Yoh_Matsuda

spamassassin user_prefs for Japanese.

Dec 18th, 2018
31,805
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # <<< ---NOTE--- ---NOTE--- ---NOTE--- ---NOTE--- >>>
  2. #
  3. # THIS FILE IS FOR SA 3.x! SA 2.63 & 2.64 ARE NO LONGER SUPPORTED!
  4. #
  5. # <<< ---NOTE--- ---NOTE--- ---NOTE--- ---NOTE--- >>>
  6.  
  7. # Add your own customisations to this file. See 'man Mail::SpamAssassin::Conf'
  8. # for details of what can be tweaked.
  9. #
  10. # ~/.spamassassin/user_prefs
  11. # $Id: user_prefs,v 1.1414 2010/05/04 08:42:30 yoh Exp $
  12. #
  13. # http://www.flcl.org/~yoh/user_prefs
  14. # Original source from:
  15. # http://www.linux.or.jp/~ukai/l-u-spam/local.cf
  16. # modified by MATSUDA Yoh-ichi [yoh] (kitty_freak@yahoo.co.jp)
  17. #
  18. # This file is updated frequently. You can use web antenna software for
  19. # checking this file.
  20. #
  21. # Notice for Non-Japanese natives:
  22. # Thank you for watching this file.
  23. # This is "user_prefs", SpamAssassin user-specific configuration
  24. # file "for Japanese".
  25. # But, some rules are useful for Non-Japanese natives, I believe.
  26. #
  27. # Feel free to use this file, there is no problem using whether
  28. # whole or partial.
  29. # You can use this file for personal, business, or built-in
  30. # commercial products.
  31. #
  32. # I hope happy E-mail world.
  33. #
  34. # Notice for Japanese natives:
  35. # You should read
  36. # http://spamassassin.jp/modules/xhnewbb/viewtopic.php?topic_id=64
  37. # before using this file.
  38. #
  39. # _._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._
  40. # If you have any problem, questions or suggestions,
  41. # email to: kitty_freak@yahoo.co.jp
  42. # Twitter to: @Yoh_Matsuda
  43. # _._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._
  44. #
  45. # Copyright (c) 2002-2019 MATSUDA Yoh-ichi
  46. # This file is licensed under the Open Software License v.2.0.
  47. #
  48. # Open Software License v.2.0 at: http://opensource.org/licenses/osl-2.0.php
  49. # Japanese translation at: http://sourceforge.jp/projects/opensource/wiki/licenses/Open_Software_License
  50. #
  51.  
  52. #
  53. # <<< ---NOTE--- ---NOTE--- ---NOTE--- ---NOTE--- >>>
  54. #
  55. # How to use this file:
  56. #
  57. # 1. wget -O ~/.spamassassin/user_prefs http://www.flcl.org/~yoh/user_prefs
  58. #
  59. # 2. write below rules in your ~/.spamassassin/private_prefs:
  60. #
  61. # (1) your own 'trusted_networks'
  62. #
  63. # trusted_networks 127.0.0.1/8 192.168.0.1/16 10.0.0.1/8 172.16.0.1/12 210.150.184.16/29 202.93.83.109 202.93.83.110/31 202.93.83.112 202.93.85.135 202.93.85.136/31 202.93.85.138 219.100.31.229 202.248.238.70 64.233.162.192/28 61.215.208.41 210.157.158.35 210.157.158.37 210.171.226.47 211.10.155.25
  64. #
  65. # <<< Attention! >>>
  66. # Now, you don't need "MYMTA" setting!
  67. # 2010.01.14 by [yoh]
  68. #
  69. # for more details, see http://spamassassin.jp/modules/xhnewbb/viewtopic.php?topic_id=9&post_id=47#forumpost47
  70. #
  71. # sample private_prefs is available at
  72. # http://www.flcl.org/~yoh/private_prefs
  73. #
  74. # <<< ---NOTE--- ---NOTE--- ---NOTE--- ---NOTE--- >>>
  75. #
  76.  
  77.  
  78. # ex. in my ~/.procmailrc:
  79. #
  80. #------------------ ~/.procmailrc -------------------
  81. # SHELL=/bin/sh
  82. # LOGFILE=$HOME/Mail/procmail.log
  83. # DEFAULT=$ORGMAIL
  84. # SPAM=$HOME/spam/spam/.
  85. # DOUBT=$HOME/spam/doubt/.
  86. # # call spamassassin
  87. # :0fw: spamassassin.lock
  88. # * < 600000
  89. # | spamassassin
  90. # # "autolearn=spam" is "spam"
  91. # :0H:
  92. # * X-Spam-Flag: YES
  93. # * X-Spam-Status:.*autolearn=spam
  94. # $SPAM
  95. # # score over 20 is "spam"
  96. # :0H:
  97. # * ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
  98. # $SPAM
  99. # # other is "doubt"
  100. # :0H:
  101. # * !^X-Spam-Probability:
  102. # * ^X-Spam-Flag: YES
  103. # $DOUBT
  104. #------------------ End of ~/.procmailrc -------------------
  105.  
  106.  
  107. #
  108. # - global configuration
  109. # some definition, no depending languages etc.
  110. # you can tune threshold score level as you like.
  111. #
  112.  
  113. #
  114. # threshold level up to 8.0 2004.12.14 by [yoh]
  115. # threshold level up to 13.0 2005.11.3 by [yoh]
  116. #
  117.  
  118. required_score 13.0
  119.  
  120. #
  121. # autolearn threshold setting 2005.11.3 by [yoh]
  122. #
  123.  
  124. bayes_auto_learn_threshold_nonspam 0.1
  125. bayes_auto_learn_threshold_spam 12.0
  126.  
  127. #
  128. # For AWL working properly, we have to write your trusted networks.
  129. # http://article.gmane.org/gmane.mail.spam.spamassassin.general/72509
  130. # http://wiki.apache.org/spamassassin/AwlWrongWay?highlight=%28awl%29
  131. # 2005.09.23 by [yoh]
  132. # Thanks to OOI Keita san
  133. # 2005.11.22 by [yoh]
  134. #
  135. # You MUST write below in your ~/.spamassassin/private_prefs
  136. # 2006.04.18 by [yoh]
  137. #
  138. # trusted_networks 127.0.0.1/8 192.168.0.1/16 10.0.0.1/8 172.16.0.1/12 210.150.184.16/29 202.93.83.109 202.93.83.110/31 202.93.83.112 202.93.85.135 202.93.85.136/31 202.93.85.138 219.100.31.229 202.248.238.70 64.233.162.192/28 61.215.208.41 210.157.158.35 210.157.158.37 210.171.226.47 211.10.155.25
  139.  
  140.  
  141. # 124.83.200.48/28 124.83.200.64/29 124.83.200.72/30 124.83.200.76/31
  142. # 124.83.212.21/32 124.83.212.22/31 124.83.212.24/29 124.83.212.32/30 124.83.212.81/32 124.83.212.82/31 124.83.212.84/30 124.83.212.88/29
  143. # 203.216.249.201/32 203.216.249.202/31 203.216.249.204/30 203.216.249.208/29
  144. # 202.93.80.0/20
  145. # 203.216.226.176/28
  146. # added 2009.05.31 by [yoh]
  147. # modified 2011.06.04 by [yoh]
  148. # updated 2013.09.29 by [yoh]
  149. # for checking Yahoo! Japan webmail spam.
  150. # 203.216.226.0/24
  151. # trusted_networks 124.83.168.15/32 124.83.168.16/29 124.83.168.24/30 124.83.168.28/31 124.83.168.32/29 124.83.168.40/30 124.83.168.44/31 124.83.168.46/32 203.216.226.171/32 203.216.226.172/30 203.216.226.192/31 203.216.226.194/32
  152. #trusted_networks 124.83.236.148/30 124.83.236.152/29 124.83.237.102/31 124.83.238.73/32 124.83.238.74/31 124.83.238.76/30 124.83.238.80/28 124.83.238.96/30 124.83.238.100/31 124.83.238.102/32 124.83.239.46/31 124.83.239.48/28 124.83.239.64/29 124.83.239.72/32 183.79.28.70/31 183.79.28.72/29 183.79.28.80/29 183.79.28.88/31 183.79.28.103/32 183.79.28.104/29 183.79.28.112/28 183.79.28.128/25 183.79.29.0/25 183.79.29.128/27 183.79.29.160/28 183.79.29.176/30 183.79.29.180/31 183.79.56.10/31 183.79.56.12/30 183.79.56.16/28 183.79.56.32/31 183.79.100.5/32 183.79.100.6/31 183.79.100.8/29 183.79.100.16/28 183.79.100.32/27 183.79.100.64/26 183.79.100.128/26 183.79.100.192/27 183.79.100.224/28 183.79.100.240/30 183.79.100.244/32 183.79.150.4/30 183.79.150.8/29 183.79.150.16/28 183.79.150.32/27 183.79.150.64/27 183.79.150.96/29 183.79.150.104/30 172.26.8.0/24
  153. # 183.79.28.70/31 183.79.28.72/29 183.79.28.80/29 183.79.28.88/31 183.79.28.103/32 183.79.28.104/29 183.79.28.112/28 183.79.28.128/25 183.79.29.0/25 183.79.29.128/27 183.79.29.160/28 183.79.29.176/30 183.79.29.180/31 183.79.56.10/31 183.79.56.12/30 183.79.56.16/28 183.79.56.32/31 183.79.100.5/32 183.79.100.6/31 183.79.100.8/29 183.79.100.16/28 183.79.100.32/27 183.79.100.64/26 183.79.100.128/26 183.79.100.192/27 183.79.100.224/28 183.79.100.240/30 183.79.100.244/32 183.79.150.4/30 183.79.150.8/29 183.79.150.16/28 183.79.150.32/27 183.79.150.64/27 183.79.150.96/29 183.79.150.104/30
  154. trusted_networks 124.83.236.148/30 124.83.236.152/29 124.83.237.102/31 124.83.238.73/32 124.83.238.74/31 124.83.238.76/30 124.83.238.80/28 124.83.238.96/30 124.83.238.100/31 124.83.238.102/32 124.83.239.46/31 124.83.239.48/28 124.83.239.64/29 124.83.239.72/32 183.79.0.0/16 172.26.8.0/24
  155.  
  156. # added 2011.03.05 by [yoh]
  157. # for checking US and EU Yahoo! webmail spam.
  158. trusted_networks 115.178.12.0/23 124.108.96.0/20 124.108.112.0/20 183.177.64.0/19 67.195.0.0/16 68.142.192.0/18 76.13.0.0/16 77.238.188.0/22 98.136.0.0/14
  159.  
  160. #
  161. # - tuning internal rules score
  162. # some rules need score level up, some rules need deactivate.
  163. #
  164.  
  165. # modified 2009.03.22 by [yoh]
  166. # Bayes depends on learning.
  167. # So, autolearning too much spam makes false positive.
  168.  
  169. # Bayes engine needs frequently maintenance and balanced corpus.
  170. # So I decided setting low score.
  171. # 2010.04.14 by [yoh]
  172. # 2014.07.04 by [yoh]
  173.  
  174. score BAYES_80 0.5
  175. score BAYES_95 1.0
  176. score BAYES_99 1.5
  177.  
  178. #
  179. # This rule is useful, so activated.
  180. # 2014.06.01 by [yoh]
  181. #
  182. # I decided setting low score.
  183. # 2014.07.04 by [yoh]
  184.  
  185. score BAYES_999 2.0
  186.  
  187.  
  188. score BAYES_00 0 0 -1.665 -6.0
  189. score BAYES_05 0 0 -0.925 -4.0
  190.  
  191. score X_LIBRARY 4.3
  192. # score HTML_70_80 1.0
  193. # score UPPERCASE_25_50 0.5
  194.  
  195. score NO_DNS_FOR_FROM 3.5
  196.  
  197. # score HOT_NASTY 2.0
  198. # score RISK_FREE 2.0
  199. score RATWARE_OE_MALFORMED 4.1
  200. score UPPERCASE_75_100 1.0
  201.  
  202. score HTML_MESSAGE 1.0
  203.  
  204. # score MSGID_FROM_MTA_ID 2.7
  205.  
  206. score GAPPY_SUBJECT 0.5
  207.  
  208. #
  209. # This rule is no meanings because many ham sender doesn't add real name
  210. # in his/her From: area.
  211. # 2006.10.29 by [yoh]
  212. #
  213. # score NO_REAL_NAME 0
  214.  
  215. #
  216. # This rule is no meanings because some web mail agents add
  217. # X-MSMail-Priority.
  218. # 2006.10.29 by [yoh]
  219. #
  220. score MISSING_MIMEOLE 0.1
  221.  
  222. #
  223. # This rule is no meanings because some Japanese ham has this rule.
  224. # 2006.10.29 by [yoh]
  225. #
  226. score PLING_QUERY 0.1
  227.  
  228. #
  229. # This rule is no meanings because many people send "no subject" mail.
  230. # 2008.05.31 by [yoh]
  231. #
  232. score MISSING_SUBJECT 0
  233.  
  234. #
  235. # This rule is no meanings because Outlook Express send this type mail.
  236. # 2008.05.31 by [yoh]
  237. #
  238. score FROM_EXCESS_BASE64 0
  239.  
  240. #
  241. # This rule is no meanings because Outlook Express send this type mail.
  242. # So, this rule is nonsense.
  243. # 2008.05.31 by [yoh]
  244. #
  245. score TVD_SPACE_RATIO 0
  246.  
  247. #
  248. # This rule is no meanings because some hammy host send this type mail.
  249. # So, this rule is nonsense.
  250. # 2009.10.23 by [yoh]
  251. #
  252. score RCVD_HELO_IP_MISMATCH 0
  253.  
  254. #
  255. # This rule is no meanings because this rule hits many Japanese ham.
  256. # So, this rule is nonsense.
  257. # 2010.01.23 by [yoh]
  258. #
  259. score FM_FRM_RN_L_BRACK 0
  260.  
  261. #
  262. # - language definition
  263. # if you aren't native Japanese, you have to change definition below.
  264. # In 3.1.0, you have to enable plugin "Mail::SpamAssassin::Plugin::TextCat"
  265. # in /etc/spamassassin/v310.pre .
  266. # http://marc.theaimsgroup.com/?l=spamassassin-announce&m=112674318914008&w=2
  267. # 2005.09.26 by [yoh]
  268. #
  269.  
  270. ok_languages ja en
  271. ok_locales ja en
  272.  
  273. #
  274. # - language definition related rules
  275. # if you aren't native Japanese, you have to change definition below.
  276. #
  277.  
