer in dialtone internet # 64.239.105.0/24 :0 * IPEXTERNAL ?? 64.239.105.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 1Aug2002: EV1 - known spammer # 64.246.0.0/16 :0 * IPEXTERNAL ?? 64.246.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 16Jul2002: Block part of Infolink Communications because of spam # 64.251.0.0/19 :0 * IPEXTERNAL ?? 64.251.(([0-9])|((1|2)[0-9])|(3(0|1))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 9Aug2002: new spam block as reported in spam-l # 64.253.199.0/24 :0 * IPEXTERNAL ?? 64.253.199.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 8Oct2001: Blocking lifeminders.com email server. Sits on PSINET. # 38.202.37.197 :0 * IPEXTERNAL ?? 38.202.37.197 { EXITCODE=77 :0 | ${UCE} } # # 11Jul2002: dailydepot.com # 198.64.133.0/24 :0 * IPEXTERNAL ?? 198.64.133.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 16Jul2002: S&S Computers - virus spam addressed to and from fastlink.com # 198.67.8.0/24 :0 * IPEXTERNAL ?? 198.67.8.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 30Aug2002: gpmnet.com (GlobalPoint Media) spam # 198.92.251.0/24 :0 * IPEXTERNAL ?? 198.92.251.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 12Jul2002: opinionsurveys.com # 198.172.112.0/20 :0 * IPEXTERNAL ?? 198.172.1((1[2-9])|(2[0-7])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 16Jul2002: funk software spam # 198.186.160.0/24 :0 * IPEXTERNAL ?? 198.186.160.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 11Oct2001: Blocking "Bid Or Buy, Inc" Australian netblock. # 209.207.168.199 :0 * IPEXTERNAL ?? 209.207.168.199 { EXITCODE=77 :0 | ${UCE} } # # 15Jul2002: real networks - spam # 209.210.138.0/24 :0 * IPEXTERNAL ?? 209.210.138.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 16Jul2002: .th block for sex spam # 202.29.80.0/23 :0 * IPEXTERNAL ?? 202.29.8(0|1).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 27Jul2002: .in block for sex spam # 202.54.6.0/24 :0 * IPEXTERNAL ?? 202.54.6.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 11Oct2001: Blocking sex site within australianhosting.net netblock. # 202.56.32.0/20 :0 * IPEXTERNAL ?? 202.56.((3[2-9])|((4|5)[0-9])|(6[0-3])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 25Oct2001: Blocking "Hostworks" netblock because of ticketek newsletters # 202.58.32.0/20 :0 * IPEXTERNAL ?? 202.58.((3[2-9])|((4|5)[0-9])|(6[0-3])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 23Jul2002: .hk spam # 202.66.0.0/16 :0 * IPEXTERNAL ?? 202.66.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 25Sep2002: .au education spam # 202.71.175.0/24 :0 * IPEXTERNAL ?? 202.71.175.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 31Jul2002: .hk spam - salon multimedia centre # 202.84.237.0/24 :0 * IPEXTERNAL ?? 202.84.237.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 21Aug2002: Quantum Internet - shopfast.com.au spam # 202.92.112.0/24 :0 * IPEXTERNAL ?? 202.92.112.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 7Aug2002: More .cn "international drivers license" # 202.98.192/19 :0 * IPEXTERNAL ?? 202.98.((19[2-9])|(2(((0|1)[0-9]))|(2[0-3]))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 08Dec2002: HGH spam coming from here # 202.99.192.0/19 :0 * IPEXTERNAL ?? 202.99.