![(please configure the [header_logo] section in trac.ini)](/trac/dnsbl/chrome/site/your_project_logo.png){kind=logo}
Changeset 39
- Timestamp:
- 03/04/12 13:13:00 (12 years ago)
- File:
-
- 1 edited
-
trunk/dnsbl/extract-data (modified) (21 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/dnsbl/extract-data
r30 r39 26 26 # hmm. can't make (enough) sense of the docs. gonna have to parse headers for IPs myself... :/ 27 27 # but we did find enough to extract the URIs... 28 use lib '/opt/spamassassin/share/perl/5.10.0'; 28 # only required if using a custom SA install 29 #use lib '/opt/spamassassin/share/perl/5.10.0'; 29 30 use Mail::SpamAssassin; 30 31 use Mail::SpamAssassin::PerMsgStatus; … … 54 55 # Password => 'imapspamuserpassword', 55 56 # Debug => $imapdebug); 57 58 print "about to open IMAP connection\n" if $debug; 56 59 57 60 my $imap = Mail::IMAPClient->new( … … 72 75 my $msgcount = $imap->message_count($folder); 73 76 74 # If debugging, print out the total counts for each mailbox 75 print $msgcount, " message(s) to process\n" if $debug; 77 print $msgcount, " message(s) to process\n"; 76 78 77 79 ## Process the spam mailbox … … 100 102 #IP-Network 157.56.0.0/14 101 103 #IP-Network 157.60.0.0/16 102 NetAddr::IP->new("157.55.0.192/2 7"),103 NetAddr::IP->new("157.55. 0.225"),104 NetAddr::IP->new("157.55. 0.226"),104 NetAddr::IP->new("157.55.0.192/26"), 105 NetAddr::IP->new("157.55.1.128/26"), 106 NetAddr::IP->new("157.55.2.0/24"), 105 107 #IP-Network 207.46.0.0/16 106 108 NetAddr::IP->new("207.46.66.0/28"), 109 NetAddr::IP->new("213.199.144.0/20"), 110 NetAddr::IP->new("216.32.180.0/22"), 111 # "Frontbridge"/"bigfish" (inherited) 112 #IP-Network 204.231.192.0/24 113 NetAddr::IP->new("204.231.192.41"), 107 114 108 115 # AOL - note only some IPs show mail-ish rDNS 109 #IP-Network 205.188.0.0/16110 116 #IP-Network 64.12.0.0/16 111 117 NetAddr::IP->new("64.12.78.136/30"), 112 118 NetAddr::IP->new("64.12.78.142"), 113 119 NetAddr::IP->new("64.12.100.31"), 120 NetAddr::IP->new("64.12.102.136/29"), 121 NetAddr::IP->new("64.12.140.129"), 122 NetAddr::IP->new("64.12.140.130"), 114 123 NetAddr::IP->new("64.12.143.144/30"), 115 124 NetAddr::IP->new("64.12.143.152/30"), … … 122 131 NetAddr::IP->new("64.12.207.176/29"), 123 132 #IP-Network 205.188.0.0/16 133 NetAddr::IP->new("205.188.58.0/28"), 124 134 NetAddr::IP->new("205.188.91.94/31"), 125 135 NetAddr::IP->new("205.188.91.96/31"), … … 127 137 NetAddr::IP->new("205.188.105.144/30"), 128 138 NetAddr::IP->new("205.188.169.196/29"), 139 NetAddr::IP->new("205.188.249.64/29"), 129 140 NetAddr::IP->new("205.188.249.128/29"), 130 NetAddr::IP->new("205.188.249. 