# Sigh. # Apparently someone out there at ican thinks we're their mail gateway. # One scottmo@ican.net, judging from appearances. smtpserver: _^ppp-.*\.ican\.net :\ setenv OPTREJECT We are not your mail gateway.:\ setenv OPTLOG ican PPP: deny # as above, for jhyre@ica.net. smtpserver: _^shiva[0-9]-.*-ip[0-9]*.*\.ica\.net$ : setenv OPTLOG ica PPP :\ setenv OPTREJECT We are not your mail gateway.: deny smtpserver: _^ppp[0-9]*\.pm-.*\.ultratech\.net :\ setenv OPTREJECT We are not your mail gateway.:\ setenv OPTLOG ultratech PPP: deny # someone forging stuff and mail to nghia.huynh@utoronto.ca smtpserver: 142.204.99.50 : setenv OPTLOG unknown forger: \ setenv OPTREJECT We are not your mail gateway.: deny # No one. Yet. But UCE abuse at large... smtpserver: _^ppp[0-9]*\..*\.sympatico\.ca$ :\ setenv OPTREJECT We are not your mail gateway.:\ setenv OPTLOG sympatico PPP: deny # ditto. smtpserver: _slip[0-9]*.*\.us\.ibm\.net$ : setenv OPTLOG IBM SLIP:\ setenv OPTREJECT We are not your mail gateway. : deny # Sigh. smtpserver: _^annex.-port[0-9][0-9]*\.net\.mcmaster\.ca$ :\ setenv OPTREJECT We are not your mail gateway.:\ setenv OPTLOG mcmaster annex: deny smtpserver: _^slip[0-9]*\.cs\.nrc\.ca : setenv OPTLOG nrc slip :\ setenv OPTREJECT We are not your mail gateway. : deny # someone claiming a HELO of online.isa.com.au. Lose lose. (from sunshine.*) smtpserver: .slip.cc.uq.ed.au : setenv OPTLOG uq.ed.au SLIP:\ setenv OPTREJECT We are not a SLIP mail gateway.: deny # someone HELO'ing as 'MONICA' from 194.88.73.18 smtpserver: _^modem[0-9][0-9]*\.saqnet\.co\.uk$ : \ setenv OPTLOG saqnet modem : \ setenv OPTREJECT We are not your mail gateway. : deny # , from 192.139.76.134 aka janus1-6.usask.ca smtpserver: _^janus[0-9]-[0-9]*\.usask\.ca$ : setenv OPTLOG usask janus: \ setenv OPTREJECT We are not your mail gateway. : deny # a spammer, although he didn't hit gpu. smtpserver: .ras.pon.net : setenv OPTLOG pon.net: \ setenv OPTREJECT We are not your mail gateway. : deny # Karl Kleinpaste says that this is the appropriate name pattern for # Compuserve PPP dialups (well, with arl/hil/dub in the middle) smtpserver: _^.d[0-9][0-9]-[0-9][0-9][0-9]\.[adh][rui][lb]\.compuserve\.com$ \ _^.d[0-9][0-9]-[0-9][0-9][0-9]\.compuserve\.com$ :\ setenv OPTREJECT We are not your mail gateway. :\ setenv OPTLOG Compuserve PPP dialup: deny # The following is an experiment, to only allow approved C$ hosts access. smtpserver: _^[a-z][a-z][a-z]-img-[0-9][0-9]*\.compuserve\.com$ \ .inhouse.compuserve.com \ _^...-name-svc-.\.compuserve\.com$ : allow smtpserver: .compuserve.com : twist /bin/echo "421 temporarily unable to verify non-dialup status." # ditch various spammers attempting to ping gpu's mailer. # We are nice to people working from UUNet dialups, and only block them # here. smtpserver: 153.34. 153.35. 153.36. .da.uu.net .ms.uu.net : \ setenv OPTREJECT We are not your mail gateway.:\ setenv OPTLOG UUNET dialup reject: deny # long-time spam source from their PPP dialups at least. smtpserver: .ppp.satelnet.org: setenv OPTLOG satelnet PPP:\ setenv OPTREJECT We are not your mail gateway.: deny # more dialup people who shouldn't be dinging us. smtpserver: .dial-access.att.net .pub-ip.psi.net : \ setenv OPTREJECT We are not your mail gateway.:\ setenv OPTLOG dialup reject: deny smtpserver: _^host-[0-9].