((19[2-9])|(2(((0|1)[0-9]))|(2[0-3]))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 15Jul2002: Blocking a home loan spam block in China # 202.105.0.0/16 # 202.110.0.0/16 :0 * IPEXTERNAL ?? 202.1((05)|(10)).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 29Jul2002: ilink.net in .hk # 202.123.212.0/24 :0 * IPEXTERNAL ?? 202.123.212.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 12Aug2002: Eastern Telecoms Phils - spam # 202.164.160.0/19 :0 * IPEXTERNAL ?? 202.164.1(([6-8][0-9])|(9(0|1))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 5Oct2001: Blocking a home loan spam from a Malasian netblock # 202.188.63.192/28 :0 * IPEXTERNAL ?? 202.188.63.((19[2-9])|(2((0|1)[0-9])|(2[0-3]))) { EXITCODE=77 :0 | ${UCE} } # # 24Jul2002: apnic spam # 203.129.240.0/22 :0 * IPEXTERNAL ?? 203.129.24[0-3].(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 15Jul2002: Blocking msn.com mobile confirmation number spam # 207.68.174.0/24 # 207.68.162.0/24 hotmail spanish spam :0 * IPEXTERNAL ?? 207.68.1(62|74).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 27Jul2002: block msn.com for uce newsletter # 207.82.250.0/24 :0 * IPEXTERNAL ?? 207.82.250.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 29Oct2002: XO communications block # 207.88.179.0/24 :0 * IPEXTERNAL ?? 207.88.179.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 11Oct2001: Blocking macromedia.com - hosted by concentric.net # 207.88.221.26 :0 * IPEXTERNAL ?? 207.88.221.26 { EXITCODE=77 :0 | ${UCE} } # # 17Jul2002: Mostly .cn and hong kong blocks, apnic # 210.0.0.0/8 :0 * IPEXTERNAL ?? 210.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 15Jul2002: some Korea, japan, china namespace # 211.0.0.0/8 :0 * IPEXTERNAL ?? 211.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 28Jul2005: account security spoofs # 212.38.143.0/24 :0 * IPEXTERNAL ?? 212.38.143.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 11Oct2001: Spam from "Galactica.it" netblock # 212.41.208.0/24 :0 * IPEXTERNAL ?? 212.41.208.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 11Aug2002: .ee spam # 212.47.216.0/21 :0 * IPEXTERNAL ?? 212.47.2((1[6-9])|(2[0-3])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 11Dec2002: some "we want to buy your company" spam # 212.51.61.0/24 :0 * IPEXTERNAL ?? 212.51.61.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 8Aug2002: .ru spam # 212.57.128.0/18 :0 * IPEXTERNAL ?? 212.57.1((2(8|9))|([3-8][0-9])|(9(0|1))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 04Sep2002: .cz spam # 212.71.128.0/18 :0 * IPEXTERNAL ?? 212.71.1((2(8|9))|([3-8][0-9])|(9(0|1))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 7Aug2002: .es spam # 212.80.128.0/24 :0 * IPEXTERNAL ?? 212.80.128.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 27Jul2002: .gb freeserv block # 212.100.96.0/24 :0 * IPEXTERNAL ?? 212.100.96.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 04Dec2002: .nl home dsl spam # 212.120.0.0/16 :0 * IPEXTERNAL ?? 212.120.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 10Oct2002: .ru spam # 212.122.0.0/16 :0 * IPEXTERNAL ?? 212.122.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 28Sep2002: .it spam # 212.131.0.0/16 :0 * IPEXTERNAL ?? 212.131.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 4Aug2002: .pl spam # 212.160.0.0/16 :0 * IPEXTERNAL ?? 212.160.