  278. # There is no effect whether target mail is Japanese or not.
  279. # 2004.05.28 by [yoh]
  280. header ISO2022JP_CHARSET Content-Type =~ /charset=['"]?iso-2022-jp['"]?/i
  281. describe ISO2022JP_CHARSET ISO-2022-JP message
  282. # score ISO2022JP_CHARSET -0.182
  283. score ISO2022JP_CHARSET -0.1
  284.  
  285. header GB2312_CHARSET Content-Type =~ /charset=['"]?GB2312['"]?/i
  286. describe GB2312_CHARSET GB2312 message
  287. score GB2312_CHARSET 5.00
  288.  
  289. # thrown away 2005.09.14 by [yoh]
  290. #
  291. # header KS5601_CHARSET Content-Type =~ /charset= ?['"]?ks_c_5601/i
  292. # describe KS5601_CHARSET KS_C_5601 message
  293. # score KS5601_CHARSET 5.00
  294.  
  295. header BIG5_CHARSET Content-Type =~ /charset=['"]?big5['"]?/i
  296. describe BIG5_CHARSET Big5 message
  297. score BIG5_CHARSET 5.0
  298.  
  299. header WINDOWS_CHARSET Content-Type =~ /charset=['"]?windows-125.['"]?/i
  300. describe WINDOWS_CHARSET Windows-1252 message
  301. score WINDOWS_CHARSET 5.0
  302.  
  303. # debugged 2013.06.30 by [yoh]
  304. full GB2312ENC /\nContent-Type: .*;[\n\t ]*charset=.*gb2312["\n\r]/i
  305. describe GB2312ENC gb2312 message
  306. score GB2312ENC 1.0
  307.  
  308. # newly added for Chinese fake products sales spam. 2013.06.30 by [yoh]
  309. meta YHOWEBMCHINA RCVD_IN_CHINA && YAHOOWEBMAIL && GB2312ENC
  310. score YHOWEBMCHINA 3.5
  311.  
  312. # full RFC822ENC /\nContent-Type: message/rfc822;[\n\r]/i
  313. # score RFC822ENC 0.1
  314.  
  315. full RFC822X3 /\nContent-Type: message\/rfc822;(?:.*\n){3,}Content-Type: message\/rfc822;(?:.*\n){3,}Content-Type: message\/rfc822;/i
  316. describe RFC822X3 "Content-Type: message/rfc822" 3times in a message.
  317.  
  318. full RFC822X2 /\nContent-Type: message\/rfc822;(?:.+){0,1}(?:.*\n){3,}Content-Type: message\/rfc822;/i
  319. describe RFC822X2 "Content-Type: message/rfc822" 2times in a message.
  320.  
  321. full RFC822GB2312 /\nContent-Type: message\/rfc822;(?:.+){0,1}(?:.*\n){3,}Content-Type: text\/plain;(?:[ \n]){0,1}[\t ]charset="gb2312"/i
  322.  
  323. # newly added for Chinese fake products sales spam. 2014.01.15 by [yoh]
  324. # corrected 2014.09.17 by [yoh]
  325. rawbody __CNYHOHTML01 /id=\"yiv\d{8,}/
  326. rawbody __CNYHOHTML02 /class=\"yiv\d{8,}yui/
  327. rawbody __CNYHOHTML03 /(?:yiv\d+yui(?:_\d)+\d+ ){2,}/
  328.  
  329.  
  330. meta YHOWEBMGBMP YAHOOWEBMAIL && (GB2312ENC && (RFC822X3 || RFC822X2 || RFC822GB2312) || (__CNYHOHTML01 || __CNYHOHTML02 || __CNYHOHTML03) && UTF8 && (QENCPTR1 || QENCPTR2) )
  331. score YHOWEBMGBMP 9.5
  332.  
  333.  
  334. meta YHOWEBMJPMP YAHOOWEBMAIL && (ISO2022JP_BODY && (__CNYHOHTML01 || __CNYHOHTML02 || __CNYHOHTML03) && (QENCPTR1 || QENCPTR2) )
  335. score YHOWEBMJPMP 15
  336.  
  337.  
  338. full MIMEQENC /\nContent-Transfer-Encoding: quoted-printable[\n\r]/i
  339. describe MIMEQENC Quoted-Printable mime definition
  340. score MIMEQENC 0.2
  341.  
  342. full QENCPTR1 /=[1-9][0-9A-Fa-f]/
  343. describe QENCPTR1 Quoted-Printable mime pattern
  344. score QENCPTR1 0.2
  345.  
  346. full QENCPTR2 /[a-zA-Z]=[\n\r]/
  347. describe QENCPTR2 Quoted-Printable mime pattern
  348. score QENCPTR2 0.2
  349.  
  350. # thrown away 2005.09.14 by [yoh]
  351. #
  352. # meta GB2312QENC GB2312ENC && MIMEQENC && QENCPTR1 && QENCPTR2
  353. # describe GB2312QENC GB2312 quoted-printable MIME body
  354. # score GB2312QENC 10.0
  355. #
  356. # full BIG5_BODY /\nContent-Type:.*charset=.*big5.*[\n\r]/i
  357. # describe BIG5_BODY Big5 charset in multipart
  358. # score BIG5_BODY 10.0
  359.  
  360.  
  361. #
  362. # generic, miscellaneous header rules.
  363. #
  364.  
  365. # ([a-z,'\-]+ ){2,}[a-z]+[0-9]+$|([0-9a-z,'\-]+ ){1,}[a-z ,'\-]+$
  366. # ^[0-9A-Za-z]{10,}$
  367.  
  368. # score down 2011.04.07 by [yoh]
  369.  
  370. header X_MAILER X-Mailer =~ /(?:GpsMailer|SpireMail|IM200[01] Version|Pinta Magazine|MultiMail|BSMTP DLL|E-Magazine|Direct Email|Achi-Kochi Mail|MagicalMail|InternetPost for Active Platform|Web Based Pronto|Oshirase.*-Mailer|SendMailEX|Douhou\@Mail|{%xmailer%}|<IMail v|jpfree Group Mail Express|SMTPit - FileMaker Pro Email Plugin|MultiSneder|Allaire ColdFusion Application Server|fuck_you69|adToOne|MailMagic|FightIK Version |Pegasus Mail for Win32 |vb_smtp_test|Fox[mM]ail \d\.\d+.+\[cn\]|ACMAILER scripted by http:\/\/[a-z0-9.]+\/|takamail|Super Mailer 9 \[cn\]\[outlook\]|jmail v2\.0|Yotiyoti Mailer Version |o2\.pl WebMail v|MIME-tools 5\.[0-9]+ \(Entity 5\.[0-9]+\)|WsMail 1|NEXTism Mailer|Shadow Mail v|UmailNG \.NET \(powered by Microsoft Windows 2003\)|Doho Haishin|acmailer|^[a-z]{4,}[^a-zA-Z]\d{2}$|RAINBOW Version |<!-- CoreMail Version|HM System)/
  371. describe X_MAILER spammer's choice of X-Mailer
  372. score X_MAILER 3.0
  373.  
  374. header XTRAXMAILER X-Mailer =~ /(Easy DM free|DM Mailer|Shadow Mail v\. 2.0|DM-SenderEX|Mail Distributor ver\.|Mail Distributer|BLT-TECH_EXEMAIL_1)/
  375. describe XTRAXMAILER spammer's choice of X-Mailer
  376. score XTRAXMAILER 22.0
  377.  
  378. # added 2011.03.05 by [yoh]
  379. #
  380. header YAHOOWEBMAIL X-Mailer =~ /YahooMailWebService/
  381.  
  382. meta DYN_YAHOOWEBMAIL YAHOOWEBMAIL && ___DYNAMICIP
  383. score DYN_YAHOOWEBMAIL 5.5
  384.  
  385.  
  386. # added 2011.06.19 by [yoh]
  387. rawbody __MSWORD_HTML /<meta name=Generator content=\"Microsoft Word \d{1,2}\">/i
  388. rawbody __SIMSUN /alt:SimSun;/
  389.  
  390. # Counterfeit consumer goods
  391. meta COUNTERFEIT_CHINA __MSWORD_HTML && __SIMSUN && (__JPEG_ATTACH || __GIF_ATTACH) && YAHOOWEBMAIL
  392. score COUNTERFEIT_CHINA 5.5
  393.  
  394. #
  395. #
  396. # New rules from version 3.1.0
  397. # 2005.09.21 by [yoh]
  398. #
  399. #
  400.  
  401. #
  402. # This rule has no meanings since every long Japanese Subject have twice
  403. # encode strings.
  404. # 2005.10.11 by [yoh]
  405. #
  406.  
  407. # score SUBJECT_ENCODED_TWICE 0.1
  408.  
  409. score UNPARSEABLE_RELAY 0.5
  410.  
  411. # Bayes engine needs frequently maintenance and balanced corpus.
  412. # So I decided setting low score.
  413. # 2010.04.14 by [yoh]
  414. meta UNPARSEABLERELAY99 UNPARSEABLE_RELAY && BAYES_99
  415. describe UNPARSEABLERELAY99 UNPARSEABLE_RELAY && BAYES_99
  416. score UNPARSEABLERELAY99 1.5
  417.  
  418. meta UPRSBLRLY_DCN UNPARSEABLE_RELAY && ___DCN
  419. score UPRSBLRLY_DCN 3.5
  420. meta DYN_UPRSBLRLY UNPARSEABLE_RELAY && ___DYNAMICIP
  421. score DYN_UPRSBLRLY 3.5
  422. meta UPRSBLRLY_PBL UNPARSEABLE_RELAY && RCVD_IN_PBL
  423. score UPRSBLRLY_PBL 3.5
  424. meta UPRSBLRLY_BRBL UNPARSEABLE_RELAY && RCVD_IN_BRBL_LASTEXT
  425. score UPRSBLRLY_BRBL 3.5
  426. meta UPRSBLRLY_RNBL UNPARSEABLE_RELAY && RCVD_IN_RP_RNBL
  427. score UPRSBLRLY_RNBL 3.5
  428.  
  429.  
  430.  
  431. # score X_MAILER_SPAM 3.0
  432.  
  433. # meta XMAILERSPAM99 X_MAILER_SPAM && BAYES_99
  434. # describe XMAILERSPAM99 X_MAILER_SPAM && BAYES_99
  435. # score XMAILERSPAM99 7.0
  436.  
  437. header X_MAIL_AGENT X-Mail-Agent =~ /\(Extra Japan\)|BSMTP DLL/
  438. describe X_MAIL_AGENT spammer's choice of X-Mail-Agent
  439. score X_MAIL_AGENT 1.0
  440.  
  441. meta DYN_XMAGNT (X_MAIL_AGENT||X_MAILER) && ___DYNAMICIP
  442. score DYN_XMAGNT 5.5
  443.  
  444.  
  445. header USERAGENT User-Agent =~ /(VXmailer 1\.1|MMBoard Ver\.[0-9]+|Foxmail 4\.2 \[cn\]|MIME-tools 5\.[0-9]+ \(Entity |AspMail [0-9])/
  446. describe USERAGENT spammer's choice of User-Agent
  447. score USERAGENT 7.0
  448.  
  449. #
  450. # http://www.google.co.jp/search?hl=ja&ie=EUC-JP&oe=EUC-JP&q=coremail&btnG=Google+%B8%A1%BA%F7&lr=
  451. # 2006.05.25 by [yoh]
  452. # modified 2011.04.23 by [yoh]
  453. #
  454. # header COREMAIL Received =~/ by [^ ]+ \(Coremail\) with SMTP id \w{14,}/
  455. header COREMAIL Received =~/ by [^ ]+ \(Coremail\) /
  456. describe COREMAIL spamming MTA made in China
  457. score COREMAIL 5.0
  458.  
  459. meta CORE_KTC COREMAIL && ___KOREATAIWANCHINA
  460. score CORE_KTC 8.0
  461.  
  462. meta CORE_DCN COREMAIL && ___DCN
  463. score CORE_DCN 8.0
  464.  
  465. # meta CORE_B64 COREMAIL && MIME_BASE64_NO_NAME && MIME_BASE64_TEXT && MIME_BASE64_BLANKS
  466. meta CORE_B64 COREMAIL && MIME_BASE64_TEXT && MIME_BASE64_BLANKS
  467. score CORE_B64 8.0
  468.  
  469. #
  470. # added 2007.01.18 by [yoh]
  471. #
  472. header FORGEDMTAIDSTR Received =~/ id (?![A-Z0-9]{6}-[A-Z0-9]{6}-[A-Z0-9]{2})[A-Z0-9\W]{6}-[A-Z0-9\W]{6}-[A-Z0-9\W]{2}/
  473.  
  474. #
  475. # deleted 2010.09.26 by [yoh]
  476. #
  477. # meta FRGDMTAWROTE RCVD_FORGED_WROTE && FORGEDMTAIDSTR
  478. # score FRGDMTAWROTE 5.0
  479.  
  480. #
  481. # added 2007.02.04 by [yoh]
  482. #
  483. header FORGED_RCVD_BY Received =~/by (?!localhost)([a-z]{4,} \(8\.13\.\d|[A-Z]{5} \([A-Z]{3}Sys\))/
  484.  
  485.  
  486.  
  487. header MULTIPART_ALTERNATIVE Content-Type =~ /[mM]ultipart\/[aA]lternative/
  488. describe MULTIPART_ALTERNATIVE Multipart/alternative
  489. score MULTIPART_ALTERNATIVE 0.1
  490.  
  491. #
  492. # generic, miscellaneous body rules.
  493. #
  494.  
  495. body THANKS_GOD_BLESS /^THANKS.+GOD.+BLESS/i
  496. describe THANKS_GOD_BLESS Thanks, GOD BLESS YOU
  497. score THANKS_GOD_BLESS 2.0
  498.  
  499. # meta RISK_THANKS RISK_FREE && THANKS_GOD_BLESS
  500. # score RISK_THANKS 3.5
  501.  
  502. #
  503. # deleted 2010.09.26 by [yoh]
  504. #
  505. # rawbody RANDOM_ID2 /^[a-z]{15,}$/
  506. # describe RANDOM_ID2 random lowercase alphabet ID-like phrase
  507. # score RANDOM_ID2 0.5
  508.  
  509. body CONGRATULATIONS /(!+ )*CONGRATULATIONS{0,1}(!| !+)/i
  510. describe CONGRATULATIONS !!!!! CONGRATULATIONS !!!!!
  511. score CONGRATULATIONS 3.0
  512.  
  513. body LOTTERY /LOTTERY/i
  514. describe LOTTERY talking about LOTTERY
  515. score LOTTERY 0.1
  516.  
