You can subscribe to this list here.
2006 |
Jan
(6) |
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
---|---|---|---|---|---|---|---|---|---|---|---|---|
2007 |
Jan
(1) |
Feb
(2) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2012 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
|
Dec
|
2017 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: j c. <jl...@ya...> - 2017-02-03 05:36:10
|
----- Forwarded Message ----- From: Thank_You_CVS <I09...@I0...> To: "jl...@ya..." <jl...@ya...> Sent: Thursday, February 2, 2017 4:09 PM Subject: CVS_Has_A_Suprise_For_You CVS reward Open immediately!!! |
From: Holly S. <gop...@ao...> - 2012-10-20 21:05:51
|
please post me gop...@ao... martin badger gop...@ao... |
From: Jon F. <re...@us...> - 2007-02-07 18:27:33
|
reflous 07/02/07 10:27:31 Modified: lib IPBlks.pm Log: bone headed mistake, left in some extra characters in front of some IP addresses Revision Changes Path 1.6 +4 -4 spam/lib/IPBlks.pm Index: IPBlks.pm =================================================================== RCS file: /cvsroot/spam/spam/lib/IPBlks.pm,v retrieving revision 1.5 retrieving revision 1.6 diff -u -w -r1.5 -r1.6 --- IPBlks.pm 7 Feb 2007 01:54:53 -0000 1.5 +++ IPBlks.pm 7 Feb 2007 18:27:31 -0000 1.6 @@ -110,10 +110,10 @@ 149.224.0.0/12 ripe 149.240.0.0/13 ripe 149.248.0.0/14 ripe -+150.1.0.0/16 apnic -+150.2.0.0/15 apnic -+150.4.0.0/14 apnic -+150.8.0.0/13 apnic +150.1.0.0/16 apnic +150.2.0.0/15 apnic +150.4.0.0/14 apnic +150.8.0.0/13 apnic 150.16.0.0/12 apnic 150.32.0.0/11 apnic 150.64.0.0/11 apnic |
From: Jon F. <re...@us...> - 2007-02-07 01:54:59
|
reflous 07/02/06 17:54:53 Modified: lib IPBlks.pm Log: Added a couple more IP ranges, most of them courtesy of paddy2706 Revision Changes Path 1.5 +36 -1 spam/lib/IPBlks.pm Index: IPBlks.pm =================================================================== RCS file: /cvsroot/spam/spam/lib/IPBlks.pm,v retrieving revision 1.4 retrieving revision 1.5 diff -u -w -r1.4 -r1.5 --- IPBlks.pm 5 Jan 2006 07:50:53 -0000 1.4 +++ IPBlks.pm 7 Feb 2007 01:54:53 -0000 1.5 @@ -79,10 +79,20 @@ # 0.0.0.0/2 arin # all other A classes are managed by ARIN ## The B class space is a mess :-( - something could still be missing ## I add here only netblocks allocated to multiple LIRs by the RIRs. +129.123.0.0/16 arin +130.33.0.0/16 arin +132.226.0.0/16 arin 133.0.0.0/8 whois.nic.ad.jp +134.168.0.0/16 arin +136.188.0.0/14 arin +136.192.0.0/14 arin +136.196.0.0/15 arin +138.243.0.0/16 apnic +139.7.0.0/16 ripe 139.20.0.0/14 ripe 139.24.0.0/14 ripe 139.28.0.0/15 ripe +139.105.0.0/16 ripe 141.0.0.0/10 ripe 141.64.0.0/12 ripe 141.80.0.0/14 ripe @@ -100,11 +110,29 @@ 149.224.0.0/12 ripe 149.240.0.0/13 ripe 149.248.0.0/14 ripe ++150.1.0.0/16 apnic ++150.2.0.0/15 apnic ++150.4.0.0/14 apnic ++150.8.0.0/13 apnic +150.16.0.0/12 apnic +150.32.0.0/11 apnic +150.64.0.0/11 apnic +150.96.0.0/14 apnic +150.98.0.0/15 whois.nic.ad.jp +150.100.0.0/15 apnic 150.254.0.0/16 ripe 151.0.0.0/10 ripe 151.64.0.0/11 ripe 151.96.0.0/14 ripe 151.100.0.0/16 ripe +156.130.0.0/16 arin +156.144.0.0/16 arin +157.36.0.0/16 apnic +157.64.0.0/12 apnic +157.80.0.0/15 apnic +157.82.0.0/16 apnic +158.149.0.0/16 ripe +159.143.0.0/16 arin 160.216.0.0/14 ripe 160.220.0.0/16 ripe 160.44.0.0/14 ripe @@ -115,9 +143,16 @@ 164.32.0.0/13 ripe 164.40.0.0/16 ripe 164.128.0.0/12 ripe +165.146.0.0/18 afrinic +168.158.0.0/16 arin 169.208.0.0/12 apnic +169.242.0.0/16 arin +170.251.0.0/16 arin 171.16.0.0/12 ripe 171.32.0.0/15 ripe +189.0.0.0/8 whois.lacnic.net +190.0.0.0/8 whois.lacnic.net +191.0.0.0/8 apnic ## The C class space is cleanly delegated and the data here should be complete 192.71.0.0/16 ripe 192.72.0.0/16 whois.seed.net.tw # NETBLK-SEED-NETS @@ -214,7 +249,7 @@ 211.192.0.0/10 whois.nic.or.kr # => 211.255.255.255 210.0.0.0/7 apnic 212.0.0.0/7 ripe -214.0.0.0/7 arin # DoD +214.0.0.0/8 arin # DoD 216.0.0.0/8 arin 217.0.0.0/8 ripe 218.216.0.0/13 apnic |
From: Jon F. <re...@us...> - 2007-01-31 00:17:05
|
reflous 07/01/30 16:16:21 Modified: . spam.pl Log: Enabled the $HOME/.spam/bad list (now if you put hosts in this file it'll actually not try to email those people) Revision Changes Path 1.25 +48 -9 spam/spam.pl Index: spam.pl =================================================================== RCS file: /cvsroot/spam/spam/spam.pl,v retrieving revision 1.24 retrieving revision 1.25 diff -u -w -r1.24 -r1.25 --- spam.pl 5 Jan 2006 07:52:03 -0000 1.24 +++ spam.pl 31 Jan 2007 00:16:21 -0000 1.25 @@ -36,6 +36,7 @@ use lib "$FindBin::Bin/lib"; use Whois qw(whois); use Net::DNS; +use Net::DNS::Resolver; use Net::SMTP; use Config::General; use Email::Simple; @@ -98,6 +99,7 @@ 'com.mx' => 1, 'com.sg' => 1, 'com.tw' => 1, + 'com.uy' => 1, 'idv.tw' => 1, 'js.cn' => 1, 'me.uk' => 1, @@ -147,6 +149,12 @@ print "## Parsing Header Information\n"; my $received_ips_array = &process_received_headers($mail); +if ($#{$received_ips_array} == -1) { + # This will always occur if 'filterreceived' is enabled and + # the users mailserver is not in ~/.spam/friend + print "No unfriendly hosts were found in the header. This cannot have been a spam!\n"; + exit; +} foreach my $ip (@$received_ips_array) { AddHost($ip); } @@ -167,10 +175,10 @@ } } -if ($#uniqlist == -1) { - print "No unfriendly hosts were found. This cannot have been a spam!