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 28Jul2002: .de spam # 212.162.12.0/24 :0 * IPEXTERNAL ?? 212.162.12.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 15Jul2002: online pharmacy spam # 212.185.119.0/24 :0 * IPEXTERNAL ?? 212.185.119.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 06Dec2002: israel spam, goldenlines.net.il # 212.199.195.0/24 :0 * IPEXTERNAL ?? 212.199.195.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 6Oct2001: Blocking "Click Precision, S.A." - unconf. opt-in newsletter # 212.239.56.24/29 :0 * IPEXTERNAL ?? 212.239.56.((2[4-9])|(3([0-1]))) { EXITCODE=77 :0 | ${UCE} } # # 15Jul2002: .it spam # 212.210.234.0/24 :0 * IPEXTERNAL ?? 212.210.234.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 12Oct2001: Blocking Brazilian block because of easysex # 200.251.139.0/24 :0 * IPEXTERNAL ?? 200.251.139.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 7-Feb-2003: spammer myvirtualdeals.com # 65.61.189.0/24 :0 * IPEXTERNAL ?? 65.61.189.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 14Oct2001: Blocking Broadwing dialup netblock (Broadwing spam, et al) # 65.88.144.0/20 :0 * IPEXTERNAL ?? 65.88.1((4[4-9])|(5(0|1))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 17Jul2002: Adanced Photo Marketing, .au spam # 24Jul2002: Expanding to all of globix # 209.10.0.0/15 :0 * IPEXTERNAL ?? 209.1(0|1).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 15Oct2001: Blocking crushlink, in rackspace.com's space. # 6Aug2002: Try removing it. # 209.61.154.0/24 # 209.61.191.57, 209.61.155.23 #:0 #* IPEXTERNAL ?? ((209.61.154.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ #(209.61.191.57)|(209.61.155.23)) #{ # EXITCODE=77 # :0 # | ${UCE} #} # # 25Oct2001: Blocking "E-centives" # 209.67.193.160/28 # But also blocks efax.com (arrgh!) 207.213.246 :0 * IPEXTERNAL ?? 209.67.193.1((6[0-9])|(7[0-5])) { EXITCODE=77 :0 | ${UCE} } # # 14Aug2002: block SMB Productions - sex spam # 209.76.164.0/24 :0 * IPEXTERNAL ?? 209.76.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 19Aug2002: block elink communications for spam and nanas posts # 209.83.168.0/23 :0 * IPEXTERNAL ?? 209.83.16(8|9).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 5Aug2002: block "suite500" in costa mesa for ad360.com spam # 209.87.144.0/20 :0 * IPEXTERNAL ?? 209.87.1((4[4-9])|(5[0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 15Oct2001: Blocking sex-central.net, and huge genuity.net block # 4.0.0.0/8 # Unfortunately, it blocks spamcop.net too! Trying sending a # complaint to genuity about their false DNS record. # :0 # * IPEXTERNAL ?? 4.[0-9]+ # { # EXITCODE=77 # :0 # | ${UCE} # } # # 16Oct2001: Blocking "twistedhumor.com" inside cybercon.com # 216.15.191.128/27 # 66.77.58.0/24 :0 * IPEXTERNAL ?? (216.15.191.1((2(8|9))|((3|4|5)[0-9]))|\ (66.77.58.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))) { EXITCODE=77 :0 | ${UCE} } # # 12Nov2002: spanish spammer # 208.147.179.0/24 :0 * IPEXTERNAL ?? 208.147.179.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 16Oct2001: Blocking "MessageMedia" inside inflow.com (mm0.com) # 208.169.22.0/23 :0 * IPEXTERNAL ?? 208.169.2(2|3).[0-9]+ { EXITCODE=77 :0 | ${UCE} } # # 15Jul2002: sex spam # 208.179.229.0/24 :0 * IPEXTERNAL ?? 208.169.229.[0-9]+ { EXITCODE=77 :0 | ${UCE} } # # 7Feb2003: remarkablehost.com # 208.186.168.0/24 :0 * IPEXTERNAL ?? 