64/29"),141 NetAddr::IP->new("205.188.249.148/30"), 131 142 NetAddr::IP->new("205.188.169.200/23"), 143 NetAddr::IP->new("205.188.255.0/28"), 132 144 133 145 # Google/GMail … … 178 190 NetAddr::IP->new("66.94.224.0/19"), 179 191 NetAddr::IP->new("203.104.16.0/21"), 192 NetAddr::IP->new("124.108.120.0/21"), 193 #inetnum: 180.222.112.0 - 180.222.119.255 194 NetAddr::IP->new("180.222.112.0/21"), 195 NetAddr::IP->new("72.30.0.0/16"), 196 NetAddr::IP->new("217.146.176.0/21"), 197 NetAddr::IP->new("106.10.128.0/18"), 180 198 181 199 # MessageLabs - may add these to trusted_networks instead … … 185 203 NetAddr::IP->new("193.109.254.0/23"), 186 204 NetAddr::IP->new("119.161.0.0/19"), 205 NetAddr::IP->new("216.82.240.0/20"), 187 206 # buh? rDNS says Yahoo, but... 188 207 #inetnum: 203.209.224.0 - 203.209.255.255 … … 211 230 212 231 # Facebook - only exclude mail-ish hostnames 232 # used SPF record to pick blocks 233 #"v=spf1 ip4:69.63.179.25 ip4:69.63.178.128/25 ip4:69.63.184.0/25 ip4:66.220.144.128/25 234 # ip4:66.220.155.0/24 ip4:69.171.232.128/25 ip4:66.220.157.0/25 ip4:69.171.244.0/24 mx -all" 213 235 #IP-Network 69.63.176.0/20 214 # .178.160/27 plus a few more to 199 show mailish rDNS 215 NetAddr::IP->new("69.63.178.160/27"), 216 NetAddr::IP->new("69.63.178.192/29"), 236 NetAddr::IP->new("69.63.178.128/25"), 237 NetAddr::IP->new("69.63.184.0/25"), 217 238 #IP-Network 66.220.144.0/20 218 NetAddr::IP->new("66.220.144.128/26"), 239 NetAddr::IP->new("66.220.144.128/25"), 240 NetAddr::IP->new("66.220.155.0/24"), 241 NetAddr::IP->new("66.220.157.0/25"), 242 #IP-Network 69.171.224.0/19 243 NetAddr::IP->new("69.171.232.128/25"), 244 NetAddr::IP->new("69.171.244.0/24"), 219 245 220 246 # IBM Lotus Live - rdns mostly mail … … 246 272 #descr: php.t-online.de 247 273 NetAddr::IP->new("194.25.134.80/29"), 274 NetAddr::IP->new("194.25.134.16/29"), 248 275 249 276 # Telestra (Australia) … … 266 293 #IP-Network 207.69.0.0/16 267 294 NetAddr::IP->new("207.69.200.28"), 295 #IP-Network 209.86.0.0/16 296 NetAddr::IP->new("209.86.89.60/30"), 297 NetAddr::IP->new("209.86.89.64/28"), 268 298 269 299 # Sprint … … 275 305 # inetnum: 203.109.128.0 - 203.109.159.255 276 306 NetAddr::IP->new("203.109.136/28"), 307 308 # Optus (Australia) 309 # inetnum: 211.28.0.0 - 211.31.255.255 310 NetAddr::IP->new("211.29.132.0/24"), 311 312 #IP-Network 204.209.192.0/20 313 #Org-Name AGT Limited. 314 # telus tentacle? 315 # 204.209.205.13 -> defout.telus.net. -> 204.209.205.13 316 NetAddr::IP->new("204.209.205.13"), 317 318 #route: 195.188.0.0/16 319 #descr: Telewest Broadband 320 # blueyonder.co.uk 321 NetAddr::IP->new("195.188.213.0/28"), 322 323 #inetnum: 210.50.0.0 - 210.50.63.255 324 #descr: Primus Telecommunications 325 # (Australia) 326 NetAddr::IP->new("210.50.30.224/28"), 327 328 # iiNet Limited (Australia) 329 #inetnum: 203.10.1.0 - 203.10.1.255 330 NetAddr::IP->new("203.10.1.232/29"), 331 NetAddr::IP->new("203.10.1.240/29"), 332 #inetnum: 203.59.0.0 - 203.59.255.255 333 NetAddr::IP->new("203.59.1.104/29"), 334 NetAddr::IP->new("203.59.1.128/26"), 335 336 # Road Runner 337 #IP-Network 75.176.0.0/12 338 NetAddr::IP->new("75.180.132.120/29"), 339 340 # Comcast 341 #IP-Network 76.96.0.0/17 342 NetAddr::IP->new("76.96.62.0/25"), 