\n"; - exit; -} +#if ($#uniqlist == -1) { +# print "No unfriendly hosts were found. This cannot have been a spam!\n"; +# exit; +#} # this is broken #my (@slist, $editor, $succ); @@ -721,6 +729,8 @@ if (is_friend($host)) { dbg("$host is friend, bailout!", 2); return; + } elsif (is_bouncer($host)) { + dbg("$host is bad, bailout!", 2); } # Deal with IP address @@ -740,6 +750,9 @@ if ( $reverse_lookup && is_friend($reverse_lookup) ) { dbg("$reverse_lookup is friend, bailout!", 2); return; + } elsif ( $reverse_lookup && is_bouncer($reverse_lookup) ) { + dbg("$reverse_lookup is bad, bailout!", 2); + return; } ## We are left with an unfriendly IP to process @@ -842,6 +855,22 @@ return 0; } +sub is_bouncer { + my $host = shift; + my $bouncer = ""; + + for (@bouncers) { + $bouncer = $_; + chomp $bouncer; + + if ($host =~ /$bouncer$/i) { + return 1; + } + } + + return 0; +} + ########################################################### # # IPWHOIS @@ -880,6 +909,9 @@ if (is_friend($fqdn)) { dbg("$fqdn is friend, bailout!", 2); next; + } elsif (is_bouncer($fqdn)) { + dbg("$fqdn is bad, bailout!", 2); + next; } AddHost($fqdn); @@ -1025,6 +1057,10 @@ \$HOME/.spam/friends should be a list with friendly domains that shouldn\'t receive complaints. Most likely your own site and other related ones. + \$HOME/.spam/bad should be a list with bad (bouncer) domains that shouldn\'t + receive complaints. Most likely a domain you've received nothing but bounces + from. + \$HOME/.spam/from should contain the From: email address of the complainer. \$HOME/.spam/addmailaddress should contain a list of all additional email @@ -1163,11 +1199,12 @@ my $line = $_; $line =~ s/\s+$//; next if ($line =~ /^\s*$/); + push(@bad, $line); } close(BAD); } else { - print "WARNING: You have no .spam/bad defined!\n"; + print "WARNING: You have no $spamdir/bad defined!\n"; print "WARNING: This may generate unnecessary bounces.\n"; open(BAD, ">$bad_file") or die; @@ -1178,7 +1215,7 @@ } if ($bad[0] eq "") { - print "WARNING: You have no bad domains entered in .spam/bad!\n"; + print "WARNING: You have no bad domains entered in $spamdir/bad!\n"; print "WARNING: This may generate unnecessary bounces!\n"; } @@ -1205,7 +1242,9 @@ if($domain =~ m{^[^.]+\.([^.]+\..+)}) { $domain = $1; } else { - die "Cannot lookup contacts for $domain"; +# die "Cannot lookup contacts for '$domain'"; + warn "Cannot lookup contacts for '$domain'"; + return undef; } } } @@ -1247,13 +1286,13 @@ # ns45.webmasters.com (207.142.134.201) is my mailserver, the spammer # is 211.161.102.142 - # This is what the config variable 'trustreceived' depends on + # This is what the config variable 'filterreceived' depends on my $friend_host = 0; if ($received[$i] =~ m/by (\D+\S*\.\w+)(?:\s+|$)/) { $friend_host++ if (is_friend($1)); } - next if ( (! $friend_host) && ($config{trustreceived}) ); + next if ( (! $friend_host) && ($config{filterreceived}) ); # extracting IP addresses while ( $received[$i] =~ s/[^A-Za-z0-9\.]($ip_regex)// ) { |
From: Jon F. <re...@us...> - 2006-03-02 05:33:04
|
reflous 06/03/01 21:33:01 Modified: lib Whois.pm Log: now utilizing the '+' toggle for arin, this returns more information in the whois information for arin lookups -- thanks to ygosset for pointing this out! Revision Changes Path 1.4 +8 -1 spam/lib/Whois.pm Index: Whois.pm =================================================================== RCS file: /cvsroot/spam/spam/lib/Whois.pm,v retrieving revision 1.3 retrieving revision 1.4 diff -u -w -r1.3 -r1.4 --- Whois.pm 29 Dec 2005 15:53:00 -0000 1.3 +++ Whois.pm 2 Mar 2006 05:33:01 -0000 1.4 @@ -46,6 +46,13 @@ warn "Couldn\'t determine correct whois server for $args{query}, falling back on arin\n"; $whois_server = 'whois.arin.net'; } + + # Use the '+' arin option for detailed information (full output) + # http://www.arin.net/whois/ + if ($whois_server eq 'whois.arin.net') { + $args{query} = '+ ' . $args{query}; + } + last SWITCH; } if ( $args{query} =~ /:/ ) { |
From: Jon F. <re...@us...> - 2006-01-18 03:38:53
|
reflous 06/01/17 19:38:48 Added: tools netmask.pl Log: useful tool for adding to IPBlks.pm, plug in a netmask range (e.g. 123.123.123.123-124.124.124.124) and it'll spit out a block that can be plugged into IPBlks.pm Revision Changes Path 1.1 spam/tools/netmask.pl Index: netmask.pl =================================================================== #!/usr/bin/perl # # $Id: netmask.pl,v 1.1 2006/01/18 03:38:47 reflous Exp $ use Net::Netmask; my $range = $ARGV[0]; #$range = '222.0.0.0-222.255.255.255'; #$range = '0.0.0.0/4'; my $block = Net::Netmask->new($range); print "IPBlk.pm: " . $block->desc() . "\n"; print "First: " . $block->first() . "\n"; print "Last: " . $block->last() . "\n"; #print "MATCH-GOOD: " . $block->match('222.252.188.58') . "\n"; #print "MATCH-BAD : " . $block->match('223.22.22.22') . "\n"; |
From: Jon F. <re...@us...> - 2006-01-18 03:35:32
|
reflous 06/01/17 19:35:26 spam/tools - New directory |
From: Jon F. <re...@us...> - 2006-01-05 07:53:29
|