208.186.168.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 21Aug2002: bell dialup pool in plano, tx # 208.188.22.0/23 :0 * IPEXTERNAL ?? 208.188.2(2|3).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 29Aug2002: mail list spam # 208.179.229.0/24 :0 * IPEXTERNAL ?? 208.179.229.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 04Sep2002: probable new spammer # 208.214.22.0/24 :0 * IPEXTERNAL ?? 208.214.22.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 31Jul2002: Prime Tel advertising - on spews level2 list # 208.236.8.0/22 :0 * IPEXTERNAL ?? 208.236.(8|9|1(0|1)).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 5Aug2002: Expanded "Internet Connect" to their entire block # 208.244.152.0/20 :0 * IPEXTERNAL ?? 208.244.15[2-9].(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 27Jul2002: mortgage spam # 208.248.234.16/28 :0 * IPEXTERNAL ?? 208.248.234.((1[6-9])|(2[0-9])|(3(0|1))) { EXITCODE=77 :0 | ${UCE} } # # 5Aug2002: Blocking Vivendi/Universal-Flipside - spamming iwin.com also # 208.254.63.0/24 :0 * IPEXTERNAL ?? 208.254.63.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 5Oct2001: Blocking # 208.254.222.6 mail1.roi1.net (Preapproved Visa card) :0 * IPEXTERNAL ?? 208.254.222.6 { EXITCODE=77 :0 | ${UCE} } # # 16Oct2001: Blocking "angelfire dispatch" inside lycos.com # 209.202.225.101 # 209.202.225.108 more spam 23Jul2002 :0 * IPEXTERNAL ?? 209.202.225.10(1|8) { EXITCODE=77 :0 | ${UCE} } # # 28Jul2002: chewy.com - bargaindog.com spam # 66.28.231.0/24 # 63.123.235.0/24 :0 * IPEXTERNAL ?? 6((6.28.231.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))|\ (3.123.235.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))) { EXITCODE=77 :0 | ${UCE} } # # 17Oct2001: Blocking "IME Publishing" for sex adverts. # 66.40.57.0/24 :0 * IPEXTERNAL ?? 66.40.57.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 17Jul2002: azogle spam in .ca space # 66.46.150.0/24 :0 * IPEXTERNAL ?? 66.46.150.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 20Nov2002: .uy spam in Global Crossing space # 67.17.0.0/20 :0 * IPEXTERNAL ?? 67.17.(([0-9])|(1[0-5])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 9Aug2002: PPoX SBC in Plano, TX # 67.38.0.0/20 # Blocks bugtraq at 66.38.151.19, .27 # :0 # * IPEXTERNAL ?? 66.38.(([0-9])|(1[0-5])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) # { # EXITCODE=77 # :0 # | ${UCE} # } # # 24Jul2003: lists.superoffers.net listserver spam # 204.0.142.0/24 :0 * IPEXTERNAL ?? 204.0.143.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 17Oct2001: Blocking "Link Exchange" listbuilder.com # 204.71.191.0/24 :0 * IPEXTERNAL ?? 204.71.191.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 9Aug2002: iceweb.net spam # 204.97.4.0/24 :0 * IPEXTERNAL ?? 204.97.4.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 6Aug2002: dump attbi.com into block - clueless users # 204.127.198.0/24 :0 * IPEXTERNAL ?? 204.127.198.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 25Jul2002: wizcom.com mortgage spam # 204.152.143.0/24 :0 * IPEXTERNAL ?? 204.152.143.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 25Jul2002: exodus space spam - starwave corp # 204.202.128.0/20 :0 * IPEXTERNAL ?? 