*\.mia\.bellsouth\.net$ :\ setenv OPTREJECT We are not your mail gateway.:\ setenv OPTLOG bellsouth dialup: deny smtpserver: _^ppp-[0-9][0-9][0-9]-[0-9]*.*\.swbell\.net$ :\ setenv OPTREJECT We are not your mail gateway.:\ setenv OPTLOG swbell dialup: deny smtpserver: _^usr.-dialup.*\..*\.mci\.net$: setenv OPTLOG MCI dialup:\ setenv OPTREJECT We are not your mail gateway.: deny smtpserver: .dialup.earthlink.net : setenv OPTLOG Earthstink dialup :\ setenv OPTREJECT We are not your mail gateway.: deny smtpserver: .ipt.aol.com : setenv OPTLOG AOL dialup: \ setenv OPTREJECT We are not your mail gateway.: deny # this pattern is a guess. smtpserver: _^spc-isp-.*\.sprint\.ca$: setenv OPTLOG sprint.ca dialup:\ setenv OPTREJECT We are not your mail gateway.: deny # spammed through enfm: smtpserver: .dialup.csn.net : setenv OPTLOG CSN dialup: \ setenv OPTREJECT We are not your mail gateway.: deny # 'mail.cvn.net', actually duppp5.chmbg.franklin.pa.net, dumping in mail # as "ujpj@"@mci2000.com to a spamtrap address. smtpserver: _^..ppp[0-9]*\..*\..*\.pa\.net$ :\ setenv OPTREJECT We are not the mail gateway for random PPP machines. :\ setenv OPTLOG pa.net dialup # enterprise.net, which has no control over things. smtpserver: _^ppp[0-9][0-9]*\.enterprise\.net$ : \ setenv OPTREJECT We are not your mail gateway.:\ setenv OPTLOG enterprise.net ppp reject: deny smtpserver: .enterprise.net :\ setenv OPTREJECT Access denied, too much junk email from your site.:\ setenv OPTLOG general enterprise.net reject: deny # this is for iemmc.org, spammers galore. smtpserver: 206.85.20. .iemmc.org : setenv OPTREJECT none: setenv OPTLOG iemmc.org reject: deny # slutnet, as people call it. smtpserver: 205.199.4. 205.198.78. 205.198.79. : setenv OPTREJECT none: \ setenv OPTLOG nancynet IP: deny smtpserver: .nancynet.com .sallynet.com : setenv OPTREJECT none: setenv OPTLOG nancynet domain: deny # ooh look! smtpserver: .regulus.net .spica.net .capella.net .arcturus.net \ .capella-systems.com: setenv OPTREJECT none :\ setenv OPTLOG regulus domain: deny # random assortment # really 205.164.68.1 only, but why take chances with an AGIS netblock? smtpserver: .hitsrus.com 205.164.8. 205.164.68. :\ setenv OPTLOG hitsrus.com : deny smtpserver: .onlinebiz.net : setenv OPTLOG onlinebiz : deny smtpserver: 205.199.212. : setenv OPTLOG cyberpromo IP: setenv OPTREJECT none: deny # Golfballs Unlimited and we-deliver.net. smtpserver: 208.211.205.64/255.255.255.224 : setenv OPTLOG golfballs: deny # planning ahead helps beat spam smtpserver: .adultwatch.com 207.115.225. : setenv OPTLOG adultwatch : deny smtpserver: .mailermachine.com 208.144.211. : setenv OPTLOG mailermachine : deny smtpserver: .llv.com : setenv OPTLOG llv whoop whoop: deny smtpserver: .kustom.on.ca 204.101.226. : setenv OPTLOG kustom.on.ca: deny # Go away, you perambulating monsters. # IP address may be bad. smtpserver: .cyber-broadcasting.com : setenv OPTREJECT none: deny # some just in case entries, in case these people move IP subnets: smtpserver: .cyberpromo.com .ispam.net .cybermirror1.com .answerme.com \ .keepmailing.com : setenv OPTREJECT none: deny # right. Broken SMTP implementations may BITE ME. # Especially when they send us '550 Syntax error' as the *SENDER*. #smtpserver: 209.43.130. : twist exec /local/etc/forw/smtp 209.43.130.3 # Hmm smtpserver: 208.197.88. 