reflous 06/01/04 23:53:08 Modified: . config Log: added more documentation in the config file, also added 'bodyextractemails' and 'trustreceived' which will be used in v0.26 Revision Changes Path 1.5 +39 -19 spam/config Index: config =================================================================== RCS file: /cvsroot/spam/spam/config,v retrieving revision 1.4 retrieving revision 1.5 diff -u -w -r1.4 -r1.5 --- config 27 Dec 2005 19:53:19 -0000 1.4 +++ config 5 Jan 2006 07:53:08 -0000 1.5 @@ -16,43 +16,63 @@ # ############################################################################ -# SMTP information +######################## +# EMAIL/SMTP information +# smtpserver used for outgoing email smtpserver = <PUT YOUR SMTP SERVER HERE> + +# who the email spam.pl generates will be from mailfrom = <PUT YOUR EMAIL ADDRESS HERE> -# Enable debug mode +# Send complaints to myself as well as the normal recepiants: +bccme = 1 + +# Do not include the spam body in the complaint, only the spam headers: +bequiet = 0 + +# Do not include the .signature at the bottom of all complaints +nosig = 0 + +# Set a single receiver to receive all complaints all times: +#singlereceiver = fo...@fo...r + +# Send all complaints through abuse.net's complaint service: +abusenet = 0 + +######################## +# Debug (emails will not be sent when debug mode is enabled) +# 0 = Debug mode is off +# 1 = Enable debug mode +# 2 = Enable verbose debug mode debug = 0 -# Enable verbose debug mode -debug2 = 0 +######################## +# How to analyze the spam + +# trust only Received headers that your friend mailservers generate, +# this will eliminate generating reports to servers implicated by +# forged Received headers +trustreceived = 1 # Search the mail body for domain names bodyextract = 1 +# Search the body for email addresses and report to the domain of +# those domains, for this to work 'bodyextract' must be enabled +bodyextractemails = 1 + # Use the whois.abuse.net service: whois = 1 +######################## +# Other + # Run $EDITOR to allow complaint address editing before send editlist = 0 -# Send all complaints through abuse.net's complaint service: -abusenet = 0 - -# Send complaints to myself as well as the normal recepiants: -bccme = 1 - # The spam came quoted/forwarded to me, included in a mail included = 0 -# Do not include the spam body in the complaint, only the spam headers: -bequiet = 0 - -# Do not include the .signature at the bottom of all complaints -nosig = 0 - -# Set a single receiver to receive all complaints all times: -#singlereceiver = fo...@fo...r - # Enable rabid mode (super aggressive) # Recommended OFF for now. rabid = 0 |
From: Jon F. <re...@us...> - 2006-01-05 07:52:11
|
reflous 06/01/04 23:52:04 Modified: . spam.pl Log: major upgrade - using Email::Simple to parse emails now - using Email::MIME to decode the email bodies - new option 'trustreceived' if enabled will only use Received: headers that are from trusted mailservers, eliminating reporting to spoofed headers - new option 'bodyextractemails' if enabled will pull out the spammer's email from the body and report to the domain/domain hosts that they have a spammer - code cleanup - the -e option appears to be broken, commented out the code Revision Changes Path 1.24 +337 -409 spam/spam.pl Index: spam.pl =================================================================== RCS file: /cvsroot/spam/spam/spam.pl,v retrieving revision 1.23 retrieving revision 1.24 diff -u -w -r1.23 -r1.24 --- spam.pl 29 Dec 2005 15:52:15 -0000 1.23 +++ spam.pl 5 Jan 2006 07:52:03 -0000 1.24 @@ -6,8 +6,8 @@ # Maintained by: # Jon Feldhammer <jo...@ap...> # -my $date="December 29, 2005"; -my $version="0.25"; +my $date="January 5, 2006"; +my $version="0.26"; # # Spam is an internet desease that's really hard to take down. I do my best to # complain on all spam mails I receive. 1997 I wrote a script that does the @@ -38,6 +38,8 @@ use Net::DNS; use Net::SMTP; use Config::General; +use Email::Simple; +use Email::MIME; use strict; ### debug management @@ -65,6 +67,8 @@ mkdir("$spamdir", 0755) unless -d $spamdir; die "No $spamdir directory." unless -d $spamdir; my $spamconfig = "$spamdir/config"; +my $body_path="$spamdir/complaint"; +my $sig_path="$home/.signature"; my %config; unless (-e $spamconfig and %config = ParseConfig($spamconfig) ) { @@ -75,6 +79,10 @@ die "\n"; } +# Useful Regexes +my $ip_regex = qr/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/; +my $included_regex = qr/^\s*>\x20*/; + # # This is a small list with known two-name domains that should not get # added as a mail receiving domain. @@ -111,154 +119,95 @@ my @emails = (); my $inheader = 0; -my @friends = @{&parseFriends()}; # don't send abuse emails to friends -my @bouncers = @{&parseBad()}; # known bouncers -- inactive right now +my @friends = @{&parse_friends()}; # don't send abuse emails to friends +my @bouncers = @{&parse_bad()}; # known bouncers -- inactive right now -&parseArgs(); -&upgradefiles(); # check to see if we need to upgrade old config files +&parse_args(); +&upgrade_files(); # check to see if we need to upgrade old config files +# this is a complete hack +my $prompt; ########################################################### # Parse the email ########################################################### -my @mail=<STDIN>; # I'd like to make STDIN an option one day - -## Start with