  517. meta CONGLAT_LOTTERY CONGRATULATIONS && LOTTERY
  518. describe CONGLAT_LOTTERY CONGRATULATIONS && LOTTERY
  519. score CONGLAT_LOTTERY 3.5
  520.  
  521. #
  522. # deleted 2010.09.26 by [yoh]
  523. #
  524. # body CALLNOW /call now /i
  525. # describe CALLNOW "Call Now"
  526. # score CALLNOW 0.1
  527.  
  528. body YOURDIPLOMA /YOUR (DIPLOMA|Graduation)/i
  529. describe YOURDIPLOMA "YOUR DIPLOMA"
  530. score YOURDIPLOMA 0.1
  531.  
  532. body CALLDIPLOMA /call now .+YOUR (DIPLOMA|Graduation)/i
  533. describe CALLDIPLOMA call now - your Graduation
  534. score CALLDIPLOMA 1.5
  535.  
  536.  
  537. rawbody REMOVEMAIL1 /mailto:remove\@/
  538. describe REMOVEMAIL1 mailto:remove@
  539. score REMOVEMAIL1 2.0
  540.  
  541. # thrown away 2005.09.14 by [yoh]
  542.  
  543. # body PHPDONOTEMAIL /http:\/\/.+\/lx\.php\?a=donotemail\&b=/
  544. # describe PHPDONOTEMAIL http://5.shyx.us/lx.php?a=donotemail&b=yoh%40flcl.org
  545. # score PHPDONOTEMAIL 2.0
  546. #
  547. # body PHPSEARCH /\/lx\.php\?a=search\&b=5\&c=/
  548. # describe PHPSEARCH http://4.shyx.biz/lx.php?a=search&b=5&c=yoh%40flcl.org
  549. # score PHPSEARCH 2.0
  550. #
  551. # meta PHPSPAM PHPDONOTEMAIL && PHPSEARCH && BAYES_99
  552. # describe PHPSPAM PHPDONOTEMAIL && PHPSEARCH && BAYES_99
  553. # score PHPSPAM 7.0
  554.  
  555. # score FROM_AND_TO_SAME -0.5
  556.  
  557. score MIME_HTML_ONLY 0.4
  558. score INVALID_DATE 5.4
  559. # score REMOVE_PAGE 2.0
  560. score FROM_ILLEGAL_CHARS 2.9
  561. # score PORN_URL_SEX 1.0
  562.  
  563. # Below rule is too high.
  564. # 2006.12.10 by [yoh]
  565. score SUBJ_ILLEGAL_CHARS 1.0
  566.  
  567. # Below rules include bugs at proccessing ISO-2022-JP strings.
  568.  
  569. score WEIRD_QUOTING 0.1
  570. score OBSCURED_EMAIL 0.1
  571.  
  572. # Below rule is too high.
  573. # 2011.11.16 by [yoh]
  574. score RCVD_IN_BRBL_LASTEXT 0.5
  575. # Below rule is too high.
  576. # 2011.11.18 by [yoh]
  577. score RCVD_IN_PSBL 0.5
  578.  
  579.  
  580. # re-opened 2009.08.22 by [yoh]
  581. # Below rule has serious problem, so it needs to be disabled.
  582. # ex. Gmail HTML spam
  583. score ALL_TRUSTED 0.0
  584.  
  585.  
  586. # thrown away 2005.09.14 by [yoh]
  587. #
  588. # rawbody FOXMAIL /^X-Mailer: FoxMail [1-9]\.[0-9]+ .+\[cn\]/
  589. # describe FOXMAIL X-Mailer: FoxMail 3.11 Release [cn]
  590. # score FOXMAIL 8.0
  591.  
  592. # header RANDORG Organization =~ /^([A-Z][a-z]+ [a-z]+|[a-z]+\.[a-z]+)$/
  593. # describe RANDORG Organization: random strings
  594. # score RANDORG 2.0
  595.  
  596. # meta SUBJ_SPACES_UNIQID SUBJ_HAS_SPACES && SUBJ_HAS_UNIQ_ID
  597. # describe SUBJ_SPACES_UNIQID SUBJ_HAS_SPACES && SUBJ_HAS_UNIQ_ID
  598. # score SUBJ_SPACES_UNIQID 2.5
  599.  
  600. #
  601. # deleted 2010.09.26 by [yoh]
  602. #
  603. # meta MIMEHEXQENC MIME_BOUND_MANY_HEX && MIMEQENC
  604. # describe MIMEHEXQENC MIME_BOUND_MANY_HEX && MIMEQENC
  605. # score MIMEHEXQENC 1.1
  606.  
  607. header TEXT_NOCHARSET Content-Type =~ /^text\/(plain|html);{0,1}$/
  608. describe TEXT_NOCHARSET Content-Type: text/(plain|html) with no charset
  609. score TEXT_NOCHARSET 0.5
  610.  
  611. meta TEXTHOTMAIL TEXT_NOCHARSET && FORGED_HOTMAIL_RCVD2 && BAYES_99
  612. describe TEXTHOTMAIL TEXT_NOCHARSET && FORGED_HOTMAIL_RCVD2 && BAYES_99
  613. score TEXTHOTMAIL 10.0
  614.  
  615. # modified 2009.05.14 by [yoh]
  616. meta TEXTPYZOR TEXT_NOCHARSET && PYZOR_CHECK
  617. describe TEXTPYZOR TEXT_NOCHARSET && PYZOR_CHECK
  618. score TEXTPYZOR 3.0
  619.  
  620. # thrown away 2005.09.14 by [yoh]
  621. #
  622. # header POSTFIX_ERRCONT Content-Type =~/^multipart\/report; report-type=delivery-status;.+boundary=/
  623. # describe POSTFIX_ERRCONT Content-Type is Postfix/Sendmail type delivery error message
  624. # score POSTFIX_ERRCONT 0.1
  625. #
  626. # meta POSTFIXBOUNCE POSTFIX_ERRCONT && ILLEGALSTR04
  627. # describe POSTFIXBOUNCE bounce spam using a footstool MTA Postfix
  628. # score POSTFIXBOUNCE 7.0
  629.  
  630. header EXIM_ERRWARN Received =~/ with local \(Exim .+\)/
  631. describe EXIM_ERRWARN bounce mail from Exim
  632. score EXIM_ERRWARN 0.1
  633.  
  634. header MSES_ERRXM X-Mailer =~ /Internet Mail Service \([0-9.]+\)$/
  635. describe MSES_ERRXM X-Mailer: is Microsoft Exchange Server type delivery error message
  636. score MSES_ERRXM 1.0
  637.  
  638. # thrown away 2005.09.14 by [yoh]
  639. #
  640. # body YOURFINANCESTHEEASYWAY /Your Finances The Easy Way\!/
  641. # describe YOURFINANCESTHEEASYWAY Your Finances The Easy Way!
  642. # score YOURFINANCESTHEEASYWAY 1.0
  643. #
  644. # body IFYOUWISHTOBEDELETED /If you wish to be deleted from (this|our) list, please .*CLICK/
  645. # describe IFYOUWISHTOBEDELETED If you wish to be deleted from this list, please CLICK
  646. # score IFYOUWISHTOBEDELETED 2.0
  647. #
  648. # full FONT_1PX_STR /<font style=font-size:[12]px>([a-z'.]+ ){40,}([a-z]+.){0,1}<\/font>/
  649. # describe FONT_1PX_STR font-size:1px and random strings are obfuscating bayesian filter
  650. # score FONT_1PX_STR 7.0
  651. #
  652. # body ORDER_YOURS_NOW /Order Yours NOW!/
  653. # describe ORDER_YOURS_NOW Order Yours NOW!
  654. # score ORDER_YOURS_NOW 1.5
  655.  
  656. # thrown away 2006.01.04 by [yoh]
  657. #
  658. # rawbody TABLEPRE /<TD><PRE><font style=\"font-size:/
  659. # describe TABLEPRE dot art spam using html table tag with pre tag.
  660. # score TABLEPRE 3.5
  661.  
  662.  
  663. # [a-z]{2,2}\.geocities\.com\/[a-zA-Z0-9]+\/
  664.  
  665. # rawbody UKGEOCITIES /http:\/\/[a-z]{2,3}\.geocities\.com\/[A-Za-z0-9_-]+\/(\?{0,1}[A-Za-z0-9_-]+| |$)/
  666. # uri UKGEOCITIES /(geocities\.yahoo\.com\.br|[a-z]{2,3}\.geocities\.com)\/[A-Za-z0-9_-]+\/(\?{0,1}[A-Za-z0-9_-]+| |$)/
  667.  
  668. # thrown away 2009.07.27 by [yoh]
  669. # uri UKGEOCITIES /(geocities\.yahoo\.com\.br|([a-z]{2,3}\.){0,1}geocities\.com)\/[A-Za-z0-9_-]+(\/\?{0,1}[A-Za-z0-9_-]+|\/ |\/$| |$)/
  670. # describe UKGEOCITIES http://uk.geocities.com/Hoge_Hoge/?Fuga=tekitou
  671. # score UKGEOCITIES 0.5
  672.  
  673. # meta CHINAUKGEO UKGEOCITIES && (RCVD_IN_CHINA || X_CHINESE_RELAY || RCVD_IN_SORBS_DUL || RCVD_IN_XBL || RCVD_IN_AHBL || RCVD_IN_WHOIS_INVALID || DNS_FROM_SECURITYSAGE || RCVD_IN_NJABL_DUL)
  674. # meta CHINAUKGEO UKGEOCITIES && (RCVD_IN_CHINA || X_CHINESE_RELAY || RCVD_IN_SORBS_DUL || RCVD_IN_XBL || RCVD_IN_AHBL )
  675.  
  676. # thrown away 2009.07.27 by [yoh]
  677. # meta CHINAUKGEO UKGEOCITIES && (RCVD_IN_CHINA || X_CHINESE_RELAY || RCVD_IN_XBL || RCVD_IN_AHBL )
  678. # describe CHINAUKGEO UKGEOCITIES && RCVD_IN_CHINA
  679. # score CHINAUKGEO 8.0
  680.  
  681. # thrown away 2009.07.27 by [yoh]
  682. # meta CHINANETUKGEO (CHINANET || CRTC) && UKGEOCITIES && BAYES_99
  683. # describe CHINANETUKGEO (CHINANET || CRTC) && UKGEOCITIES && BAYES_99
  684. # score CHINANETUKGEO 10
  685.  
  686. # full FAKEDREPLYMSG /[[:alpha:]]+[\r\n]+([[:print:]]{10,}[\r\n]+){1,}[[:alpha:]]+[\r\n]+ -+Original Message-+/
  687.  
  688. # thrown away 2009.07.27 by [yoh]
  689. # full FAKEDREPLYMSG /[[:print:]]+[\r\n]+([[:print:]]{10,}[\r\n]+){1,}[[:alpha:]]+[\r\n]+ -+Original Message-+/
  690. # describe FAKEDREPLYMSG faked reply message strings
  691. # score FAKEDREPLYMSG 0.1
  692.  
  693. # thrown away 2009.07.27 by [yoh]
  694. # meta UKGEOFORMAT FAKEDREPLYMSG && UKGEOCITIES && BAYES_99
  695. # describe UKGEOFORMAT FAKEDREPLYMSG && UKGEOCITIES && BAYES_99
  696. # score UKGEOFORMAT 3.5
  697.  
  698. # meta UKGEOFORMAT2 (FORGED_RCVD_HELO || SUBJECT_FUZZY_MEDS || FUZZY_PHARMACY) && MSGID_FROM_MTA_ID && UKGEOCITIES && BAYES_99
  699. # describe UKGEOFORMAT2 (FORGED_RCVD_HELO || SUBJECT_FUZZY_MEDS || FUZZY_PHARMACY) && MSGID_FROM_MTA_ID && UKGEOCITIES && BAYES_99
  700. # score UKGEOFORMAT2 10
  701.  
  702. # header ___PLTXTUSASCII Content-Type =~/charset=\"?us-ascii/
  703. # thrown away 2009.07.27 by [yoh]
  704. # header ___PLTXTUSASCII Content-Type =~ /text\/plain.+charset=\"?us-ascii/i
  705. # score ___PLTXTUSASCII 0.1
  706.  
  707. # thrown away 2009.07.27 by [yoh]
  708. # mimeheader ___MIMETXTUSASCII Content-Type =~ /text\/(plain|html).+charset=\"?us-ascii/i
  709. # score ___MIMETXTUSASCII 0.1
  710.  
  711. # thrown away 2009.07.27 by [yoh]
  712. # meta UKGEOFORMAT3 CHINANETUKGEO && (___PLTXTUSASCII || ___MIMETXTUSASCII)
  713. # describe UKGEOFORMAT3 ascii text mail from China with uk.geocities.com uri
  714. # score UKGEOFORMAT3 10
  715.  
  716. # thrown away 2009.07.27 by [yoh]
  717. # meta SPF_UKGEO (SPF_HELO_SOFTFAIL || SPF_FAIL) && UKGEOCITIES
  718. # score SPF_UKGEO 3.5
  719.  
  720. # thrown away 2009.07.27 by [yoh]
  721. # meta AHBL_UKGEO DNS_FROM_AHBL_RHSBL && UKGEOCITIES
  722. # score AHBL_UKGEO 1.5
  723. # meta FIVETEN_UKGEO RCVD_IN_FIVETENSG && UKGEOCITIES
  724. # score FIVETEN_UKGEO 1.5
  725. # meta COP_UKGEO RCVD_IN_BL_SPAMCOP_NET && UKGEOCITIES
  726. # score COP_UKGEO 1.0
  727. # meta SORTRCPS_UKGEO SORTED_RECIPS && UKGEOCITIES
  728. # score SORTRCPS_UKGEO 2.0
  729. # meta XYAHOO_UKGEO XYAHOOFILTEREDBULK && UKGEOCITIES
  730. # score XYAHOO_UKGEO 2.5
  731. # meta KTC_UKGEO ___KOREATAIWANCHINA && UKGEOCITIES
  732. # score KTC_UKGEO 2.5
  733.  
  734. #
  735. # added 2006.10.12 by [yoh]
  736. # spammer sneaked away at 2006.12.12.