343 344 #IP-Network 142.146.0.0/16 345 #Org-Name Rogers Communications Inc. 346 NetAddr::IP->new("142.146.31.20/30"), 347 348 #address: Claranet UK Ltd 349 #route: 195.8.64.0/19 350 #inetnum: 195.8.89.32 - 195.8.89.47 351 #descr: Claranet UK SMTP relay platform 352 NetAddr::IP->new("195.8.89.37"), 353 354 #inetnum: 80.8.0.0 - 80.15.255.255 355 #descr: France Telecom S.A. 356 #inetnum: 80.12.242.0 - 80.12.242.255 (several ranges) 357 #descr: Mail Essentials Project 358 # orange.fr SMTP cluster. whois WTF 359 NetAddr::IP->new("80.12.242.0/24"), 360 #route: 193.252.0.0/18 361 #descr: France Telecom 362 # more "mail essentials project" 363 NetAddr::IP->new("193.252.22.208/29"), 364 365 #inetnum: 212.216.0.0 - 212.216.255.255 366 #descr: Telecom Italia Net 367 #inetnum: 212.216.172.0 - 212.216.177.255 368 #descr: Telecom Italia IDC - ISP&VAS MNGT 369 NetAddr::IP->new("212.216.176.0/24"), 370 371 #inetnum: 151.189.0.0 - 151.189.255.255 372 #descr: Arcor Online GmbH 373 NetAddr::IP->new("151.189.21.32/27"), 374 375 #CIDR: 74.208.0.0/16 376 #OrgName: 1&1 Internet Inc. 377 NetAddr::IP->new("74.208.122.35"), 378 379 #inetnum: 187.31/16 380 #owner: Internet Group do Brasil SA 381 # .16 and .17 seem to be SMTP relay hosts 382 NetAddr::IP->new("187.31.0.16/31"), 383 384 #address: 1&1 Internet AG 385 #route: 217.72.192.0/20 386 #descr: Web.de 387 NetAddr::IP->new("217.72.192.227"), 388 389 #descr: France Telecom Espana 390 #route: 62.36.0.0/16 391 #inetnum: 62.36.0.0 - 62.36.23.255 392 NetAddr::IP->new("62.36.20.205"), 393 394 # Primus (Canada) 395 # CIDR: 216.254.192.0/19, 216.254.128.0/18 396 NetAddr::IP->new("216.254.180.38"), 277 397 278 398 ## Edumactional places … … 299 419 #IP-Network 129.109.0.0/16 300 420 NetAddr::IP->new("129.109.195.0/28"), 421 #IP-Network 129.106.0.0/16 422 NetAddr::IP->new("129.106.148.58"), 301 423 302 424 # Roxbury Community College … … 319 441 #IP-Network 130.132.0.0/16 320 442 NetAddr::IP->new("130.132.50.7"), 443 NetAddr::IP->new("130.132.50.146"), 321 444 322 445 # Rutgers University … … 354 477 NetAddr::IP->new("129.81.224.84"), 355 478 479 #Org-Name Texas A&M University 480 #IP-Network 192.195.88.0/21 481 NetAddr::IP->new("192.195.88.20"), 482 #IP-Network 165.95.0.0/16 483 NetAddr::IP->new("165.95.144.40"), 484 485 #IP-Network 162.82.0.0/16 486 #Org-Name William Beaumont Hospital 487 # rDNS on seen IP ends in .edu 488 NetAddr::IP->new("162.82.215.18"), 489 490 #IP-Network 169.232.0.0/16 491 #Org-Name University of California, Los Angeles 492 NetAddr::IP->new("169.232.46.169"), 493 494 #IP-Network 128.138.0.0/16 495 #Org-Name University of Colorado 496 NetAddr::IP->new("128.138.128.231"), 497 498 #IP-Network 209.221.168.0/24 499 #Org-Name City University 500 NetAddr::IP->new("209.221.168.36"), 501 502 #IP-Network 163.120.0.0/16 503 #Org-Name DePauw University 504 505 #IP-Network 205.137.240.0/20 506 #Org-Name Shelby County Schools 507 NetAddr::IP->new("205.137.241.81"), 