the header -my ($blankline, $blankline2, $line, $editor, $succ, $badhost, - $prompt, $ans, $abort, $sig, $pager, $tmpfile, $insubject, - $newbody, $dir, $addrs, $host, $body); -my (@concat, @mailheader, @mailbody, @slist, @body, @list); +my $email_raw = join("", <STDIN>); +# If this email was replied to strip off the > characters +# *IMPORTANT* things may go awry if this is more than JUST the +# email (i.e. other things inside) if ($config{included}) { - $blankline = $blankline2 = 0; + $email_raw =~ s/$included_regex//gsm; } -my $x_spam_header = 0; -for (my $i = 0; $i <= $#mail; $i++) { - - # get rid of X-Spam headers - if ($mail[$i] =~ m/^X-Spam/) { - $x_spam_header = 1; - next; - } elsif ($x_spam_header && ($mail[$i] =~ m/^\t/) ) { - next; - } else { - $x_spam_header = 0; - } - - if ($config{included}) { - $mail[$i] =~ s/^\s*>\s*//; - - if ($blankline2) { - next; - } +# JDF: using Email::Simple to parse the email +# only thing I'm missing here is dropping X-Spam headers +my $mail = Email::Simple->new($email_raw); - if (!$blankline && ($mail[$i] =~ /^\s*$/)) { - $blankline = 1; - next; - } elsif (!$blankline) { - next; - } - if (!$inheader && ($mail[$i] =~ /^[a-z0-9-_]*:/i)) { - $inheader = 1; - } elsif (!$inheader) { - next; - } +print "## Parsing Header Information\n"; +my $received_ips_array = &process_received_headers($mail); +foreach my $ip (@$received_ips_array) { + AddHost($ip); } - if (!$inheader && ($mail[$i] =~ /^(|>)From /)) { - $inheader=1; - } elsif (($inheader<2) && ($mail[$i] =~ /^([A-Za-z_0-9-]*): /)) { - # we may have found a header _without_ a previous "From " line. - # this may happen when we pipe in a mail from a mail program since - # those tend to strip the first from line - # doesn't really matter, though... - $inheader=1; - - # save this line as a header - $line = $mail[$i]; - push @mailheader, $line; - - chomp $line; - push @concat, $line; - } elsif (($inheader==1) && ($mail[$i] =~ /^[ \t]/)) { - $line = $mail[$i]; - push @mailheader, $line; - - chomp $line; +my $body_hosts_array; +if ($config{bodyextract}) { + print "## Parsing body\n"; - # replacing a sequence of beginning whitespaces with a single space - $line =~ s/^[ \t]*/ /g; + $body_hosts_array = &extract_body_hosts($email_raw); + foreach my $host (@$body_hosts_array) { + AddHost($host); - # append to previous line: - $concat[$#concat]=$concat[$#concat].$line; - } else { - if ($config{included}) { - if (!$blankline2 && /^\s*$/) { - $blankline2 = 1; - $inheader = 2; - } - } elsif ($inheader == 1) { - $inheader=2; + # since this is the spammer's website let's dig deeper + if ($host !~ /$ip_regex/) { + my @resolved_ips = lookup_all_ips($host); + for (@resolved_ips) {AddHost($_)}; } } - if ($inheader == 2) { - push @mailbody, $mail[$i]; } -} - -print "## Parsing Header Information\n"; -&extract_header_info(\@concat); - -if ($config{bodyextract}) { - # - # Extract evil hosts from the spam mail body - # - print "## Parsing body\n"; - &extractbodyhosts(); -} - -if ($uniqlist[0] eq "") { +if ($#uniqlist == -1) { print "No unfriendly hosts were found. This cannot have been a spam!\n"; exit; } -# Stuff used for the -e tag -if ($config{editlist}) { - # we sort the list for human comfort - @slist = sort { reverse($a) cmp reverse($b) } @uniqlist; - my $file = "$home/.spam.$$"; - open(TMP, ">$file"); - - for (@slist) { - print TMP "$_\n"; - } - close(TMP); - - $editor=$ENV{'EDITOR'}; - - print "INVOKES \"$editor $file\"\n"; - - $succ=system($editor, $file); - - print "SYSTEM: $succ\n"; - - if (open(TMP, "<$file")) { - undef @uniqlist; - while (<TMP>) { - chomp; - push @uniqlist, $_; - } - close(TMP); - system("rm $file"); - if ($uniqlist[0] eq "") { - print "BOO: all hosts removed, exiting!\n"; - exit; - } - } -} +# this is broken +#my (@slist, $editor, $succ); +## Stuff used for the -e tag +#if ($config{editlist}) { +# # we sort the list for human comfort +# @slist = sort { reverse($a) cmp reverse($b) } @uniqlist; +# my $file = "$home/.spam.$$"; +# open(TMP, ">$file"); +# +# for (@slist) { +# print TMP "$_\n"; +# } +# close(TMP); +# +# $editor=$ENV{'EDITOR'}; +# +# print "INVOKES \"$editor $file\"\n"; +# +# $succ=system($editor, $file); +# +# print "SYSTEM: $succ\n"; +# +# if (open(TMP, "<$file")) { +# undef @uniqlist; +# while (<TMP>) { +# chomp; +# push @uniqlist, $_; +# } +# close(TMP); +# system("rm $file"); +# if ($uniqlist[0] eq "") { +# print "BOO: all hosts removed, exiting!\n"; +# exit; +# } +# } +#} # create all new combinations of hosts: if (! $config{abusenet}) { @@ -266,13 +215,11 @@ %complaints = (); foreach my $host (@uniqlist) { - $badhost = $host; - - my $lookup_list = ablookup($badhost); - @list = @$lookup_list; + my $lookup_list = ablookup($host); + my @list = @$lookup_list; for (my $i = 0; $i <= $#list; $i++) { - print "ABUSENET: $badhost => $list[$i]\n" if ($config{debug}); + dbg("ABUSENET: $host => $list[$i]", 1); $complaints{lc($list[$i])} = 1; } } @@ -291,7 +238,7 @@ } # we sort the list -@slist = sort { reverse($a) cmp reverse($b) } @uniqlist; +my @slist = sort { reverse($a) cmp reverse($b) } @uniqlist; if (!