  737. #
  738. #
  739. # deleted 2010.09.26 by [yoh]
  740. #
  741. # body STILLPAYING /(Still paying too much for your current mortgage\?|Several Companies have been competing for your mortgage|your mortgage refinance application over the past 2 weeks\. The company|competing for your mortgage refinance application over the past 2 weeks\.|We've attempted to contact you to refinance your home\. Your current loan|In accordance with our terms please visit here to verify your information on our secure, private site to ensure our|We tried contacting you awhile ago about your low interest morta\(ge rate\.)/i
  742. # score STILLPAYING 1.5
  743. # meta STILL_DCN ___DCN && STILLPAYING
  744. # score STILL_DCN 5
  745. # meta STILL_UKGEO UKGEOCITIES && STILLPAYING
  746. # score STILL_UKGEO 2.5
  747. # meta STILL_SORT_UKGEO SORTRCPS_UKGEO && STILLPAYING
  748. # score STILL_SORT_UKGEO 5
  749. # meta STILL_EUDORA FORGED_MUA_EUDORA && STILLPAYING
  750. # score STILL_EUDORA 5
  751. # meta STILL_FUZREF FUZZY_REFINANCE && STILL_UKGEO && (___DCN || XYAHOOFILTEREDBULK)
  752. # score STILL_FUZREF 5
  753. # meta STILL_TVDFUZREF TVD_FUZZY_FINANCE && STILL_UKGEO && (___DCN || XYAHOOFILTEREDBULK)
  754. # score STILL_TVDFUZREF 5
  755. # meta STILL_FUZOBL FUZZY_OBLIGATION && STILL_UKGEO && (___DCN || XYAHOOFILTEREDBULK)
  756. # score STILL_FUZOBL 5
  757. # meta STILL_XYAHOO XYAHOOFILTEREDBULK && STILL_UKGEO && ___DCN
  758. # score STILL_XYAHOO 5
  759.  
  760.  
  761. #
  762. # deleted 2010.09.26 by [yoh]
  763. #
  764. # body FAKEHOSTURI /http:\/\/[a-z]+\.com>\.[a-z0-9]+\.[a-z]+\.[a-z]{2,3}/
  765. # score FAKEHOSTURI 2.5
  766. # meta FHURI_COP FAKEHOSTURI && RCVD_IN_BL_SPAMCOP_NET
  767. # score FHURI_COP 5.0
  768. # meta FHURI_SBL FAKEHOSTURI && URIBL_SBL
  769. # score FHURI_SBL 5.0
  770. # meta FHURI_XBL FAKEHOSTURI && RCVD_IN_XBL
  771. # score FHURI_XBL 7.0
  772. # meta FHURI_HLDYNIP FAKEHOSTURI && HELO_DYNAMIC_IPADDR
  773. # score FHURI_HLDYNIP 7.0
  774.  
  775.  
  776. # added 2008.09.13 by [yoh]
  777. #
  778. # deleted 2010.09.26 by [yoh]
  779. #
  780. # rawbody MANYSLASHURI /http:\/\/.+(?:\/{5,}|[\(\)]{5,})/
  781. # score MANYSLASHURI 4.5
  782. # meta MANYDCC MANYSLASHURI && DCC_CHECK
  783. # score MANYDCC 3.5
  784. # meta MANYPROXY MANYSLASHURI && RCVD_IN_NJABL_PROXY
  785. # meta MANYMULTI MANYSLASHURI && MULTIPART_ALTERNATIVE
  786. # score MANYMULTI 3.5
  787. # meta MANYFRGN MANYSLASHURI && (LACNIC||AFRINIC)
  788. # score MANYFRGN 2.5
  789.  
  790.  
  791. # added 2008.09.14 by [yoh]
  792. #
  793. # deleted 2010.09.26 by [yoh]
  794. #
  795. # rawbody DOTREPLACE /(www\.){0,1}[a-z]{6,} {0,3}\[DOT\] {0,3}com/
  796. # score DOTREPLACE 2.5
  797. # meta DOTBOGUSMX DOTREPLACE && DNS_FROM_RFC_BOGUSMX
  798. # score DOTBOGUSMX 2.5
  799. # meta DOTDSN DOTREPLACE && DNS_FROM_RFC_DSN
  800. # score DOTDSN 2.5
  801. # meta DOTPBL DOTREPLACE && RCVD_IN_PBL
  802. # score DOTPBL 2.5
  803. # meta DOTXBL DOTREPLACE && RCVD_IN_XBL
  804. # score DOTXBL 2.5
  805. # meta DOTCBL DOTREPLACE && RCVD_IN_CBL
  806. # score DOTCBL 2.5
  807. # meta DOTCOP DOTREPLACE && RCVD_IN_BL_SPAMCOP_NET
  808. # score DOTCOP 2.5
  809. # # meta DOTDUL DOTREPLACE && RCVD_IN_SORBS_DUL
  810. # # score DOTDUL 2.5
  811. # meta DOTDCC DOTREPLACE && DCC_CHECK
  812. # score DOTDCC 2.5
  813. # meta DOTJMRM DOTREPLACE && JM_REACTOR_MAILER
  814. # score DOTJMRM 2.5
  815. # meta DOTAHBL DOTREPLACE && RCVD_IN_AHBL
  816. # score DOTAHBL 2.5
  817. # meta DOTAHPRXY DOTREPLACE && RCVD_IN_AHBL_PROXY
  818. # score DOTAHPRXY 2.5
  819.  
  820. #
  821. # deleted 2010.09.26 by [yoh]
  822. #
  823. # meta JMRMPBL RCVD_IN_PBL && JM_REACTOR_MAILER
  824. # score JMRMPBL 3.5
  825.  
  826. # added 2011.04.28 by [yoh]
  827. # Because, this rule is not so reliable.
  828. score DOS_OE_TO_MX 1.0
  829.  
  830. meta DOSMXPBL DOS_OE_TO_MX && RCVD_IN_PBL
  831. score DOSMXPBL 3.5
  832. meta DOSMXBRBL DOS_OE_TO_MX && RCVD_IN_BRBL_LASTEXT
  833. score DOSMXBRBL 3.5
  834. meta DOSMXCBL DOS_OE_TO_MX && RCVD_IN_CBL
  835. score DOSMXCBL 3.5
  836. meta DOSMXXBL DOS_OE_TO_MX && RCVD_IN_XBL
  837. score DOSMXXBL 3.5
  838. meta DOSMXSPAMCOP DOS_OE_TO_MX && RCVD_IN_BL_SPAMCOP_NET
  839. score DOSMXSPAMCOP 3.5
  840. meta DOSMXPSBL DOS_OE_TO_MX && RCVD_IN_PSBL
  841. score DOSMXPSBL 3.5
  842. meta DOSMXRNBL DOS_OE_TO_MX && RCVD_IN_RP_RNBL
  843. score DOSMXRNBL 3.5
  844.  
  845.  
  846. # score ADVANCE_FEE_1 1.0
  847.  
  848. # meta BASE64TXT60 MIME_BASE64_NO_NAME && MIME_BASE64_TEXT && MIME_BASE64_BLANKS && RATWARE_NAME_ID && TEXT_NOCHARSET
  849. # describe BASE64TXT60 60 columns base64 encoded plain text message
  850. # score BASE64TXT60 20
  851.  
  852. meta ___HTMLIMG HTML_IMAGE_ONLY_04 || HTML_IMAGE_ONLY_08 || HTML_IMAGE_ONLY_12 || HTML_IMAGE_ONLY_16 || HTML_IMAGE_ONLY_20 || HTML_IMAGE_ONLY_24 || HTML_IMAGE_ONLY_28 || HTML_IMAGE_ONLY_32 || HTML_IMAGE_RATIO_02
  853.  
  854. meta PASTIMG DATE_IN_PAST_06_12 && ___HTMLIMG && BAYES_99
  855. score PASTIMG 5.0
  856.  
  857. # meta HTMLIMG_FRGDHELO (FORGED_RCVD_HELO || RCVD_NUMERIC_HELO || RCVD_NUMERIC_HELO2)&& ___HTMLIMG && BAYES_99
  858.  
  859. # Bayes engine needs frequently maintenance and balanced corpus.
  860. # So I decided setting low score.
  861. # 2010.04.14 by [yoh]
  862. meta HTMLIMG_FRGDHELO (RCVD_NUMERIC_HELO || RCVD_NUMERIC_HELO2)&& ___HTMLIMG && BAYES_99
  863. describe HTMLIMG_FRGDHELO FORGED_RCVD_HELO && HTML_IMAGE_ONLY_??
  864. score HTMLIMG_FRGDHELO 1.5
  865.  
  866. rawbody HTML_FONT_SIZE_TINY2 /<FONT (face=\w+ |)size=\"{0,1}[0-3]\"{0,1}(>| )/i
  867. describe HTML_FONT_SIZE_TINY2 <FONT face=Arial size=2>
  868. score HTML_FONT_SIZE_TINY2 0.5
  869.  
  870. # Bayes engine needs frequently maintenance and balanced corpus.
  871. # So I decided setting low score.
  872. # 2010.04.14 by [yoh]
  873. meta IMGONLYHTML1 HTML_FONT_SIZE_TINY2 && ___HTMLIMG && BAYES_99
  874. score IMGONLYHTML1 1.0
  875.  
  876. rawbody ___OBSCURED_TEXT1 /^(,|\!)($| \w)/
  877. rawbody ___OBSCURED_TEXT2 /\w (,|\!) \w/
  878.  
  879. #
  880. # deleted 2010.09.26 by [yoh]
  881. #
  882. # meta IMGONLYHTML2 ___OBSCURED_TEXT1 && ___OBSCURED_TEXT2 && ___HTMLIMG
  883. # score IMGONLYHTML2 5.0
  884.  
  885. #
  886. # It's not smart rule...
  887. # 2007.12.30 by [yoh]
  888. #
  889. #
  890.  
  891. score SHORT_HELO_AND_INLINE_IMAGE 1.5
  892. meta SHII_OTHER SHORT_HELO_AND_INLINE_IMAGE && (ARIN || RIPE_NCC || LACNIC || AFRINIC || ___KOREATAIWANCHINA )
  893. score SHII_OTHER 3.5
  894. meta SHII_CBL SHORT_HELO_AND_INLINE_IMAGE && RCVD_IN_CBL
  895. score SHII_CBL 3.5
  896. meta SHII_SPAMCOP SHORT_HELO_AND_INLINE_IMAGE && RCVD_IN_BL_SPAMCOP_NET
  897. score SHII_SPAMCOP 3.5
  898. meta SHII_DSBL SHORT_HELO_AND_INLINE_IMAGE && RCVD_IN_DSBL
  899. score SHII_DSBL 3.5
  900. # meta SHII_DUL SHORT_HELO_AND_INLINE_IMAGE && RCVD_IN_SORBS_DUL
  901. # score SHII_DUL 3.5
  902.  
  903.  
  904. #
  905. # It's not smart rule...
  906. # 2006.04.22 by [yoh]
  907. #
  908. #
  909.  
  910. #
  911. # debugged 2010.09.26 by [yoh]
  912. # It seems that spammer evaded this rule.
  913. #
  914. rawbody ___OBFUSCATING_FLOAT0 /<span style=\"(?:border: 0px|FONT-SIZE: 2px)\; (?:float|FLOAT)/
  915. rawbody ___OBFUSCATING_FLOAT1 /: right(?:\; COLOR: white){0,1}\"> \w+ <\/span>/
  916. meta OBFUSCATING_FLOAT ___OBFUSCATING_FLOAT0 && ___OBFUSCATING_FLOAT1
  917. describe OBFUSCATING_FLOAT <span style="border: 0px; float: right"> d </span>
  918. score OBFUSCATING_FLOAT 1.5
  919.  
  920. rawbody FLOATGEOCITIES /^<A href=\"http:\/\/geocities\.com\/\w+\/\">\w+<span style=\"border: 0px\; float/
  921. describe FLOATGEOCITIES <A href="http://geocities.com/GabicRectohoate/">V<span style="border: 0px; float
  922. score FLOATGEOCITIES 2.0
  923.  
  924. rawbody FLOAT_A_HREF /^<A href=\"http:\/\/(www\.){0,1}\w+\.(com|net)">\w+<span style=\"border: 0px\; float/
  925. describe FLOAT_A_HREF <A href="http://www.h75h.net">Vi<span style="border: 0px; float
  926. score FLOAT_A_HREF 2.0
  927.  
  928. # Bayes engine needs frequently maintenance and balanced corpus.
  929. # So I decided setting low score.
  930. # 2010.04.14 by [yoh]
  931. meta MULTIFLOAT99 MULTIPART_ALTERNATIVE && OBFUSCATING_FLOAT && BAYES_99
  932. score MULTIFLOAT99 1.5
  933.  
  934. meta OBFUSGEOFLOAT OBFUSCATING_FLOAT && (FLOATGEOCITIES || FLOAT_A_HREF)
  935. score OBFUSGEOFLOAT 3.5
  936.  
  937. # meta SPANFLOAT (FORGED_RCVD_HELO ||DIRECTUNKNOWN) && MULTIFLOAT99 && FLOATGEOCITIES
  938. meta SPANFLOAT DIRECTUNKNOWN && MULTIFLOAT99 && FLOATGEOCITIES
  939. score SPANFLOAT 5
  940.  
  941.  
  942. mimeheader MIMEHTMLWINDOWS1252 Content-Type =~ /text\/html.+charset=\"windows-1252/i
  943.  
  944. body FRGN_SCAMTEL /(001-514-342-0679|001-617-812-6356|001-732-572-3335|001-732-572-6222|0044-700-580-7134|0044-703-184-7929|0044-704-010-3388|1-206-279-9144|1-334-323-5633|1-484-693-8861|1-717-427-5771|1-718-504-5376|1-800-608-3158|1-818-309-4529|44-704-010-6598|44-870-134-4753|8-926-216-8419|1-206-600-4655|1-206-350-3737|1-206-202-4570|1-206-666-2456|1-206-337-1968|1-206-984-3376|1-206-984-0833|1-206-339-6285)/
  945. describe FRGN_SCAMTEL foreign (outside Japan) scam telephone number
  946. score FRGN_SCAMTEL 1.5
  947.  
  948. meta FRGNTELDCN ___DCN && FRGN_SCAMTEL
  949. score FRGNTELDCN 4.5
  950.  
  951. meta UPRLY_FRGNTEL UNPARSEABLE_RELAY && FRGN_SCAMTEL
  952. score UPRLY_FRGNTEL 3.0
  953.  
  954.  
  955. # added 2006.12.28 by [yoh]
  956. # spammer sneaked away at 2006.12.30.
  957. # and added more rules 2007.01.03 by [yoh]
  958. # spammer sneaked away at 2007.01.04.