204.202.1((2(8|9))|(3[0-9])|(4[0-3])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 4Oct2001: Blocking "Double Click" netblock for launch.2clk.net # 204.253.104.0/23 :0 * IPEXTERNAL ?? 204.253.10[4-5].(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 15Jul2002: patuxent publishing - sex spam ai.net # 205.134.172.0/24 :0 * IPEXTERNAL ?? 205.134.172.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 18Apr2003: cm02.net bulk emailer # 205.149.143.0/24 :0 * IPEXTERNAL ?? 205.149.143.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 17Oct2001: Blocking "Quantum Computer Services" myownemail.com # 207.51.255.192/27 :0 * IPEXTERNAL ?? 207.51.192.((19[2-9])|(2(((0|1)[0-9])|(2[0-3])))) { EXITCODE=77 :0 | ${UCE} } # # 18Oct2001: Blocking "global hyperlink" sex mail # 209.202.80.0/23 :0 * IPEXTERNAL ?? 209.202.8(0|1).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 8Aug2002: block inglesa.net for spam with "atomicDOT" tracer in it # 209.234.155.0/24 :0 * IPEXTERNAL ?? 209.234.155.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 19Oct2001: Blocking "bventure-net" monographias newsletter # 212.239.17.0/24 :0 * IPEXTERNAL ?? 212.239.17.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 03Nov2005: # 220.116.204.0/24 :0 * IPEXTERNAL ?? 220.116.204.((0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 14Jul2005: # 212.70.52.0/24 :0 * IPEXTERNAL ?? 212.70.52.((0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 31Oct2005: spam # 222.172.145.0/24 :0 * IPEXTERNAL ?? 212.172.145.((0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 03Nov2005: spam from pandasoftware.es # 212.170.234.0/24 :0 * IPEXTERNAL ?? 212.170.234.((0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 03Nov2005: spam # 222.50.101.0/24 :0 * IPEXTERNAL ?? 222.50.101.((0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 03Nov2005: spam # 219.157.219.0/24 :0 * IPEXTERNAL ?? 219.157.219.((0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 03Nov2005: spam # 61.51.127.0/24 :0 * IPEXTERNAL ?? 61.51.127.((0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 19Jul2005: # 83.112.82.0/24 :0 * IPEXTERNAL ?? 83.112.82.((0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 20Jul2005: # 58.35.93.0/24 :0 * IPEXTERNAL ?? 58.35.93.((0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 28Sep2002: .my spam # 219.92.0.0/15 :0 * IPEXTERNAL ?? 219.9(2|3).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 24Jul2002: korea .kr # 219.240.0.0/15 :0 * IPEXTERNAL ?? 219.24(0|1).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 28Oct2001: Blocking "ION Entertainment" for sexrave.com # 4.19.93.128/25 :0 * IPEXTERNAL ?? 4.19.93.(((12[8-9])|(1[3-9][0-9]))|(2[0-5][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 23Jul2002: Blocking "OCDD Data" sex spam # 4.38.38.0/24 :0 * IPEXTERNAL ?? 4.38.38.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 31Oct2001: Blocking austrialian microsoft newsletters # 207.46.239.0/24 :0 * IPEXTERNAL ?? 207.46.239.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 11Nov2002: "AppliedTheory Communications" - humornetwork.com spam - sprint # 207.127.97.0/24 # Note: Sun forum is at 207.127.128.64 so be careful about expanding this block :0 * IPEXTERNAL ?? 207.127.97.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 25Jul2002: look communications - .ca spam # 207.136.64.0/18 :0 * IPEXTERNAL ?? 