$config{abusenet}) { # make email addresses out of the hosts: @@ -327,9 +274,8 @@ # # Now, get the predefined complaint mail or use our built-in. -$body="$spamdir/complaint"; - -if (open(BODY, "<$body")) { +my @body; +if (open(BODY, "<$body_path")) { @body=<BODY>; close(BODY); } else { @@ -368,131 +314,119 @@ } # add the original message +# for some reason Email::Simple doesn't offer a method to get the email +# headers back, so have to directly access the "private" method +my ($head_raw, $body_raw, $mycrlf) = Email::Simple::_split_head_from_body($email_raw); + if($config{bequiet}) { push @body, "\n--- start of spam headers ---\n"; -} -else { +} else { push @body, "\n--- start of spam ---\n"; } -push @body, @mailheader; + +push @body, $head_raw; if($config{bequiet}) { push @body, "\n--- end of spam headers ---\n"; -} -else { +} else { # push @body, "\n"; - push @body, @mailbody; + push @body, $body_raw; push @body, "\n--- end of spam ---\n"; } # add the signature if wanted - -$sig="$home/.signature"; -if(!$config{nosig} && open(SIG, "< $sig")) { +if(!$config{nosig} && open(SIG, "< $sig_path")) { push @body, "\n-- \n"; push @body, <SIG>; close(SIG); } -# set up pager and editor with defaults if necessary -$pager=$pager || $ENV{PAGER} || 'more'; -$editor=$editor || $ENV{EDITOR} || $ENV{VISUAL} || 'vi'; - -# where to make a temp file -mkdir "$spamdir/tmp", 0755 unless -d "$spamdir/tmp"; -$tmpfile="$spamdir/tmp/.spam.$$"; - -# if we're to prompt, we need to start reading from /dev/tty now. -if($prompt) { - if(!open(STDIN, '/dev/tty')) { - print "Could not read from /dev/tty. If this is not a UNIX machine, you\n"; - print "must disable the 'prompt' option in your config file!\n"; - exit; - } - # unbuffer output for single-line prompts - $|=1; -} -# print an informative message and then prompt if desired -while(1) { - print "\n"; - if($config{debug}) { - print "Spam-subject: $insubject\n"; - print "NOTE: Running in debug mode; mail will not actually be sent.\n"; - } - print "Recipients:\n"; - foreach(@emails) { - print " $_\n"; - } - - if($prompt) { - print "\nSend (s), abort (a), view body (v), edit body (e) or edit recipients (r)? "; - ($ans=lc(<STDIN>))=~s/^\s*(\S).*/$1/s; - print "\n\n"; - if($ans eq 'a') { - print "Aborting!\n"; - $abort=1; - last; - } elsif($ans eq 's') { - print $config{debug} ? "Running in debug mode; mail will not actually be sent.\n" : "Sending now!\n"; - last; - } elsif($ans eq 'v') { - writetmp(@body); - system("$pager $tmpfile"); - unlink($tmpfile); - } elsif($ans eq 'e') { - writetmp(@body); - system("$editor $tmpfile"); - $newbody=readtmp(); - if($newbody eq '') { - print "Cannot send email with no body; changes aborted and old body restored.\n"; - next; - } - @body=($newbody); - print "Changes saved.\n"; - } elsif($ans eq 'r') { - writetmp(join("\n", @emails)); - system("$editor $tmpfile"); - @emails=readtmp(1); - if(!@emails) { - print "WARNING: All recipients deleted; mail will not be sent.\n"; - next; - } - print "Changes saved.\n"; - } else { - print "Invalid option! Please try again:\n"; - } - } else { - last; - } -} +## set up pager and editor with defaults if necessary +#$pager=$pager || $ENV{PAGER} || 'more'; +#$editor=$editor || $ENV{EDITOR} || $ENV{VISUAL} || 'vi'; +# +## where to make a temp file +#mkdir "$spamdir/tmp", 0755 unless -d "$spamdir/tmp"; +#$tmpfile="$spamdir/tmp/.spam.$$"; +# +## if we're to prompt, we need to start reading from /dev/tty now. +#if($prompt) { +# if(!open(STDIN, '/dev/tty')) { +# print "Could not read from /dev/tty. If this is not a UNIX machine, you\n"; +# print "must disable the 'prompt' option in your config file!\n"; +# exit; +# } +# # unbuffer output for single-line prompts +# $|=1; +#} +## print an informative message and then prompt if desired +#while(1) { +# print "\n"; +# if($config{debug}) { +# print "Spam-subject: $insubject\n"; +# print "NOTE: Running in debug mode; mail will not actually be sent.\n"; +# } +# print "Recipients:\n"; +# foreach(@emails) { +# print " $_\n"; +# } +# +# if($prompt) { +# print "\nSend (s), abort (a), view body (v), edit body (e) or edit recipients (r)? "; +# ($ans=lc(<STDIN>))=~s/^\s*(\S).*/$1/s; +# print "\n\n"; +# if($ans eq 'a') { +# print "Aborting!\n"; +# $abort=1; +# last; +# } elsif($ans eq 's') { +# print $config{debug} ? "Running in debug mode; mail will not actually be sent.\n" : "Sending now!\n"; +# last; +# } elsif($ans eq 'v') { +# writetmp(@body); +# system("$pager $tmpfile"); +# unlink($tmpfile); +# } elsif($ans eq 'e') { +# writetmp(@body); +# system("$editor $tmpfile"); +# $newbody=readtmp(); +# if($newbody eq '') { +# print "Cannot send email with no body; changes aborted and old body restored.\n"; +# next; +# } +# @body=($newbody); +# print "Changes saved.\n"; +# } elsif($ans eq 'r') { +# writetmp(join("\n", @emails)); +# system("$editor $tmpfile"); +# @emails=readtmp(1); +# if(!@emails) { +# print "WARNING: All recipients deleted; mail will not be sent.\n"; +# next; +# } +# print "Changes saved.\n"; +# } else { +# print "Invalid option! Please try again:\n"; +# } +# } else { +# last; +# } +#} # # Produce the complaint email # my $mailto = join(', ', @emails); -#my $receiver=join(', ', @emails); - -# If a single argument was specified, we mail the stuff to that address only -#if ($config{singlereceiver} ne "") { -# $mailto = $config{singlereceiver}; -#} else { -# $mailto = $receiver; -#} -if(!