508 509 #IP-Network 199.17.0.0/16 510 #Org-Name Minnesota State Colleges and Universities 511 NetAddr::IP->new("199.17.25.194"), 512 513 #CIDR: 162.129.0.0/16 514 #OrgName: The Johns Hopkins Medical Institutions 515 NetAddr::IP->new("162.129.8.151"), 516 #CIDR: 128.220.0.0/16 517 NetAddr::IP->new("128.220.161.140"), 518 519 #CIDR: 144.167.0.0/16 520 #OrgName: University of Arkansas at Little Rock 521 NetAddr::IP->new("144.167.3.152"), 522 356 523 # List servers 357 524 # Debian listserver - relays spam, so we can't list it. … … 362 529 # Org-Name iContact (Broadwick Corp./Preation Inc.) 363 530 NetAddr::IP->new("216.27.93.0/25"), 531 NetAddr::IP->new("207.254.213.192/26"), 364 532 365 533 # are these guys an ESP? rDNS in many blocks shows secureserver.net, with SMTPish overtones … … 374 542 NetAddr::IP->new("72.167.82.80/29"), 375 543 NetAddr::IP->new("72.167.82.90"), 544 NetAddr::IP->new("72.167.224.0/28"), 545 NetAddr::IP->new("72.167.234.224/27"), 546 #IP-Network 208.109.0.0/16 547 NetAddr::IP->new("208.109.80.23"), 548 NetAddr::IP->new("208.109.80.58"), 549 NetAddr::IP->new("208.109.80.24"), 550 NetAddr::IP->new("208.109.80.74"), 551 NetAddr::IP->new("208.109.80.80"), 552 NetAddr::IP->new("208.109.80.81"), 553 #IP-Network 68.178.128.0/17 554 NetAddr::IP->new("68.178.232.18"), 555 376 556 #IP-Network 173.201.0.0/16 377 NetAddr::IP->new("173.201.19 2.0/24"),557 NetAddr::IP->new("173.201.193.0/23"), 378 558 379 559 # EmailBrain - note no actual netblocks of their own. :( … … 384 564 #166.171.100.66.in-addr.arpa domain name pointer c.eb08.ebhost9.com. 385 565 566 # Tucows - don't recall if they're affiliated with anyone else 567 #CIDR: 64.96.0.0/14 568 NetAddr::IP->new("64.98.42.0/24"), 569 570 # not really an ESP, exactly, but best-fit 571 #IP-Network 208.47.184.0/23 572 #Org-Name SYNACOR 573 # mailrelay.embarq.synacor.com 574 NetAddr::IP->new("208.47.184.3"), 575 576 #CIDR: 208.75.120.0/22 577 #OrgName: Constant Contact, Inc 578 579 580 # Mailbox providers 581 582 # Hushmail 583 #IP-Network 65.39.178.0/24 584 # all existent rdns in this range are smtp, but not all exist 585 NetAddr::IP->new("65.39.178.128/27"), 386 586 387 587 # eBay/PayPal … … 393 593 NetAddr::IP->new("192.94.94.40"), 394 594 595 # Government tentacles 596 #inetnum: 193.39.144.0 - 193.39.159.255 597 #descr: City of Edinburgh District Council 598 NetAddr::IP->new("193.39.157.39"), 599 395 600 ); # done def for @dontlistme 396 601 397 602 MSG: for (my $i=0; $i<$msgcount; $i++) { 398 603 my $msg = $imap->message_string($msgs[$i]); 604 605 print "."; 399 606 400 607 my $mail = $spamtest->parse($msg); … … 460 667 next MSG if $relayip->within($block); 461 668 } 462 463 669 $iplist{$relayip->addr}++ if $relayip; 464 670 … … 466 672 sleep 1; 467 673 } # IMAP message iteration 674 675 print " Done.\n"; 468 676 469 677 # mm. don't really need times on the IP lists
Note:
See TracChangeset
for help on using the changeset viewer.