207.136.((6[4-9])|([7-9][0-9])|(1(((0|1)[0-9])|(2[0-7])))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 28Mar2003 Monster Pipes - wael_fakry@arabia.com spam # 207.142.132.0/24 :0 * IPEXTERNAL ?? 207.142.132.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 31Aug2002: toner cart spam # 207.158.132.0/24 :0 * IPEXTERNAL ?? 207.158.132.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 16Oct2002: spam from gamespy industries # 207.38.0.0/23 :0 * IPEXTERNAL ?? 207.38.(0|1).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 18Jul2002: spam inside att.ca space # 207.245.11.218 :0 * IPEXTERNAL ?? 207.245.11.218 { EXITCODE=77 :0 | ${UCE} } # # 15Jul2002: Blocking "Premire Technology" for 3G Wireless spam # 205.183.255.0/24 # Taking out - filters news.randori.com 209.155.82.53 :0 * IPEXTERNAL ?? 205.183.255.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 15Jul2002: Blocking eisners - loan spam # 205.238.220.0/24 :0 * IPEXTERNAL ?? 209.238.220.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 16Jul2002: Blocking ciberlynx # 205.244.68.0/22 # 205.244.94.0/23 :0 * IPEXTERNAL ?? 209.244.((6(8|9))|(7(0|1))|(9(4|5))).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 9Aug2002: direct-to-MX spam from .ar # 209.13.0.0/16 :0 * IPEXTERNAL ?? 209.13.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 30Oct2001: Blocking "etracks.com" etracks.com # 209.19.106.0/24 :0 * IPEXTERNAL ?? 209.19.106.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 16Nov2001: Blocking "Net Atlantic" spammmer relay.netatlantic.com # 140.239.165.176/28 # 209.113.172/24 :0 * IPEXTERNAL ?? (140.239.165.((17[6-9])|(18[0-9])|(19(0|1))))|\ (209.113.172.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9]))) { EXITCODE=77 :0 | ${UCE} } # # 20Aug2002: bluenile.com in level3 # 209.247.86.0/24 :0 * IPEXTERNAL ?? 209.247.86.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 09Oct2002: some foreign spam # 145.228.80.0/24 :0 * IPEXTERNAL ?? 145.228.80.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 28Jul2002: callnet - ontario .ca spam # 149.99.202.0/24 :0 * IPEXTERNAL ?? 149.99.202.(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])) { EXITCODE=77 :0 | ${UCE} } # # 04Feb2004: book spam # [66.81.51.243]) :0 * IPEXTERNAL ?? 66.81.51.243 { EXITCODE=77 :0 | ${UCE} } # # 11Jul2002: "Telstra Internet AU" bigpond.com spam # 144.135.0.0/16 # 144.137.0.0/16 # 144.139.0.0/16 # 144.140.0.0/16 :0 * IPEXTERNAL ?? 144.(\ (1((3(5|7|9))|(40)).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])).(([0-9])|([0-9][0-9])|((1|2)[0-9][0-9])))) { EXITCODE=77 :0 | ${UCE} } # # # VERBOSE=off # # First, dump these guys, as I've received too much junk # from them. :0 * ^From.+((civics@geocities\.com)|(hinet\.net\.au)|(xoom\.com)|(battleofthesexes\.com)|(Presidnt-d*@d-int-*\.com)|(tripod\.com)|(cdsid\.com\.br)|(clic\.net)|(mailxxxpress\.com)|(krycek\.emailpub\.com)|(hotgames\.com)|(Friend@public\.com)|(chatcity\.com\.au)|(telepolis\.com)|(netgate\.com\.uy)|(jbwere\.com\.au)|(JORGE\.PIGNATARO@ROCHE\.COM)).* { EXITCODE=77 :0c * < 60000 $HOME/mailbackup/rejected :0ic | "cd $HOME/mailbackup/rejected && rm \-f dummy `ls \-1t msg.* | sed \-e 1,80d`" :0 | ${UCE} } :0 * ^From.