$config{debug} && !$abort && @emails) { +# $abort is used in the manual mode +#if(!$config{debug} && !$abort && @emails) { +if(!$config{debug} && @emails) { if($config{abusenet}) { foreach my $eml (@emails) { # a single mail for each offender! -# $receiver = $_; -# if($config{singlereceiver} ne "") { -# # for debugging, you can get it to mail a single specified addy -# $mailto=$config{singlereceiver}; -# } else { -# $mailto=$receiver; -# } &mailaway($eml); } } else { @@ -507,7 +441,7 @@ # This function checks for 0.13-style or earlier configuration files, and # moves them to the new-style config in the ~/.spam subdirectory! -sub upgradefiles { +sub upgrade_files { if ( ((-r "$home/.spamcomplaint") || (-r "$home/.spamfrom") || (-r "$home/.spamfriends")) && @@ -516,7 +450,7 @@ print "NOTICE: They are now found in $home/.spam\n"; mkdir("$home/.spam", 0755); # create subdirectory - $dir="$home/.spam"; + my $dir="$home/.spam"; system("mv $home/.spamcomplaint $dir/complaint"); system("mv $home/.spamfrom $dir/from"); @@ -534,34 +468,34 @@ } # write all elements of an array to temp file -sub writetmp { - open(TMP, "> $tmpfile") or die "Couldn't write $tmpfile: $!"; - chmod(0600, $tmpfile); - print TMP @_; - close(TMP); -} +#sub writetmp { +# open(TMP, "> $tmpfile") or die "Couldn't write $tmpfile: $!"; +# chmod(0600, $tmpfile); +# print TMP @_; +# close(TMP); +#} # read a temp file into a scalar if no args passed; readtmp(1) reads # into an array of addresses, ignoring blank lines. -sub readtmp { - my(@res, $res); - $addrs=$_[0]; - open(TMP, $tmpfile) or die "Couldn't read $tmpfile: $!"; - while(<TMP>) { - if($addrs) { - s/^\s+|\s*$//sg; - push @res, $_ if $_ ne ""; - } else { - $res.=$_; - } - } - close(TMP); - unlink($tmpfile); - if(!$addrs) { - $res=~s/^\s+|\s*$//sg; - } - return $addrs ? @res : $res."\n"; -} +#sub readtmp { +# my(@res, $res); +# $addrs=$_[0]; +# open(TMP, $tmpfile) or die "Couldn't read $tmpfile: $!"; +# while(<TMP>) { +# if($addrs) { +# s/^\s+|\s*$//sg; +# push @res, $_ if $_ ne ""; +# } else { +# $res.=$_; +# } +# } +# close(TMP); +# unlink($tmpfile); +# if(!$addrs) { +# $res=~s/^\s+|\s*$//sg; +# } +# return $addrs ? @res : $res."\n"; +#} sub nslookup { my $ip = $_[0]; @@ -579,29 +513,32 @@ # $newhost =~ /^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/) { # Didn't successfully resolve the hostname from the IP $newhost = ""; - print "NSLOOKUP: could not resolve $ip ($newhost)\n" if ($config{debug}); + dbg("NSLOOKUP: could not resolve $ip ($newhost)", 1); + return undef; } else { $offender_ip{$ip} = $newhost; - print "NSLOOKUP: $ip => $newhost\n" if ($config{debug2}); + dbg("NSLOOKUP: $ip => $newhost", 2); } } return $newhost; } -sub extractbodyhosts { - my ($name,$aliases,$type,$len,$addr); # gethostbyname rtn vals - my ($a, $b, $c, $d); - my ($body_ip); +sub extract_body_hosts { + my $email_raw = shift; + my $parsed = Email::MIME->new($email_raw); + my @body = $parsed->body; + my (%found_hosts); + + for (my $x = 0; $x <= $#body; $x++) { + my $line = $body[$x]; + my $host = ""; - for (my $x = 0; $x <= $#mailbody; $x++) { - - # while through a replace thing to match several links properly - $line = $mailbody[$x]; while (($line =~ s/http:\/\/([a-z0-9\-.]*)//i) || ($line =~ s/www\.([a-z0-9\-.]*)//i)) { $host = $1; - if ($host =~ /^((\d*)\.(\d*)\.(\d*)\.(\d*))$/) { + + if ($host =~ /^$ip_regex$/) { # print "IPv4\n"; $host = $1; } elsif (($host =~ /^(\d+)$/) && ($1>255)) { @@ -618,49 +555,30 @@ #printf "IP $ip & %08x\n", 0xff<<($s*8); $rip .= ($ip&(255<<($s*8)))>>($s*8); } - $host = $rip; } else { # print "regular host\n"; } -# if ($host =~ /^((\d*)\.(\d*)\.(\d*)\.(\d*))$/) { -# -# $newhost = &nslookup($host); -# -# if ($newhost) { -# $host = $newhost; -# } -# } - # cut off 'www' to get a more likely mailable domain - $host =~ s/^www.(.*)/$1/; + $host =~ s/^www\.//; next if ($offender_host{$host}); - if ($host) { - if ($config{debug}) { - print "BODY-HOST: $host\n"; - } - AddHost($host); + $found_hosts{$host} = 1; - # Let's dig a little deeper since this is the spammer's website - ($name,$aliases,$type,$len,$addr) = gethostbyname($host); - ($a, $b, $c, $d) = unpack('C4', $addr); - - if ($a && $b && $c && $d) { - $body_ip = join(".", ($a, $b, $c, $d)); - AddHost($body_ip); - } else { - print " * gethostbyname failed for $host\n" if ($config{debug2}); - next; - } + } # end while $line + if ($config{bodyextractemails}) { + while ($line =~ s/\@(\S+\.\w+)(?:\s|$|")//) { + $found_hosts{$1} = 1; } } - } + } # end for @body + my @host_list = keys %found_hosts; + return \@host_list; } sub mailaway { @@ -695,6 +613,9 @@ if($config{mailfrom} ne "") { $smtp->datasend("From: $config{mailfrom}\n"); } + + # JDF -- this is dirty + my $insubject = $mail->header('Subject'); if(($insubject =~ /\=\?iso/i) || ($insubject eq "")) { # MIME code in subject, just leave it out of the complaint subject $smtp->datasend("Subject: Spam Report!