  959. #
  960. # deleted 2010.09.26 by [yoh]
  961. #
  962. # body CURRENTPRICE /(^Current Price:.+Short Term Target:.+(Long Term ){0,1}(Projected|Target)|^ +[\w ]+\. \([A-Z]{4}\) +is +at +\$.+\$.+short-term.+long-term)/
  963. # score CURRENTPRICE 1.5
  964. # meta CURRDCN ___DCN && CURRENTPRICE
  965. # score CURRDCN 3.5
  966.  
  967. #
  968. # deleted 2010.09.26 by [yoh]
  969. #
  970. # meta CURRWROTE RCVD_FORGED_WROTE && CURRENTPRICE
  971. # score CURRWROTE 3.5
  972.  
  973. #
  974. # added 2007.02.04 by [yoh]
  975. #
  976. #
  977. # deleted 2010.09.26 by [yoh]
  978. #
  979. # body REPLACEWITHDOT /([rR]eplace \"{0,1}\W\"{0,1} with \"{0,1}\.\"{0,1}|([Ii]mpor{0,1}tant {0,1}[:!]{0,1} ){0,1}[rR]emove \"\W\" (to make the link working[.!]){0,1})/
  980. # meta ONLY1RPLCDOT ONLY1HOPDIRECT && REPLACEWITHDOT
  981. # score ONLY1RPLCDOT 3.0
  982.  
  983.  
  984. #
  985. # added 2010.09.26 by [yoh]
  986. #
  987. header __RESUME_SUBJECT Subject =~ / resume[ \.]/
  988. full __RESUME_MULTIPART /\nContent-Type: multipart\/mixed; {0,1}\n\tboundary=\"(--=.+(?:[a-zA-Z0-9]|=_)|--[0-9]{14,}|-{4}=_Part_[\d_\.]{15,})\"\n(?:.+\n){2,}\n--\1\nContent-Type: text\/plain; charset=UTF-8\nContent-Transfer-Encoding: 7bit\n\n[\w ]+ resume[ \.]/
  989. meta RESUME __RESUME_SUBJECT || __RESUME_MULTIPART
  990. meta DYN_RESUME RESUME && ___DYNAMICIP
  991. score DYN_RESUME 3.5
  992. meta DCN_RESUME RESUME && ___DCN
  993. score DCN_RESUME 3.5
  994. meta RESUME_BRBL RESUME && RCVD_IN_BRBL_LASTEXT
  995. score RESUME_BRBL 3.5
  996. meta RESUME_CBL RESUME && RCVD_IN_CBL
  997. score RESUME_CBL 3.5
  998. meta RESUME_XBL RESUME && RCVD_IN_XBL
  999. score RESUME_XBL 3.5
  1000. meta RESUME_PBL RESUME && RCVD_IN_PBL
  1001. score RESUME_PBL 3.5
  1002. meta RESUME_SPAMCOP RESUME && RCVD_IN_BL_SPAMCOP_NET
  1003. score RESUME_SPAMCOP 3.5
  1004. meta RESUME_PSBL RESUME && RCVD_IN_PSBL
  1005. score RESUME_PSBL 3.5
  1006.  
  1007.  
  1008. # =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
  1009. #
  1010. # Japanese rules.
  1011. #
  1012. # Because SA's bayes engine doesn't support Japanese.
  1013. # In Japanese language, words are NOT splitted by space.
  1014. # So, we have to write some rules for checking typical words,
  1015. # by our hand...
  1016. #
  1017. # <FYI>
  1018. # If you want to add matching rules for Japanese:
  1019. #
  1020. # (1) ISO-2022-JP
  1021. #
  1022. # $ echo (Japanese strings)|nkf -j|awk '{gsub(/\x1B[$(]B/,"");print}'
  1023. #
  1024. # (2) Shift-JIS
  1025. #
  1026. # $ echo -n (Japanese strings)|nkf -s|od -txC
  1027. #
  1028.  
  1029. #
  1030. #
  1031. # Now, "MISHOUDAKU KOUKOKU" has changed normal ad-mail.
  1032. # "True spams" are using spamware, DNSBLed MTA, inviting scam site...
  1033. # 2004.11.20 by [yoh]
  1034. #
  1035. # thrown away 2005.09.30 by [yoh]
  1036. # Today, "Mishoudaku Kokukoku" is meaningless. (sigh)
  1037. #
  1038. #
  1039. # header MISYOUDAKU Subject =~ /L\$.*(>|=3E)5.*Bz/
  1040. # describe MISYOUDAKU Misyoudaku
  1041. # score MISYOUDAKU 1.0
  1042. #
  1043. # header BANG_BANG Subject =~ /(!\*|\033\$[B@]).*(!\*|\033\([BJ]!)/
  1044. # describe BANG_BANG !...!
  1045. # score BANG_BANG 1.00
  1046. #
  1047. # header STAR Subject =~ /(\"\(|\*|\!v)/
  1048. # describe STAR *
  1049. # score STAR 1.0
  1050. #
  1051. # header KOUKOKU Subject =~ /9-9p/
  1052. # describe KOUKOKU KOUKOKU
  1053. # score KOUKOKU 2.0
  1054. #
  1055. # meta MISYOUDAKUKOUKOKU MISYOUDAKU && KOUKOKU && STAR
  1056. # describe MISYOUDAKUKOUKOKU MISYOUDAKU && KOUKOKU && STAR
  1057. # score MISYOUDAKUKOUKOKU 1.0
  1058.  
  1059. # Special thanks to Satoshi IWAMOTO-san, for advice: 2002/10/21
  1060. rawbody HAISHINTEISHI /G\[\?\.(..){0,2}(Dd;_|ITMW)/
  1061. describe HAISHINTEISHI Haishin (no) Teishi
  1062. score HAISHINTEISHI 0.3
  1063.  
  1064. meta DYN_HAISHINTEISHI ___DYNAMICIP && HAISHINTEISHI
  1065. score DYN_HAISHINTEISHI 1.5
  1066.  
  1067. # In SA 3.2.x, "body" rule has been changed.
  1068. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1069. # 2008.05.24 by [yoh]
  1070. rawbody KOUDOKUKAIJO /9XFI(..)*2r=\|/
  1071. describe KOUDOKUKAIJO Koudoku Kaijo
  1072. score KOUDOKUKAIJO 1.0
  1073.  
  1074. meta DYN_KOUDOKUKAIJO ___DYNAMICIP && KOUDOKUKAIJO
  1075. score DYN_KOUDOKUKAIJO 3.5
  1076.  
  1077. # In SA 3.2.x, "body" rule has been changed.
  1078. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1079. # 2008.05.24 by [yoh]
  1080. rawbody MURYOU /L5NA/
  1081. describe MURYOU Muryou
  1082. score MURYOU 0.2
  1083.  
  1084. meta DYN_MURYOU ___DYNAMICIP && MURYOU
  1085. score DYN_MURYOU 1.5
  1086.  
  1087. header HAJIMEMASHITE Subject =~ /(\$O\$8|=i)\$a\$\^\$7\$F/
  1088. describe HAJIMEMASHITE Hajimemashite ? I don't know about you.
  1089. score HAJIMEMASHITE 1.5
  1090.  
  1091. #$O$8$a$^$7$F
  1092. #;O$a$^$7$F
  1093. #=i$a$^$7$F
  1094. # /\=i\$a\$\^\$7\$F/
  1095. # /(\$O\$8|\=i)\$a\$\^\$7\$F.+\$H\$\$\$\$\$\^\$9/
  1096.  
  1097. # In SA 3.2.x, "body" rule has been changed.
  1098. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1099. # 2008.05.24 by [yoh]
  1100. rawbody HAJIMEMASHITE2 /(\$O\$8|\=i)\$a\$\^\$7\$F/
  1101. describe HAJIMEMASHITE2 Hajimemashite ? I don't know about you.
  1102. score HAJIMEMASHITE2 0.5
  1103.  
  1104. meta DYN_HAJIMETE (HAJIMEMASHITE ||HAJIMEMASHITE2) && ___DYNAMICIP
  1105. score DYN_HAJIMETE 2.0
  1106.  
  1107.  
  1108. # There is no effect whether target mail is Japanese or not.
  1109. # 2004.05.28 by [yoh]
  1110. # In SA 3.2.x, "body" rule has been changed.
  1111. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1112. # 2008.05.24 by [yoh]
  1113. rawbody ISO2022JP_BODY /\033\$[B@]/
  1114. describe ISO2022JP_BODY ISO-2022-JP message
  1115. # score ISO2022JP_BODY -2.394
  1116. score ISO2022JP_BODY -0.1
  1117.  
  1118. # In SA 3.2.x, "body" rule has been changed.
  1119. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1120. # 2008.05.24 by [yoh]
  1121. rawbody KOUKOKUMEERU /9\-9p\%a\!\<\%k(\$N){0,1}G\[\?\.(Dd\;_|Be9T)/
  1122. describe KOUKOKUMEERU koukokume-ru
  1123. score KOUKOKUMEERU 1.0
  1124.  
  1125. # In SA 3.2.x, "body" rule has been changed.
  1126. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1127. # 2008.05.24 by [yoh]
  1128. rawbody HAISHINDAIKOU /G\[\?\.Be9T/
  1129. describe HAISHINDAIKOU haishindaikou
  1130. score HAISHINDAIKOU 1.0
  1131.  
  1132.  
  1133. # Original source from: Jcode.pm 0.83 dankogai
  1134. # Thanks for your advice: Ikari-same, Ishioka-same.
  1135. # 2004.06.29 by [yoh]
  1136.  
  1137. # SJIS_C => '[\x81-\x9f\xe0-\xfc][\x40-\x7e\x80-\xfc]',
  1138. # EUC_C => '[\xa1-\xfe][\xa1-\xfe]',
  1139. # includes: \xe0-\xfc \xa1-\xfc
  1140. # so, excludes: \x81-x9f \x40-\x7e\x80-\x8f
  1141. # EUC_KANA => '\x8e[\xa1-\xdf]',
  1142. # \x8e \xa1-\xdf
  1143. # EUC_0212 => '\x8f[\xa1-\xfe][\xa1-\xfe]',
  1144. # so, excludes: \x81-\x8d\x90-\x9f \x40-\x7e\x80-\x8f
  1145.  
  1146. #
  1147. # Umm, it's a time to need to support UTF-8 messages detection.
  1148. # http://search.luky.org/./linux-users.a/msg05613.html
  1149. # http://search.luky.org/./linux-users.a/msg05643.html
  1150. # 2005.09.29 by [yoh]
  1151. #
  1152.  
  1153. # UTF8 => '[\xc0-\xdf][\x80-\xbf]|[\xe0-\xef][\x80-\xbf][\x80-\xbf]'
  1154. # '[\xc0-\xdf] [\x80-\xbf]
  1155. # SJIS_C => '[\x81-\x9f\xe0-\xfc][\x40-\x7e\x80-\xfc]',
  1156. # so,excludes: \x81-\x9f\xe0-\xfc \x40-\x7e\xc0-\xfc
  1157. # |[\xe0-\xef][\x80-\xbf][\x80-\xbf]'
  1158. # '[\x81-\x9f\xe0-\xfc][\x40-\x7e\x80-\xfc]',
  1159. # so,excludes: \x81-\x9f\xf0-\xfc \x40-\x7e\xc0-\xfc
  1160. # so,excludes: \xc0-\xfc \x40-\x7e\xc0-\xfc
  1161.  
  1162. # In SA 3.2.x, "body" rule has been changed.
  1163. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1164. # 2008.05.24 by [yoh]
  1165. # rawbody UTF8 /(([\xe0-\xef][\x80-\xbf][\x80-\xbf])(?!([\x81-\x9f\xe0-\xfc][\x40-\x7e\xc0-\xfc]|[\x81-\x9f\xf0-\xfc][\x40-\x7e\xc0-\xfc]|[\xc0-\xfc][\x40-\x7e\xc0-\xfc]))){5,}/
  1166. # http://q.hatena.ne.jp/1209911505
  1167. # renewal 2011.01.09 by [yoh]
  1168. # rawbody UTF8 /\x30[\x40-\x9f\xa0-\xff]/
  1169. rawbody UTF8 /\xe3(?:[\x81\x82][\x80-\x9f]|[\x82\x83][\xa0-\xff])/
  1170. describe UTF8 UTF-8 message body
  1171. score UTF8 -0.1
  1172.  
  1173. #
  1174. # almost completely detecting SJIS messages.
  1175. # 2005.09.29 by [yoh]
  1176. #
  1177.  
  1178. # body SJIS_C /([\x81-\x9f\xe0-\xfc][\x40-\x7e\x80-\xfc]){5,}/
  1179.  
  1180. #
  1181. # This rule was written at 2005.09.29 by [yoh]
  1182. # Shift-JIS: Japanese character encoding, which is not to be used for email.
  1183. # http://en.wikipedia.org/wiki/Shift-JIS
  1184. # Yes, Shift-JIS emails have high probability of spam.
  1185. # 2006.01.11 by [yoh]
  1186. #
  1187.  
  1188. #
  1189. # Todo: fix missing detecting: gb2312, koi8-r
  1190. # 2006.05.03 by [yoh]
  1191. #
  1192.  
  1193. # In SA 3.2.x, "body" rule has been changed.
  1194. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1195. # 2008.05.24 by [yoh]
  1196. # re-scored 2011.11.16 by [yoh]
  1197. rawbody SJIS_C /(([\x81-\x9f\xe0-\xfc][\x40-\x7e\x80-\xfc])(?!([\xc0-\xdf][\x80-\xbf]|[\xe0-\xef][\x80-\xbf][\x80-\xbf]|[\xa1-\xfe][\xa1-\xfe]))){7,}/
  1198. describe SJIS_C SHIFT_JIS message body
  1199. score SJIS_C 1.0
  1200.  
  1201. # 2009.04.06 by [yoh]
  1202. header SJIS_SUBJECT Subject =~ /(([\x81-\x9f\xe0-\xfc][\x40-\x7e\x80-\xfc])(?!([\xc0-\xdf][\x80-\xbf]|[\xe0-\xef][\x80-\xbf][\x80-\xbf]|[\xa1-\xfe][\xa1-\xfe]))){7,}/
  1203.  
  1204. meta SJISSBJDCN ___DCN && SJIS_SUBJECT
  1205. score SJISSBJDCN 3.5
  1206.  
  1207.  
  1208. # body ___EUC_C_ONLY /([\xa1-\xfe][\xa1-\xfe]){5,}/
  1209. # describe ___EUC_C_ONLY [\xa1-\xdf][\xa1-\xfe]
  1210. # score ___EUC_C_ONLY -2.0
  1211.  
  1212. #
  1213. # For only backward compatibility.
  1214. # 2005.09.29 by [yoh]
  1215. #
  1216.  