+((UNKNOWN)|(togglethis\.com)|(NARRAMEHEFACTUM@email\.msn\.com)|(dailydirt\.com)|(fgomez@conrad\.com\.uy)|(bluemountain\.com)|(sinectis\.com\.ar)|(DIGITALRIVER\.COM)|(askjasmine\.com)|(infobeat\.com)|(theglobe\.com)|(movinet\.com\.uy)|(netlife\.co\.ae)|(peacefire\.org)|(ringtone\.com)|(programacion@conciertofm.com)).* { EXITCODE=77 :0c * < 60000 $HOME/mailbackup/rejected :0ic | "cd $HOME/mailbackup/rejected && rm \-f dummy `ls \-1t msg.* | sed \-e 1,80d`" :0 | ${UCE} } # :0 * ^Subject.+((Virtual Flower Bouquet)|(WBS Newsletter)).* { EXITCODE=77 :0c * < 60000 $HOME/mailbackup/rejected :0ic | "cd $HOME/mailbackup/rejected && rm \-f dummy `ls \-1t msg.* | sed \-e 1,80d`" :0 | ${UCE} } # # Start archiving stuff that comes in. :0c: $HOME/mailbackup/all.email # # Allow some non-standard stuff in. # # 17-May-2005 SEP: I think I need to specifically assign $MAIL, # or it's set to blank in here. MAIL=/var/spool/mail/scottp :0w: procmail.lock * ^TO.*((craigslist.org)|(CMPLISTS\.CMP\.COM)|(MAILER-DAEMON)).* $MAIL # 10Aug2001: Trying not to bounce MAILER-DAEMON@rahul.net emails! :0w: procmail.lock * ^FROM_MAILER $MAIL :0: procmail.lock * ^Subject.+Windows NT.* $MAIL # 4-Dec-2002: Some spammer forging "From: admin@fastlink.com" and # the "To: " lines to various people, so I spam :( :0: * ()\/^From.+(admin@fastlink.com).* $MAIL # # Special pass rule; some of these people don't format # their messages properly. # :0: * ()\/^From.+((hos.com)|(niteowl)|(varbiz)|(Jantelope)|(tips@tipworld.com)|(art@tape.com)|(duncanetal)|(dawnie)|(support@rahul.net)|(scottp@rahul.net)|(MAILER-DAEMON@rahul.net)).* $MAIL :0: * ()\/^From:.+(support@rahul.net).* $MAIL :0 * ^X-Loop: auto-filter@fastlink.com /dev/null # # New, 2-22-98: Bounce email not addressed to spackard, sales, or info. # Mod, 17-Jul-2002: If it has a "from" (sales|spackard)@fastlink.com, then filter. :0: procmail.lock * !^FROM.*((mmaille@cartalk\.com)|(anchordesk@email\.zdlists\.com)|(listserv\.acura\.com)|(a2i)|(shelob.julianhaight.com)|(mozilla\.org)).* * !^TO.+((((admin|postmaster|webmaster|abuse|spam|development|spackard|hiscott|info|sales|talkback|scottp)\@fastlink.com)|(scottp@rahul.net)|ssharma|(anchordesk@EMAIL\.ZDLISTS\.COM)|cartalk\-pfn@fastlink.com)|(acuralist@listserv.acura.com)).* * !^Received:\/.+for \<(sales|admin|postmaster|webmaster|abuse|spam|development|spackard|hiscott|info|talkback|scottp)@fastlink.com\>.+ * !^Received:\/.+for \.+ { :0c * < 60000 $HOME/mailbackup/rejected :0ic | cd $HOME/mailbackup/rejected && rm \-f dummy `ls \-1t msg.* | sed \-e 1,80d` # :0c # | formail -bkcrt -A 'X-Loop: auto-filter@fastlink.com' -A 'X-foobar: foobar' \ # -i 'From:' -i 'X-Sender:' -i 'Received:' -i 'X-Return-Path:' \ # -i 'Content-Type:' -i 'Date:' \ # | perl -pi -e "s/^X-foobar: foobar/There's nobody by that name in the fastlink.com domain.\nYou probably meant to send this to fastlink.com.au, fastlink.net, or\nfastlink.com.jo.\nThis message has been automatically generated, though a human being did create it.\nRegards, Admin 001 /" \ # | perl -pi -e "s/^From:.*/From: admin\@fastlink.com/" \ # | /usr/sbin/sendmail :0 | ${UCE} } # # Last, keep the rest, as the "bounce" rule should have # filtered out all the non-packard email. :0c * < 60000 $HOME/mailbackup :0c | cd $HOME/mailbackup && rm \-f dummy `ls \-1t msg.* | sed \-e 1,80d` :0: procmail.lock /var/spool/mail/scottp