\n"); @@ -780,32 +701,30 @@ my $host = lc($_[0]); my ($ip, $reverse_lookup); - if ($config{debug2}) { - print "ADDHOST: $host\n"; - } + dbg("ADDHOST: $host", 2); ## clean up the host info # sometimes we get trailing junk on the host name, like semicolons - $host =~ s/([;:\)])+ *$//g; - $host =~ s/\r//g; +# $host =~ s/([;:\)])+ *$//g; +# $host =~ s/\r//g; # @ in the host name looks like a fake - if ($host =~ /\@/) { - print "FAKE HOST: $host\n" if ($config{debug2}); - return; +# if ($host =~ /\@/) { +# dbg("FAKE HOST: $host", 2); +# return; # if this "host" has an @ letter, we cut it and everything to the # left of it # $host =~ s/([^@]*)@(.*)/$2/g; - } +# } # known friendly domains/IPs are not added if (is_friend($host)) { - print "$host is friend, bailout!\n" if ($config{debug2}); + dbg("$host is friend, bailout!", 2); return; } # Deal with IP address - if ($host =~ /^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/) { + if ($host =~ /^$ip_regex$/) { $ip = $host; # Have we seem this IP before? @@ -819,7 +738,7 @@ # make sure the ip doesn't resolve to a friend if ( $reverse_lookup && is_friend($reverse_lookup) ) { - print "$reverse_lookup is friend, bailout!\n" if ($config{debug2}); + dbg("$reverse_lookup is friend, bailout!", 2); return; } @@ -836,9 +755,7 @@ } # end if IP address if ($knowntopdoms{$host}) { - if ($config{debug2}) { - print "$host is known TLD, bailout!\n"; - } + dbg("$host is known TLD, bailout!", 2); return; } @@ -875,7 +792,7 @@ my $dom = shift; my ($whois_info, $tld); - print "CHECKING-DOMAIN: $dom\n" if ($config{debug2}); + dbg("CHECKING-DOMAIN: $dom", 2); if ($dom =~ /\.([^\.]+)$/) { $tld = $1; @@ -886,8 +803,8 @@ eval { $whois_info = whois(query => $dom); }; - if ($@ && $config{debug}) { - print " * timeout checking $dom\n"; + if ($@) { + dbg(" * timeout checking $dom", 1); return 0; } @@ -901,9 +818,7 @@ m/\^% No entries found for the selected source.*$/ || m/^No Match.*$/i || m/^No information about domain $dom.*$/i) { - if ($config{debug2}) { - print "BAD-DOMAINNAME: $dom\n"; - } + dbg("BAD-DOMAINNAME: $dom", 2); return 0; } } @@ -943,8 +858,8 @@ eval { $ip_whois_response = whois(query => $ip); }; - if ($@ && $config{debug}) { - warn "&ipwhois failure: $@"; + if ($@) { + dbg("&ipwhois failure: $@", 1); return; } @@ -960,12 +875,10 @@ next if ($fqdn eq 'apnic.net'); next if ($offender_host{$fqdn}); # skip this fqdn if we've seen it before - if ( $config{debug} ) { - print " * $ip is associated with $fqdn\n"; - } + dbg(" * $ip is associated with $fqdn", 1); if (is_friend($fqdn)) { - print "$fqdn is friend, bailout!\n" if ($config{debug2}); + dbg("$fqdn is friend, bailout!", 2); next; } @@ -974,9 +887,7 @@ my $email = $localpart . '@' . $fqdn; if ($line =~ /abuse/) { AddAbuseEmail($email); - if ( $config{debug} ) { - print "ABUSE-MAIL-FOR-$ip: $email\n"; - } + dbg("ABUSE-MAIL-FOR-$ip: $email", 1); } } @@ -996,9 +907,7 @@ $email = lc($email); $email =~ s/(?:\s|\r|\n)//g; - if ($config{debug2}) { - print "ADD-ABUSE-EMAIL: $email\n"; - } + dbg("ADD-ABUSE-EMAIL: $email", 2); push @abuse_emails, $email; } @@ -1059,7 +968,7 @@ push @emails, $host."\@abuse.net"; } -sub parseArgs() { +sub parse_args() { if ($ARGV[0] eq "-h") { print <<EOF; spam.pl version $version ($date) @@ -1079,6 +988,8 @@ -d runs in debug-mode (shows a lot of internal processing choices). debug-mode does not send any mail. + -dd runs in verbose-debug-mode + -e Edit list. Your \$EDITOR gets invoked with the list of found hosts before the mail is sent, to allow you to edit the list manually first. @@ -1145,12 +1056,10 @@ $config{editlist}^=1; } elsif ($ARGV[0] eq "-d") { $config{debug}=1; -#JDF fix this print "DEBUG MODE ENABLED\n"; } elsif ($ARGV[0] eq "-dd") { - $config{debug}=1; - $config{debug2}=1; # extra detailed debug info - print "DEBUG MODE ENABLED\n"; + $config{debug}=2; + print "VERBOSE DEBUG MODE ENABLED\n"; } elsif ($ARGV[0] eq "-a") { $config{abusenet} ^= 1; } elsif ($ARGV[0] eq "-m") { @@ -1175,16 +1084,10 @@ if ($ARGV[0] ne "") { shift @ARGV; - parseArgs(); + parse_args(); # goto argv; } - # change by egg...@be... - if ($config{debug2}) { -# print "VERBOSE DEBUG MODE ENABLED\n"; - } elsif ($config{debug}) { -# print "DEBUG MODE ENABLED\n"; - } if ($config{singlereceiver} ne "") { print "Single receiver : $config{singlereceiver}\n"; } @@ -1214,7 +1117,7 @@ # its pretty important that both of those domains are added to prevent # this script to send complaints to them too! # -sub parseFriends() { +sub parse_friends() { my $friends="$spamdir/friends"; my(@friends, $line); @@ -1250,14 +1153,14 @@ # This file consists of hostnames that send spam but don't receive # mail. In the future I'd like to do further research and find out who # hosts the website in order to report to those. -sub parseBad() { +sub parse_bad() { my $bad_file="$spamdir/bad"; my(@bad); if (open(BAD, "<$bad_file")) { while (<BAD>) { chomp; - $line = $_; + my $line = $_; $line =~ s/\s+$//; next if ($line =~ /^\s*$/); push(@bad, $line); @@ -1308,69 +1211,94 @@ } } -sub extract_header_info { - my @concat = @{shift(@_)}; - my $rheaders=0; - - # # Extract hosts from the headers. # # Useful links for understanding Received: headers & the common spoofs: # http://www.stopspam.org/email/headers.html # http://www.faqs.org/rfcs/rfc821.html # http://www.faqs.org/rfcs/rfc822.html - # - for (@concat) { - if (m/^Received: /) { - # This is a received line, deal with it. - # +sub process_received_headers { + my $mail = shift; + my @received = $mail->header('Received'); + my $total_received = $#received; + + if ($total_received == 0) { + print "No received: headers were found!