  1217. # meta SJIS_BODY SJIS_C && ! ___EUC_C_ONLY
  1218. meta SJIS_BODY SJIS_C
  1219. describe SJIS_BODY Shift_JIS message
  1220. score SJIS_BODY 0.1
  1221.  
  1222. header SJISFROM From =~ /([\x81-\x9f\xe0-\xfc][\x40-\x7e\x80-\xfc]){2,}@/
  1223. describe SJISFROM From: SJIS strings
  1224. score SJISFROM 2.0
  1225.  
  1226.  
  1227. # In SA 3.2.x, "body" rule has been changed.
  1228. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1229. # 2008.05.24 by [yoh]
  1230. rawbody SHIROUTOMUSUME /AG\?ML</
  1231. describe SHIROUTOMUSUME obscene word: shiroutomusume
  1232. score SHIROUTOMUSUME 1.0
  1233.  
  1234. # In SA 3.2.x, "body" rule has been changed.
  1235. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1236. # 2008.05.24 by [yoh]
  1237. rawbody CLICK_JP /%\/%j%C%\//
  1238. describe CLICK_JP click
  1239. score CLICK_JP 1.0
  1240.  
  1241. # header ILLEGULAR_FROM From =~ /^[A-Za-z0-9._-]+\@[A-Za-z0-9._-]+\@[A-Za-z0-9._-]+$/
  1242. # header ILLEGULAR_FROM From =~ /(^[A-Za-z0-9._-]+\@[A-Za-z0-9._-]+\@[A-Za-z0-9._-]+$|<\"[a-z0-9._-]+\"\@[a-z0-9._-]+\>$)/
  1243. header ILLEGULAR_FROM From =~ /(^[\w\.-]+\@[\w\.-]+\@[\w\.-]+$|<\"[\w\.-]+\"\@[\w\.-]+\>$)/
  1244. describe ILLEGULAR_FROM From: xxxx@xxxx.jp@xxxx.jp
  1245. score ILLEGULAR_FROM 10.0
  1246.  
  1247. header ILLEGULAR_TO To =~ /^\"[\w\.-]+\@[\w\.-]+\"\@[\w\.-]+$/
  1248. describe ILLEGULAR_TO To: "xxxx@xxxx.jp"@xxxx.jp
  1249. score ILLEGULAR_TO 7.0
  1250.  
  1251. # header ILLEGULAR_REPLYTO Reply-To =~ /(^[A-Za-z0-9._-]+\@[A-Za-z0-9._-]+\@[A-Za-z0-9._-]+$|<\"[a-z0-9._-]+\"\@[a-z0-9._-]+\>$)/
  1252. header ILLEGULAR_REPLYTO Reply-To =~ /(^[\w\.-]+\@[\w\.-]+\@[\w\.-]+$|<\"[\w\.-]+\"\@[\w\.-]+\>$)/
  1253. describe ILLEGULAR_REPLYTO Reply-To: <"******...************"@***.com>
  1254. score ILLEGULAR_REPLYTO 15.0
  1255.  
  1256.  
  1257. #
  1258. # below rules are generic, but originated from Japanese spam.
  1259. #
  1260.  
  1261. header CONTENT_TYPE_PRESENT exists:Content-Type
  1262. describe CONTENT_TYPE_PRESENT exists:Content-Type
  1263. score CONTENT_TYPE_PRESENT -0.1
  1264.  
  1265. meta NOTINCONTENTTYPE ! CONTENT_TYPE_PRESENT
  1266. describe NOTINCONTENTTYPE ! There's no Content-Type header
  1267. score NOTINCONTENTTYPE 0.2
  1268.  
  1269. #
  1270. #
  1271. # If you have yahoo.co.jp mail account, you can use below.
  1272. # 2005.09.18 by [yoh]
  1273. # But, yahoo.co.jp's "X-YahooFilteredBulk" is not reliable.
  1274. # 2005.10.12 by [yoh]
  1275. #
  1276. #
  1277.  
  1278. header XYAHOOFILTEREDBULK exists:X-YahooFilteredBulk
  1279. describe XYAHOOFILTEREDBULK exists:X-YahooFilteredBulk
  1280. score XYAHOOFILTEREDBULK 0.1
  1281.  
  1282. # Score changed low since XYAHOOFILTEREDBULK is low reliability.
  1283. # 2010.02.24 by [yoh]
  1284.  
  1285. meta XYAHOOFILTERED99 XYAHOOFILTEREDBULK && BAYES_99
  1286. describe XYAHOOFILTERED99 XYAHOOFILTEREDBULK && BAYES_99
  1287. score XYAHOOFILTERED99 1.5
  1288.  
  1289. meta XYAHOOFILTERED95 XYAHOOFILTEREDBULK && BAYES_95
  1290. describe XYAHOOFILTERED95 XYAHOOFILTEREDBULK && BAYES_95
  1291. score XYAHOOFILTERED95 0.5
  1292.  
  1293. meta DYN_XYFB ___DYNAMICIP && XYAHOOFILTEREDBULK
  1294. score DYN_XYFB 3.5
  1295.  
  1296. meta XYFB_PBL XYAHOOFILTEREDBULK && RCVD_IN_PBL
  1297. score XYFB_PBL 3.5
  1298. meta XYFB_BRBL XYAHOOFILTEREDBULK && RCVD_IN_BRBL_LASTEXT
  1299. score XYFB_BRBL 3.5
  1300. meta XYFB_CBL XYAHOOFILTEREDBULK && RCVD_IN_CBL
  1301. score XYFB_CBL 3.5
  1302. meta XYFB_XBL XYAHOOFILTEREDBULK && RCVD_IN_XBL
  1303. score XYFB_XBL 3.5
  1304. meta XYFB_SPAMCOP XYAHOOFILTEREDBULK && RCVD_IN_BL_SPAMCOP_NET
  1305. score XYFB_SPAMCOP 3.5
  1306. meta XYFB_RNBL XYAHOOFILTEREDBULK && RCVD_IN_RP_RNBL
  1307. score XYFB_RNBL 3.5
  1308.  
  1309. #
  1310. # detecting Japanese spam using yahoo.co.jp mail address.
  1311. # 2004.08.22 by [yoh]
  1312. # 2006.04.08 by [yoh]
  1313. #
  1314.  
  1315. header ___XAPPARENTLYFROM X-Apparently-From =~ /^<.+\@yahoo\.co\.jp>$/
  1316. # describe ___XAPPARENTLYFROM X-Apparently-From: <xxxxxxxx@yahoo.co.jp>
  1317. # score ___XAPPARENTLYFROM -0.1
  1318.  
  1319. # header ___YAHOOJPRCVD1 Received =~ /by .+\.mail.*\.yahoo\.co\.jp with SMTP/
  1320. header ___YAHOOJPRCVD1 X-Spam-Relays-Untrusted =~ / by=\w+\.mail.*\.yahoo\.co\.jp /
  1321. # describe ___YAHOOJPRCVD1 Received: from ... by smtp18.mail.bbt.yahoo.co.jp with SMTP
  1322. # score ___YAHOOJPRCVD1 -0.1
  1323. # header ___YAHOOJPRCVD2 Received =~ /from dns.+.mail.yahoo.co.jp/
  1324. # describe ___YAHOOJPRCVD2 Received: from ....mail.yahoo.co.jp
  1325. # score ___YAHOOJPRCVD2 -0.1
  1326.  
  1327. header ___YAHOOJPRCVD3 Received =~ /from .+ by web.+\.mail\..+yahoo\.co\.jp via HTTP/
  1328. # describe ___YAHOOJPRCVD3 Received: from ... by web2101.mail.bbt.yahoo.co.jp via HTTP
  1329. # score ___YAHOOJPRCVD3 -0.1
  1330.  
  1331. header ___YAHOOJPFROM From =~ /.+\@yahoo\.co\.jp/
  1332. # describe ___YAHOOJPFROM From: ...@yahoo.co.jp
  1333. # score ___YAHOOJPFROM -0.1
  1334.  
  1335. # meta VALIDYAHOOJP ((___XAPPARENTLYFROM && ___YAHOOJPRCVD1) || ___YAHOOJPRCVD3) && ___YAHOOJPFROM
  1336. meta VALIDYAHOOJP ___XAPPARENTLYFROM && ___YAHOOJPRCVD1 && ___YAHOOJPFROM
  1337. describe VALIDYAHOOJP This mail is valid yahoo.co.jp mail.
  1338. score VALIDYAHOOJP -0.1
  1339.  
  1340. meta INVALIDYAHOOJP ___YAHOOJPFROM && ! ((___XAPPARENTLYFROM && ___YAHOOJPRCVD1 ) || ___YAHOOJPRCVD3)
  1341. describe INVALIDYAHOOJP From: is ...@yahoo.co.jp but this mail didn't come from yahoo.co.jp
  1342. score INVALIDYAHOOJP 1.0
  1343.  
  1344. # thrown away 2006.04.08 by [yoh]
  1345. #
  1346. # meta FAKEVALIDYAHOOJP VALIDYAHOOJP && MSGID_FROM_MTA_HEADER
  1347. # describe FAKEVALIDYAHOOJP VALIDYAHOOJP && MSGID_FROM_MTA_HEADER
  1348. # score FAKEVALIDYAHOOJP 5.0
  1349.  
  1350.  
  1351. meta YAHOOJPSPAMCOP RCVD_IN_BL_SPAMCOP_NET && INVALIDYAHOOJP
  1352. describe YAHOOJPSPAMCOP RCVD_IN_BL_SPAMCOP_NET && INVALIDYAHOOJP
  1353. score YAHOOJPSPAMCOP 7.0
  1354.  
  1355. meta INVYJP_DYN INVALIDYAHOOJP && ___DYNAMICIP
  1356. score INVYJP_DYN 3.5
  1357.  
  1358. #
  1359. # Thanks to WAGATSUMA Yoshiko aka kuromomo tan
  1360. # 2005.10.28 by [yoh]
  1361. # 2006.04.07 by [yoh]
  1362. # 2008.01.04 by [yoh]
  1363. #
  1364.  
  1365. # header ___VALIDHOTMAILRCVD1 Received =~/from.+(hotmail\.com \(bay[0-9]+-[a-z]+[0-9]+\.bay[0-9]+\.hotmail\.com \[64\.4(\.[0-9]+){2,2}\]\)|64\.4(\.[0-9]+){2,2} +\(.+ hotmail\.com\) +\(64\.4(\.[0-9]+){2,2}\)).+by /
  1366. # header ___VALIDHOTMAILRCVD3 Received =~/from 64\.4(\.[0-9]{1,3}){2,2} by [a-z0-9]+\.[a-z0-9]+\.hotmail\.msn\.com with HTTP/
  1367. # header ___VALIDHOTMAILRCVD1 X-Spam-Relays-Untrusted =~ / ip=(64\.4|65\.5[2-5])(\.\d{1,3}){2} rdns=bay\d+-\w+\.bay\d+\.hotmail\.com helo=hotmail\.com by=.+ ident= envfrom= intl=0 id=.+ auth= /
  1368. header ___VALIDHOTMAILRCVD1 X-Spam-Relays-Untrusted =~ / ip=(64\.4|65\.5[2-5])(?:\.\d{1,3}){2} /
  1369. # header ___VALIDHOTMAILRCVD2 Received =~/from mail pickup service by hotmail\.com with Microsoft SMTPSVC/
  1370. # header ___VALIDHOTMAILRCVD3 X-Spam-Relays-Untrusted =~ / ip=64\.4(?:\.\d{1,3}){2} rdns= helo= by=\w+\.bay\d+\.hotmail\.msn\.com ident= envfrom= intl=0 id= auth=HTTP /
  1371. header ___VALIDHOTMAILRCVD4 X-Originating-IP =~/\[\d{2,3}(?:\.\d{1,3}){3}\]/
  1372. # header ___VALIDHOTMAILRCVD5 X-Originating-Email =~/\[.+\@hotmail\.co\.jp\]/
  1373. # header ___VALIDHOTMAILRCVD6 X-Sender =~/.+\@hotmail\.co\.jp/
  1374. header ___HOTMAILCOJPFROM From =~/.+\@hotmail\.co\.jp/
  1375.  
  1376. # meta FORGED_JPHOTMAIL_RCVD ___HOTMAILCOJPFROM && ! (___VALIDHOTMAILRCVD1 && ___VALIDHOTMAILRCVD2 && ___VALIDHOTMAILRCVD3 && ___VALIDHOTMAILRCVD4 && ___VALIDHOTMAILRCVD5 && ___VALIDHOTMAILRCVD6)
  1377. meta FORGED_JPHOTMAIL_RCVD ___HOTMAILCOJPFROM && ! (___VALIDHOTMAILRCVD1 && ___VALIDHOTMAILRCVD4)
  1378. describe FORGED_JPHOTMAIL_RCVD From: has hotmail.co.jp, but no Received: from hotmail.com
  1379. score FORGED_JPHOTMAIL_RCVD 1.5
  1380.  
  1381. # meta VALID_JPHOTMAIL_RCVD ___HOTMAILCOJPFROM && ___VALIDHOTMAILRCVD1 && ___VALIDHOTMAILRCVD2 && ___VALIDHOTMAILRCVD3 && ___VALIDHOTMAILRCVD4 && ___VALIDHOTMAILRCVD5 && ___VALIDHOTMAILRCVD6
  1382. meta VALID_JPHOTMAIL_RCVD ___HOTMAILCOJPFROM && ___VALIDHOTMAILRCVD1 && ___VALIDHOTMAILRCVD4
  1383. score VALID_JPHOTMAIL_RCVD -1.0
  1384.  
  1385.  
  1386. header FORGED_MSSMTP Received =~ /from (?!mail pickup service )[\w\._-]+ \((\d{1,4}\.){3}\d{1,4}\) by [\w\._-]+ with Microsoft SMTPSVC\(\d/
  1387. describe FORGED_MSSMTP MSExchange doesn't add such a Received: header
  1388. score FORGED_MSSMTP 1.5
  1389.  
  1390. header ___MSEX X-MimeOLE =~ /Produced By Microsoft Exchange V\d/
  1391. # probably forged MSSMTPSVC strings
  1392. meta ___FRGDMSSMTPSVC FORGED_MSSMTP && !___MSEX
  1393.  
  1394. meta SJISFRGDMSSMTP MIME_BASE64_TEXT && SJIS_C && ___FRGDMSSMTPSVC
  1395. score SJISFRGDMSSMTP 3.5
  1396.  
  1397. meta DCN_FRGDMSSMTP ___DCN && ___FRGDMSSMTPSVC
  1398. score DCN_FRGDMSSMTP 3.5
  1399.  