208.206.54. : setenv OPTLOG anawave IP watcher: allow smtpserver: 206.129.216. : setenv OPTLOG random IP watcher: allow smtpserver: 207.137.28. : setenv OPTLOG direct-to-you IP watcher: allow smtpserver: 207.137.156.20 : setenv OPTLOG af2.com IP hit: deny smtpserver: 207.137.156. : setenv OPTLOG af2.com IP watch: allow # Because of /local/lib/mail/nscheck it really helps to have all the # IP-shunned things listed here too. smtpserver: .marketit.com 151.196.87. : setenv OPTLOG marketit: deny smtpserver: .infowatch.net 209.25.84. : setenv OPTLOG infowatch: deny smtpserver: 207.247.16.208/28 : setenv OPTLOG babeview aka OTAir IP: deny smtpserver: 206.149.148.0/22 : setenv OPTLOG camelot.net IP: deny smtpserver: 207.12.78. : setenv OPTLOG moneyworld IP: deny smtpserver: 204.148.35. : setenv OPTLOG telysis IP: deny # oh this is BIG # seductress.com/Access Nevada, I hate you. # this list is from rc.ipacl smtpserver: 206.29.5. 206.29.6 206.29.20.0/23 206.29.24.0/23 \ 206.96.32.0/23 205.199.240.0/21 207.168.90 207.168.92. \ 205.199.152.0/21 : setenv OPTLOG Access Nevada IP: deny smtpserver: 205.254.164.0/22 205.137.58. : setenv OPTLOG LLV IP: deny smtpserver: 205.254.164.0/22 205.137.58. : setenv OPTLOG LCGM IP: deny smtpserver: 206.85.231. .poffice.com : setenv OPTLOG poffice.com: deny smtpserver: 204.157.168. .1-global.com : setenv OPTLOG 1-global: deny smtpserver: 208.15.229. .1stfamily.com : setenv OPTLOG 1stfamily: deny # spamrelay.grandbikes.com, at 208.219.218.3. Bye bye. smtpserver: 208.219.218. .grandbikes.com : setenv OPTLOG grandbikes: deny smtpserver: 204.137.220. 204.137.221. 204.137.222. 204.137.223. \ 207.120.46.0/26 : setenv OPTLOG CP IPs: deny # something, and a lot of packets to us from them too. smtpserver: 206.31.38. : setenv OPTLOG globalproper IPS?: deny smtpserver: 198.242.111. .global-impact.com .gwh.net:\ setenv OPTLOG gwh.net: deny smtpserver: 205.164.70. 205.164.71. .shoppingplanet.com :\ setenv OPTLOG shoppingplanet: deny smtpserver: 207.7.23. .vcity.net : setenv OPTLOG vcity.net: deny # Sigh. smtpserver: 205.254.167. .qlink2info.com : setenv OPTLOG qlink2info: deny # grr. Prime Data Systems Inc. smtpserver: 207.15.68.0/22 : setenv OPTLOG prime datasys: deny smtpserver: 207.139.145. .maxpol.com : setenv OPTLOG maxpol: deny smtpserver: 207.149.0. .ientertain.com : setenv OPTLOG ientertain: deny smtpserver: 208.21.213. .t-1net.com : setenv OPTLOG t-1net: deny smtpserver: 208.2.180. .owedmoney.com : setenv OPTLOG owedmoney: deny # this is actually the same people, but in two different IP blocks. # they do junk email, so they lose. (see the URL # http://www.world-services.com/promotions/imarketing.htm, which lies about # how 'targeted' their email is.) smtpserver: 209.25.85. .world-services.com : setenv OPTLOG wservices: deny smtpserver: 207.234.172. .netsurfers.net : setenv OPTLOG netsurfers: deny smtpserver: 209.14.30. : setenv OPTLOG quantcom IP: deny smtpserver: 204.157.32. .gzinc.com .netdetective.net : \ setenv OPTLOG gzinc: deny smtpserver: 151.196.84. 151.196.77. 209.21.129. .adgrafix.com : \ setenv OPTLOG adgrafix: deny # thrown in for the DNS exclusion. smtpserver: 194.72.192.0/19 : setenv OPTLOG enterprise IP: deny