\n"; + exit; + } + + my %ips = (); + # Loop through + for (my $i = 0; $i <= $total_received; $i++) { # Unfortunately, the only Received lines you can be sure of are the ones # that are from your mail servers. Currently spam.pl will look at all # the received headers and treat them equally. # - # EXAMPLE: + # EXAMPLES: # Received: from gade.imada.ou.dk (ro...@ga... # [130.225.128.158]) by gatekeeper.frontec.se (8.8.2/8.8.2) with ESMTP # id OAA07503 for <Dan...@st...>; # Sun, 16 Aug 1998 14:28:03 +0200 (MET DST) + # + # -- this is the type I generally get from spammers + # Received: from unknown (HELO 207.142.134.201) (211.161.102.142) + # by ns45.webmasters.com with SMTP; 1 Jan 2006 06:37:50 -0000 + # + # ns45.webmasters.com (207.142.134.201) is my mailserver, the spammer + # is 211.161.102.142 - $rheaders++; - my $rest = substr($_,10); + # This is what the config variable 'trustreceived' depends on + my $friend_host = 0; + if ($received[$i] =~ m/by (\D+\S*\.\w+)(?:\s+|$)/) { + $friend_host++ if (is_friend($1)); + } - push (@{$email_parts{received}}, $rest); - my $ipaddr_count = 0; - my @received = split /\s+/,$rest,-1; - for (@received) { - # Only extracting IP addresses, domain name information is too unreliable - # in the headers - if ( m/(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/ && - ! m/[A-Za-z](\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/) { - #if ($str =~ m/(?<![a-z])(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/i) { - # for some reason the look-behind doesn't work properly here - if ($config{debug}) {print " * IP Found: $1\n";} - AddHost($1); - $ipaddr_count++; - } - } - if ( ($ipaddr_count == 0) && $config{debug} ) { - print " * No ip address found, ignoring.\n"; - } - - } elsif (m/^Subject: (.*)/i) { - $email_parts{subject} = $1; - $insubject=$1; - } elsif (m/^Message-ID: (.*)/i) { - $email_parts{'message-id'} = $1; - } else { - #print $_."\n"; + next if ( (! $friend_host) && ($config{trustreceived}) ); + + # extracting IP addresses + while ( $received[$i] =~ s/[^A-Za-z0-9\.]($ip_regex)// ) { + dbg(" * IP Found: $1", 1); + $ips{$1} = 1; } } -#print Dumper(%email_parts); + my @ips = keys %ips; + return (\@ips); +} - if ($rheaders == 0) { - print "No received: headers were found!\n"; - exit; +sub dbg { + my ($msg, $level) = @_; + $level ||= 1; + + if ($config{debug} >= $level) { + print $msg . "\n"; + } +} + + +# this code is from Mail::SpamAssassin::Received +sub lookup_all_ips { + my ($hostname) = @_; + + my ($name,$aliases,$addrtype,$length,@addrs) = gethostbyname ($hostname); + my @moreaddrs; + + # bug 2324: this fails if the user has an /etc/hosts entry for that + # hostname; force a DNS lookup by appending a dot, but only if there's + # a domain in the hostname (ie. it really is likely to be in external DNS). + # use both sets of addrs, as the /etc/hosts data is usable anyway for + # internal relaying. + if ($hostname =~ /\./) { + ($name,$aliases,$addrtype,$length,@moreaddrs) = gethostbyname ($hostname."."); } + my @ips = (); + my %seenaddr = (); + foreach my $addr (@addrs, @moreaddrs) { + next if ($seenaddr{$addr}); + $seenaddr{$addr} = 1; + my ($a,$b,$c,$d) = unpack('C4', $addr); + push (@ips, "$a.$b.$c.$d"); + } + return @ips; } |
From: Jon F. <re...@us...> - 2006-01-05 07:50:58
|
reflous 06/01/04 23:50:53 Modified: lib IPBlks.pm Log: bugfix 0.0.0.0/2 was set as default and was throwing off some ips also added a bunch of ip blocks Revision Changes Path 1.4 +34 -9 spam/lib/IPBlks.pm Index: IPBlks.pm =================================================================== RCS file: /cvsroot/spam/spam/lib/IPBlks.pm,v retrieving revision 1.3 retrieving revision 1.4 diff -u -w -r1.3 -r1.4 --- IPBlks.pm 29 Dec 2005 15:53:26 -0000 1.3 +++ IPBlks.pm 5 Jan 2006 07:50:53 -0000 1.4 @@ -41,17 +41,42 @@ 1; __DATA__ +0.0.0.0/4 arin +16.0.0.0/5 arin 24.192.0.0/14 apnic 24.132.0.0/14 ripe +25.0.0.0/4 arin +32.0.0.0/4 arin +48.0.0.0/5 arin +56.0.0.0/7 arin +58.0.0.0/7 apnic +60.0.0.0/8 apnic 61.112.0.0/12 whois.nic.ad.jp 61.192.0.0/12 whois.nic.ad.jp # => 61.207 61.208.0.0/13 whois.nic.ad.jp # => 61.215 61.0.0.0/8 apnic 62.0.0.0/8 ripe -# broken? -# 63.208.0.0/13 rr.level3.net -80.0.0.0/7 ripe -0.0.0.0/2 arin # all other A classes are managed by ARIN +63.0.0.0/8 arin +# 64.0.0.0-79.255.255.255 is a MESS, I ain't gonna figure it out +#64.10.1.0/24 arin +#64.15.224.0/19 rwhois.exodus.net:4321 +64.0.0.0/4 arin +80.0.0.0/5 ripe +87.0.0.0/8 ripe +88.0.0.0/6 ripe +92.0.0.0/6 arin +96.0.0.0/4 arin +112.0.0.0/5 arin +120.0.0.0/6 arin +124.0.0.0/7 apnic +126.0.0.0/8 apnic +# 127.0.0.0 is the loopback +128.0.0.0/6 arin +132.0.0.0/8 arin +# this sort of default won't work since the hash isn't sorted, can either +# properly sort the hash in get_server 'keys' function call, or enter +# the other ranges by hand (I prefer option #2) +# 0.0.0.0/2 arin # all other A classes are managed by ARIN ## The B class space is a mess :-( - something could still be missing ## I add here only netblocks allocated to multiple LIRs by the RIRs. 133.0.0.0/8 whois.nic.ad.jp |
From: Jon F. <jon...@gm...> - 2006-01-04 23:28:46
|
test |