  1400.  
  1401. score INVALID_MSGID 1.5
  1402.  
  1403. header SHIFT_JIS2 Content-Type =~ /text\/plain; charset=\"{0,1}shift_jis\"{0,1}/i
  1404. describe SHIFT_JIS2 Content-Type: text/plain; charset="SHIFT_JIS"
  1405. score SHIFT_JIS2 1.5
  1406.  
  1407. full SHIFT_JIS1 /charset="shift_jis"/i
  1408. describe SHIFT_JIS1 charset="shift_jis"
  1409. score SHIFT_JIS1 1.0
  1410.  
  1411. meta INVALIDSJIS INVALID_MSGID && (SHIFT_JIS1 || SJIS_BODY)
  1412. describe INVALIDSJIS INVALID_MSGID && (SHIFT_JIS1 || SJIS_BODY)
  1413. score INVALIDSJIS 5.0
  1414.  
  1415.  
  1416. # 2019.04.29 by [yoh]
  1417. # meta INVALIDSJIS2 SHIFT_JIS1 * (! ___CONTRANENC)
  1418. # score INVALIDSJIS2 10
  1419.  
  1420.  
  1421. full ___FROMSJIS /\nFrom: =\?shift_jis\?B\?/
  1422. full ___SUBJECTSJIS /\nSubject: =\?shift_jis\?B\?/
  1423. full ___RCVDUNKYH /\nReceived: from unknown \(HELO [a-z]{2,}\) \(\d{1,3}(?:\.\d{1,3}){3} with login\)\n by smtp\d+\.mail\.kks\.yahoo\.co\.jp with SMTP/
  1424.  
  1425. meta YHJMT MULTIPART_ALTERNATIVE && ___FROMSJIS && ___SUBJECTSJIS && ___RCVDUNKYH
  1426. score YHJMT 5.0
  1427.  
  1428. # >>>--- memo for debug 2010.09.26 by [yoh] ---<<<
  1429.  
  1430.  
  1431. # thrown away 2005.09.28 by [yoh]
  1432. #
  1433. # full DREAMWIZ /dreamwiz\.com/
  1434. # describe DREAMWIZ http://my.dreamwiz.com/
  1435. # score DREAMWIZ 5.0
  1436. #
  1437. # header HANMAIL_NET Reply-To =~ /\@hanmail\.net/
  1438. # describe HANMAIL_NET hanmail.net
  1439. # score HANMAIL_NET 2.0
  1440.  
  1441. rawbody SIDEBUSINESS /%5%\$%I%S%8%M%9/
  1442. describe SIDEBUSINESS SIDEBUSINESS
  1443. score SIDEBUSINESS 1.0
  1444.  
  1445. # In SA 3.2.x, "body" rule has been changed.
  1446. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1447. # 2008.05.24 by [yoh]
  1448. rawbody OTAKARA /\$\*Ju/
  1449. describe OTAKARA OTAKARA
  1450. score OTAKARA 1.0
  1451.  
  1452.  
  1453. # In SA 3.2.x, "body" rule has been changed.
  1454. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1455. # 2008.05.24 by [yoh]
  1456. rawbody FUJITAYUZAN /F\#EDM\:\;3/
  1457. describe FUJITAYUZAN FUJITAYUZAN
  1458. score FUJITAYUZAN 0.5
  1459.  
  1460. # In SA 3.2.x, "body" rule has been changed.
  1461. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1462. # 2008.05.24 by [yoh]
  1463. rawbody HIROSHIMAKENCHIJI /9\-Eg8\)CN\;v/
  1464. describe HIROSHIMAKENCHIJI HIROSHIMAKENCHIJI
  1465. score HIROSHIMAKENCHIJI 0.5
  1466.  
  1467. # In SA 3.2.x, "body" rule has been changed.
  1468. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1469. # 2008.05.24 by [yoh]
  1470. rawbody NOMOTODENO /\$N85\$G\$N/
  1471. describe NOMOTODENO NOMOTODENO
  1472. score NOMOTODENO 0.1
  1473.  
  1474. # In SA 3.2.x, "body" rule has been changed.
  1475. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1476. # 2008.05.24 by [yoh]
  1477. rawbody OSOROSHIIHANASHI /62\$m\$7\$\$OC/
  1478. describe OSOROSHIIHANASHI OSOROSHIIHANASHI
  1479. score OSOROSHIIHANASHI 0.1
  1480.  
  1481. # In SA 3.2.x, "body" rule has been changed.
  1482. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1483. # 2008.05.24 by [yoh]
  1484. rawbody GYOUSEISOSHO /9T\@\/AJ\>Y/
  1485. describe GYOUSEISOSHO GYOUSEISOSHO
  1486. score GYOUSEISOSHO 0.1
  1487.  
  1488. # In SA 3.2.x, "body" rule has been changed.
  1489. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1490. # 2008.05.24 by [yoh]
  1491. rawbody SOKURYOSHI /B\,NL\;N/
  1492. describe SOKURYOSHI SOKURYOSHI
  1493. score SOKURYOSHI 0.1
  1494.  
  1495. meta FUJITACHIJI FUJITAYUZAN && HIROSHIMAKENCHIJI
  1496. describe FUJITACHIJI FUJITAYUZAN && HIROSHIMAKENCHIJI
  1497. score FUJITACHIJI 1.0
  1498. meta CHIJINOMOTO HIROSHIMAKENCHIJI && NOMOTODENO
  1499. describe CHIJINOMOTO HIROSHIMAKENCHIJI && NOMOTODENO
  1500. score CHIJINOMOTO 1.0
  1501. meta MOTODEOSORO NOMOTODENO && OSOROSHIIHANASHI
  1502. describe MOTODEOSORO NOMOTODENO && OSOROSHIIHANASHI
  1503. score MOTODEOSORO 1.0
  1504. meta OSOROGYOUSEI OSOROSHIIHANASHI && GYOUSEISOSHO
  1505. describe OSOROGYOUSEI OSOROSHIIHANASHI && GYOUSEISOSHO
  1506. score OSOROGYOUSEI 1.0
  1507.  
  1508. meta FUJITASPAM1 FUJITACHIJI && CHIJINOMOTO && MOTODEOSORO
  1509. describe FUJITASPAM1 FUJITACHIJI && CHIJINOMOTO && MOTODEOSORO
  1510. score FUJITASPAM1 3.0
  1511. meta FUJITASPAM2 FUJITACHIJI && MOTODEOSORO && OSOROGYOUSEI
  1512. describe FUJITASPAM2 FUJITACHIJI && MOTODEOSORO && OSOROGYOUSEI
  1513. score FUJITASPAM2 3.0
  1514.  
  1515. header NIKKEIBP From =~ /nikkeibp.co.jp/
  1516. describe NIKKEIBP nikkeibp.co.jp
  1517. score NIKKEIBP -10
  1518.  
  1519. # Thanks to: SHIBATA Hisaaki san
  1520. body AFAF /(zimbabwe|nigeria|angola|south afric|Sierra|UNITA)/i
  1521. describe AFAF Afaf
  1522. score AFAF 1.5
  1523.  
  1524. # 2014.09.25 by [yoh]
  1525. body CHINAFAKE /(?:[^\. ]{1,}\.{1,3}){5,}/
  1526. describe CHINAFAKE F..A..K..E..C.H.A.N.E.L..B.A.G
  1527. score CHINAFAKE 0.5
  1528.  
  1529. meta YHOCNFAKE YHOWEBMGBMP && CHINAFAKE
  1530. score YHOCNFAKE 5.5
  1531.  
  1532. # replacing "OBFUSCATING_COMMENT"
  1533. # There are many types of OBFUSCATING_COMMENT. So, it's very difficult
  1534. # to detect various types of them.
  1535. # I think that detecting single or double rules are dangerous.
  1536.  
  1537. # Original rule fails to detect normal Japanese word, and scores too high.
  1538. score OBFUSCATING_COMMENT 0.0
  1539.  
  1540. # Outlook Express CAN send HTML in this format
  1541. # 2006.07.11 [yoh]
  1542. score FORGED_OUTLOOK_TAGS 0
  1543.  
  1544. # Outlook Express CAN send HTML in this format
  1545. # 2006.08.07 [yoh]
  1546. score HTML_OBFUSCATE_05_10 0.1
  1547. # score HTML_NONELEMENT_70_80 0.1
  1548.  
  1549. # http://jvnrss.ise.chuo-u.ac.jp/csn/index.cgi?p=SpamAssassin%A4%CEFH_DATE_PAST_20XX
  1550. # http://wiki.apache.org/spamassassin/Rules/FH_DATE_PAST_20XX
  1551. # 2010.01.04 [yoh]
  1552. score FH_DATE_PAST_20XX 0.0
  1553.  
  1554.  
  1555. # closed 2011.11.16 by [yoh]
  1556.  
  1557. # rawbody FAKEDWORD_ATMARK /(^| |\r|\n)[A-Za-z]{0,}(\@[A-Za-z]+){1,}(\.{0,1}$| |[:;\r\n])/
  1558. # describe FAKEDWORD_ATMARK ex. em@il (this rule is only for body)
  1559. # score FAKEDWORD_ATMARK 0.5
  1560.  
  1561. # full FAKEDWORD_ZERO /( |\r|\n)[A-Za-z]{0,}(0[A-Za-z]+){1,}(\.{0,1}$| |[:;\r\n])/
  1562. # describe FAKEDWORD_ZERO ex. Cust0mer
  1563. # score FAKEDWORD_ZERO 0.5
  1564.  
  1565. # full FAKEDWORD_ONE /( |\r|\n)[A-Za-z]{0,}(?:1[A-Za-z]+){1,}(\.{0,1}$| |[:;\r\n])/
  1566. # describe FAKEDWORD_ONE ex. l1st
  1567. # score FAKEDWORD_ONE 0.5
  1568.  
  1569. # full FAKEDWORD_EXCLAMATION /( |\r|\n)[A-Za-z]{0,}(\![A-Za-z]+){1,}(\.{0,1}$| |[:;\r\n])/
  1570. # describe FAKEDWORD_EXCLAMATION ex. MED!C!NE
  1571. # score FAKEDWORD_EXCLAMATION 0.5
  1572.  
  1573. # full FAKEDWORD_VERTICALLINE /( |\r|\n)[A-Za-z]{0,}([1|][A-Za-z]+){1,}(\.{0,1}$| |[:;\r\n])/
  1574. # describe FAKEDWORD_VERTICALLINE ex. REM|O|VED
  1575. # score FAKEDWORD_VERTICALLINE 0.5
  1576.  
  1577. # full FAKEDWORD_BACKQUOTE /( |\r|\n)[A-Za-z]{0,}(\`[A-Za-z]+){1,}(\.{0,1}$| |[:;\r\n])/
  1578. # describe FAKEDWORD_BACKQUOTE ex. B`uy
  1579. # score FAKEDWORD_BACKQUOTE 0.5
  1580.  
  1581. # full FAKEDWORD_BQONE /( |\r|\n)[A-Za-z1]{1,}[\^\`]{1,}[A-Za-z1]{2,}(\.{0,1}$| |[:;\r\n])/
  1582. # describe FAKEDWORD_BQONE ex. ava1^iable
  1583. # score FAKEDWORD_BQONE 0.5
  1584.  
  1585. full MULTIPART_EMPTY /(\r|\n){2}\-{6}=_NextPart_\d{3}_\d{4}_\w{8}\.\w{8}(\r|\n)Content\-Type: multipart\/alternative\;(\r|\n)\tboundary=\"\-{4}=_NextPart_\d{3}_\d{4}_\w{8}\.\w{8}\"(\r|\n){2,}\-{6}=_NextPart_\d{3}_\d{4}_\w{8}\.\w{8}(\r|\n)Content\-Type: text\/plain\;(\r|\n)\tcharset=\"Windows-1252\"(\r|\n)Content-Transfer-Encoding: quoted-printable(\r|\n){2,}/
  1586.  
  1587. # Bayes engine needs frequently maintenance and balanced corpus.
  1588. # So I decided setting low score.
  1589. # 2010.04.14 by [yoh]
  1590. meta MULTIEMPTY99 MULTIPART_EMPTY && BAYES_99
  1591. score MULTIEMPTY99 3.0
  1592.  
  1593. meta MULTIEMPTYFUTURE DATE_IN_FUTURE_06_12 && MULTIPART_EMPTY
  1594. score MULTIEMPTYFUTURE 3.5
  1595.  
  1596. # 2019.04.29 by [yoh]
  1597. # meta EMPTYEXTRAMPARTTYPE EXTRA_MPART_TYPE && MULTIPART_EMPTY
  1598. # score EMPTYEXTRAMPARTTYPE 3.5
  1599.  
  1600.  
  1601. # thrown away 2005.09.14 by [yoh]
  1602. #
  1603. # rawbody OBFUSTAG1 /<(sup|em|font|big)><\/\1>/
  1604. # describe OBFUSTAG1 <sup></sup>
  1605. # score OBFUSTAG1 3.0
  1606.  
  1607. # special thanks to: R.Takashi ISHIOKA-san! 2003/07/16
  1608. # In SA 3.2.x, "body" rule has been changed.
  1609. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1610. # 2008.05.24 by [yoh]
  1611. rawbody SJIS_SOSHINSHA /\221\227\220M\216\322/
  1612. describe SJIS_SOSHINSHA soushinsha using sjis
  1613. score SJIS_SOSHINSHA 1.0
  1614.  
  1615. # thrown away 2005.09.14 by [yoh]
  1616. #
  1617. # meta FAKED_SJISBODY1 SJIS_SOSHINSHA && ISO2022JP_BODY
  1618. # describe FAKED_SJISBODY1 SJIS_SOSHINSHA && ISO2022JP_BODY
  1619. # score FAKED_SJISBODY1 5.0
  1620.  
  1621. # In SA 3.2.x, "body" rule has been changed.
  1622. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1623. # 2008.05.24 by [yoh]
  1624. rawbody SJIS_URAVIDEO /\x97.\x83\x72\x83\x66\x83\x49/
  1625. describe SJIS_URAVIDEO uravideo using sjis
  1626. score SJIS_URAVIDEO 2.5
  1627. # In SA 3.2.x, "body" rule has been changed.
  1628. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1629. # 2008.05.24 by [yoh]
  1630. rawbody SJIS_SAISHINRYUSHUTSU /\x8d\xc5\x90\x56\x97\xac\x8f\x6f/
  1631. describe SJIS_SAISHINRYUSHUTSU saishinryushutsu using sjis
  1632. score SJIS_SAISHINRYUSHUTSU 2.5
  1633. # In SA 3.2.x, "body" rule has been changed.
