Changeset 12


Ignore:
Timestamp:
01/12/10 11:20:24 (15 years ago)
Author:
Kris Deugau
Message:

/trunk/dnsbl

Update extract-data with changes from live version

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/dnsbl/extract-data

    r9 r12  
    179179    my ($tmprelayip) = ($recv =~ /from source \(\[([\d.]+)\]\) (?:\(using TLSv1\) )?by (?:exprod\dm[xo]b?|chipmx)\d+\.postini\.com/);
    180180    $relayip = new NetAddr::IP $tmprelayip;
     181
     182  } elsif ($recv =~ /\[137\.82\.45\.(?:[0-9]|1[0-5])\]\) by mx\d\.company\.com/) {
     183# Customer with (spam)forwarding from UBC - enough to justify this code
     184  #IP-Network                    137.82.0.0/16
     185  #IP-Network-Block              137.082.000.000 - 137.082.255.255
     186  #Org-Name                      University of British Columbia
     187  # only 137.82.45.0/28 or so seem to be outbound relays (duh)
     188    $recv = $recv = $headerlist{'Received'}[++$recvnum];
     189#Received: from bcnbib.gov.ar (200-42-22-14.dup.prima.net.ar [200.42.22.14])
     190#  by mr4.mail-relay.ubc.ca (Postfix)
     191    my ($tmprelayip) = ($recv =~ /from \[?[a-zA-Z0-9._-]+\]? \([a-zA-Z0-9._-]+ \[([\d+.]+)\]\) by mr\d\.mail-relay\.ubc\.ca \(Postfix\)/);
     192    $relayip = new NetAddr::IP $tmprelayip;
     193
    181194  } else {
    182195    my ($tmprelayip) = ($recv =~ /\[([\d+.]+)\]\) by mx\d\.company\.com/);
     
    184197  }
    185198
     199print "eep, no ip from manual extraction\n$recv\n" if !$relayip;
    186200print "SA vs manual extraction, relay IP mismatch: $sa_intip vs $relayip on\n\t$recv\n" if $sa_intip != $relayip;
    187201
     
    201215  #Received: from omr-m33.mx.aol.com (omr-m33.mx.aol.com [64.12.143.145]) by
    202216  # mx1.company.com (Postfix) with ESMTP id 7B9431C3255 for <webmaster@tyenet.com>;
    203   next if $recv =~ /from (?:omr|imo)-[dm]\d+\.mx\.aol\.com \((?:omr|imo)-[dm]\d+\.mx\.aol\.com \[[\d.]+\]\) by mx\d\.company\.com/;
     217  next if $recv =~ /from (?:omr|im[or])-[dm][ab]?\d+\.mx\.aol\.com \((?:omr|im[or])-[dm][ba]?\d+\.mx\.aol\.com \[[\d.]+\]\) by mx\d\.company\.com/;
    204218
    205219# Google may relay spam, GMail may originate it, but we can't blacklist them.
     
    260274  my $yahoo14 = new NetAddr::IP "212.82.104.0/21";
    261275  next if $relayip->within($yahoo14);
     276 #IP-Network                    66.163.160.0/19
     277  my $yahoo15 = new NetAddr::IP "66.163.160.0/19";
     278  next if $relayip->within($yahoo15);
    262279
    263280# and the same goes for Bell Canada.  *le sigh*
     
    272289  my $bell1 = new NetAddr::IP "209.226.175.0/24";
    273290  next if $relayip->within($bell1);
    274 #  next if $recv =~ /\[209\.226\.175\.\d+\] by mx\d\.company\.com/;
     291  #IP-Network                    207.236.0.0/16
     292  # only listing a subsection - rDNS hosts look like Bell SMTP hardware
     293  my $bell2 = new NetAddr::IP "207.236.237.0/26";
     294  next if $relayip->within($bell2);
    275295
    276296# ... and your little dog too!
     
    288308  my $apple1 = new NetAddr::IP "17.148.16.64/26";
    289309  next if $relayip->within($apple1);
     310
     311# and Vodafone...
     312# 212.183.156.227  (.227 through .230 have server rdns)
     313#route:        212.183.128.0/19
     314#descr:        Vodafone UK
     315#inetnum:        212.183.156.0 - 212.183.156.255
     316#descr:          Vodafone Limited
     317  my $voda1 = new NetAddr::IP "212.183.156.224/29";
     318  next if $relayip->within($voda1);
     319
     320# ooohhh, Eastlink wants to join the party
     321#24.222.0.30
     322#IP-Network                    24.222.0.0/16
     323#IP-Network-Block              024.222.000.000 - 024.222.255.255
     324#Org-Name                      Bragg Communications Incorporated
     325  my $eastlink1 = new NetAddr::IP "24.222.0.30";
     326  next if $relayip->within($eastlink1);
     327
     328# and now Cogeco
     329#216.221.81.192
     330#IP-Network                    216.221.64.0/19
     331#IP-Network-Block              216.221.064.000 - 216.221.095.255
     332#Org-Name                      Cogeco Telecom
     333# only ignoring systems-looking IPs or blocks with mostly systems-looking IPs
     334  my $cogeco1 = new NetAddr::IP "216.221.81.192";
     335  next if $relayip->within($cogeco1);
     336  my $cogeco2 = new NetAddr::IP "216.221.81.96/30";
     337  next if $relayip->within($cogeco2);
     338
     339# and UAlberta
     340#129.128.5.19
     341#IP-Network                    129.128.0.0/16
     342#IP-Network-Block              129.128.000.000 - 129.128.255.255
     343#Org-Name                      University of Alberta
     344  my $ualberta1 = new NetAddr::IP "129.128.5.19";
     345  next if $relayip->within($ualberta1);
    290346
    291347  $iplist{$relayip->addr}++ if $relayip;
Note: See TracChangeset for help on using the changeset viewer.