  1634. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1635. # 2008.05.24 by [yoh]
  1636. rawbody SJIS_BURUSERA /\x83\x75\x83\x8b\x83\x5a\x83\x89/
  1637. describe SJIS_BURUSERA burusera using sjis
  1638. score SJIS_BURUSERA 2.5
  1639. # In SA 3.2.x, "body" rule has been changed.
  1640. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1641. # 2008.05.24 by [yoh]
  1642. rawbody SJIS_SHIROUTOTOUKOU /\x91\x66\x90\x6c\x93\x8a\x8d\x65/
  1643. describe SJIS_SHIROUTOTOUKOU shiroutotoukou using sjis
  1644. score SJIS_SHIROUTOTOUKOU 2.5
  1645. # In SA 3.2.x, "body" rule has been changed.
  1646. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1647. # 2008.05.24 by [yoh]
  1648. rawbody SJIS_YOUMONO /\x97\x6d\x95\xa8/
  1649. describe SJIS_YOUMONO youmono using sjis
  1650. score SJIS_YOUMONO 2.5
  1651. # In SA 3.2.x, "body" rule has been changed.
  1652. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1653. # 2008.05.24 by [yoh]
  1654. rawbody SJIS_TOUSATSU /\x93\x90\x8e\x42/
  1655. describe SJIS_TOUSATSU tousatsu using sjis
  1656. score SJIS_TOUSATSU 2.5
  1657. # In SA 3.2.x, "body" rule has been changed.
  1658. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1659. # 2008.05.24 by [yoh]
  1660. rawbody SJIS_LOLIKEI /\x83\x8d\x83\x8a\x8c\x6e/
  1661. describe SJIS_LOLIKEI lolikei using sjis
  1662. score SJIS_LOLIKEI 2.5
  1663. # In SA 3.2.x, "body" rule has been changed.
  1664. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1665. # 2008.05.24 by [yoh]
  1666. rawbody SJIS_ZENKAKU_SM /\x82\x72\x82\x6c/
  1667. describe SJIS_ZENKAKU_SM SM in zenkaku using sjis
  1668. score SJIS_ZENKAKU_SM 1.5
  1669.  
  1670. #
  1671. # added 2010.11.03 by [yoh]
  1672. #
  1673. rawbody SJIS_SHOUZAI /\x8f\xa4\x8d\xde/
  1674. score SJIS_SHOUZAI 1.5
  1675. meta DYN_SJIS_SHOUZAI ___DYNAMICIP && SJIS_SHOUZAI
  1676. score DYN_SJIS_SHOUZAI 3.5
  1677.  
  1678.  
  1679. meta PORN_SJIS (SJIS_BURUSERA||SJIS_LOLIKEI||SJIS_SAISHINRYUSHUTSU||SJIS_SHIROUTOTOUKOU||SJIS_TOUSATSU||SJIS_URAVIDEO||SJIS_YOUMONO||SJIS_ZENKAKU_SM)&&(ISO2022JP_BODY||ISO2022JP_CHARSET)
  1680. describe PORN_SJIS (SJIS_BURUSERA||SJIS_LOLIKEI||SJIS_SAISHINRYUSHUTSU||SJIS_SHIROUTOTOUKOU||SJIS_TOUSATSU||SJIS_URAVIDEO||SJIS_YOUMONO||SJIS_ZENKAKU_SM)&&(ISO2022JP_BODY||ISO2022JP_CHARSET)
  1681. score PORN_SJIS 5.0
  1682.  
  1683. # thrown away 2005.09.14 by [yoh]
  1684. #
  1685. # header HOSYOU_JPSPAM Received =~ /(\(HELO hosyou|from hosyou-.\.mine\.nu \(.+tokyo.ocn.ne.jp)/
  1686. # describe HOSYOU_JPSPAM ZAITAKUBUSINESS type Japanese spammer
  1687. # score HOSYOU_JPSPAM 7.0
  1688. #
  1689. # body SHOUKOMISEMASU /\>Z5r.*8\+\$\;\$\^\$9/
  1690. # describe SHOUKOMISEMASU SHOUKO MISEMASU
  1691. # score SHOUKOMISEMASU 2.0
  1692.  
  1693.  
  1694.  
  1695.  
  1696. # body ZAITAKU /\:_Bp/
  1697. rawbody ZAITAKU /\:_Bp/
  1698. describe ZAITAKU ZAITAKU
  1699. score ZAITAKU 0.2
  1700.  
  1701. # In SA 3.2.x, "body" rule has been changed.
  1702. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1703. # 2008.05.24 by [yoh]
  1704. rawbody BUSINESS /%S%8%M%9/
  1705. describe BUSINESS BUSINESS
  1706. score BUSINESS 0.2
  1707.  
  1708. meta DYN_BUSINESS ___DYNAMICIP && BUSINESS
  1709. score DYN_BUSINESS 2.0
  1710.  
  1711. # In SA 3.2.x, "body" rule has been changed.
  1712. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1713. # 2008.05.24 by [yoh]
  1714. rawbody SHUUNYUU /\<\}F\~/
  1715. describe SHUUNYUU SHUUNYUU
  1716. score SHUUNYUU 0.2
  1717.  
  1718. # thrown away 2005.09.14 by [yoh]
  1719. #
  1720. # body HOSYOU_590MYEN /\#52\/\#9\@iK\|1_/
  1721. # describe HOSYOU_590MYEN 590000000yen
  1722. # score HOSYOU_590MYEN 2.0
  1723. #
  1724. # meta HOSYOUSPAM2 HOSYOU_JPSPAM && HOSYOU_590MYEN
  1725. # describe HOSYOUSPAM2 HOSYOU_JPSPAM && HOSYOU_590MYEN
  1726. # score HOSYOUSPAM2 5.0
  1727.  
  1728. # In SA 3.2.x, "body" rule has been changed.
  1729. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1730. # 2008.05.24 by [yoh]
  1731. rawbody OATSUI /\$\*G\.\$\$/
  1732. describe OATSUI Japanese porn word: OATSUI
  1733. score OATSUI 0.2
  1734.  
  1735. # In SA 3.2.x, "body" rule has been changed.
  1736. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1737. # 2008.05.24 by [yoh]
  1738. rawbody ZUKOZUKO /%:%3%:%3/
  1739. describe ZUKOZUKO Japanese porn word: ZUKOZUKO
  1740. score ZUKOZUKO 0.5
  1741.  
  1742. # In SA 3.2.x, "body" rule has been changed.
  1743. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1744. # 2008.05.24 by [yoh]
  1745. rawbody BINYUU /H~F}/
  1746. describe BINYUU Japanese porn word: BINYUU
  1747. score BINYUU 0.5
  1748.  
  1749. # In SA 3.2.x, "body" rule has been changed.
  1750. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1751. # 2008.05.24 by [yoh]
  1752. rawbody SEISHI /\@:;R/
  1753. describe SEISHI Japanese porn word: SEISHI
  1754. score SEISHI 0.5
  1755.  
  1756. # In SA 3.2.x, "body" rule has been changed.
  1757. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1758. # 2008.05.24 by [yoh]
  1759. rawbody BIMAN /H~%^%s/
  1760. describe BIMAN Japanese porn word: BIMAN
  1761. score BIMAN 0.5
  1762.  
  1763. # In SA 3.2.x, "body" rule has been changed.
  1764. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1765. # 2008.05.24 by [yoh]
  1766. rawbody DOSUKEBE /\$I\$9\$1\$Y/
  1767. describe DOSUKEBE Japanese porn word: DOSUKEBE
  1768. score DOSUKEBE 0.5
  1769.  
  1770. # In SA 3.2.x, "body" rule has been changed.
  1771. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1772. # 2008.05.24 by [yoh]
  1773. rawbody SHOJO /=h=w/
  1774. describe SHOJO Japanese porn word: SHOJO
  1775. score SHOJO 1.0
  1776.  
  1777. # !#$*JV;vBT$C$F$^$9!#!#
  1778.  
  1779. # In SA 3.2.x, "body" rule has been changed.
  1780. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1781. # 2008.05.24 by [yoh]
  1782. rawbody OHENJIMATT /\!\#\$\*JV;vBT\$C\$F\$\^\$9\!\#\!\#/
  1783. describe OHENJIMATT OHENJIMATTEMASU
  1784. score OHENJIMATT 1.0
  1785.  
  1786. rawbody TOOLONGSTR /^.{480,}$/
  1787. describe TOOLONGSTR too long strings without linefeed
  1788. score TOOLONGSTR 0.5
  1789.  
  1790. # In SA 3.2.x, "body" rule has been changed.
  1791. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1792. # 2008.05.24 by [yoh]
  1793. rawbody ZENKOKUSOKUJITSU /\x91\x53\x8d\x91\x91\xa6\x93\xfa.+\x97\x5a\x8e\x91/
  1794. describe ZENKOKUSOKUJITSU YAMIKIN word: zenkokusokujitsu supi-do yuushi
  1795. score ZENKOKUSOKUJITSU 3.0
  1796.  
  1797. # In SA 3.2.x, "body" rule has been changed.
  1798. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1799. # 2008.05.24 by [yoh]
  1800. rawbody TOUKYOUTOCHIJININKA /\x93\x8c\x8b\x9e\x93\x73\x92\x6d\x8e\x96\x94\x46\x89\xc2.+\x8f\xc1\x94\xef\x8e\xd2\x8b\xe0\x97\x5a/
  1801. describe TOUKYOUTOCHIJININKA YAMIKIN word: toukyoutochijininkazumi no shouhisha kin'yuu
  1802. score TOUKYOUTOCHIJININKA 3.0
  1803.  
  1804. # In SA 3.2.x, "body" rule has been changed.
  1805. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1806. # 2008.05.24 by [yoh]
  1807. rawbody GEKIYASU /(7c|3J)0B/
  1808. describe GEKIYASU GEKIYASU
  1809. score GEKIYASU 0.5
  1810.  
  1811. meta DYN_GEKIYASU ___DYNAMICIP && GEKIYASU
  1812. score DYN_GEKIYASU 3.0
  1813.  
  1814. # In SA 3.2.x, "body" rule has been changed.
  1815. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1816. # 2008.05.24 by [yoh]
  1817. rawbody PCSOFTHANBAI /PC...\%\=\%U\%H.*HNGd/
  1818. describe PCSOFTHANBAI PCsofthanbai
  1819. score PCSOFTHANBAI 1.0
  1820.  
  1821. meta DYN_PCSOFTHANBAI ___DYNAMICIP && PCSOFTHANBAI
  1822. score DYN_PCSOFTHANBAI 3.0
  1823.  
  1824. # In SA 3.2.x, "body" rule has been changed.
  1825. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1826. # 2008.05.24 by [yoh]
  1827. rawbody SAISHINPCSOFT /\:G\?7...PC...\%\=\%U\%H/
  1828. describe SAISHINPCSOFT saishinPCsoft
  1829. score SAISHINPCSOFT 2.0
  1830.  
  1831. meta DYN_SAISHINPCSOFT ___DYNAMICIP && SAISHINPCSOFT
  1832. score DYN_SAISHINPCSOFT 3.5
  1833.  
  1834. # In SA 3.2.x, "body" rule has been changed.
  1835. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1836. # 2008.05.24 by [yoh]
  1837. rawbody PCSOFTGEKIYASU /PC.+\%\=\%U\%H(7c|3J)0B/
  1838. describe PCSOFTGEKIYASU PCSOFTGEKIYASU
  1839. score PCSOFTGEKIYASU 1.5
  1840.  
  1841. meta DYN_PCSOFTGEKIYASU ___DYNAMICIP && PCSOFTGEKIYASU
  1842. score DYN_PCSOFTGEKIYASU 3.5
  1843.  
  1844. # In SA 3.2.x, "body" rule has been changed.
  1845. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1846. # 2008.05.24 by [yoh]
  1847. rawbody AITAI /(2q\$\$\$\?\$\$|\$\*2q\$\$\$7\$(\?\$\$|F\$_\$\^)|2q\$C\$F\$_\$(\^|F|\?))/
  1848. describe AITAI aitai...(sigh)
  1849. score AITAI 1.5
  1850.  
  1851. # In SA 3.2.x, "body" rule has been changed.
  1852. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1853. # 2008.05.24 by [yoh]
  1854. rawbody MATTERU /((BT|\$\^)\$C\$F(\$\$\$^\$9|\$C\$F\$b\$\$\$\$|\$F\$b\$\$\$\$|\$\^\$9|\$k|\$\$\$k)|\$\*BT\$A\$7\$F|BT\$C\$F\$\$\$\^\$9\!\#)/
  1855. describe MATTERU matteru
  1856. score MATTERU 0.3
  1857.  
  1858. meta DYN_MATTERU ___DYNAMICIP && MATTERU
  1859. score DYN_MATTERU 2.0
  1860.  
  1861. # In SA 3.2.x, "body" rule has been changed.
  1862. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1863. # 2008.05.24 by [yoh]
  1864. rawbody RENRAKU /O\"Mm/
  1865. describe RENRAKU renraku
  1866. score RENRAKU 0.2
  1867.  
  1868. meta DYN_RENRAKU ___DYNAMICIP && RENRAKU
  1869. score DYN_RENRAKU 2.0
  1870.  
  1871. # In SA 3.2.x, "body" rule has been changed.
  1872. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1873. # 2008.05.24 by [yoh]
  1874. rawbody DEAI /\=P2q\$\$/
  1875. describe DEAI deai
  1876. score DEAI 0.5
  1877.  
  1878. meta DYN_DEAI ___DYNAMICIP && DEAI
  1879. score DYN_DEAI 2.5
  1880.  
  1881. # In SA 3.2.x, "body" rule has been changed.
  1882. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1883. # 2008.05.24 by [yoh]
  1884. rawbody KARAMAIL /6u\%a\!\<\%k/
  1885. describe KARAMAIL karame-ru
  1886. score KARAMAIL 0.3
  1887.  
  1888. # thrown away 2005.09.14 by [yoh]
  1889. #
  1890. # meta KARASCAM KARAMAIL && JPSCAMMAILADDRESS
  1891. # describe KARASCAM KARAMAIL && JPSCAMMAILADDRESS
  1892. # score KARASCAM 3.5
  1893.  
  1894. # $*IU$-9g$$
  1895. # In SA 3.2.x, "body" rule has been changed.
  1896. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1897. # 2008.05.24 by [yoh]
  1898. rawbody OTSUKIAI /\$\*IU(\$\-){0,1}9g\$\$/
  1899. describe OTSUKIAI otsukiai
  1900. score OTSUKIAI 0.3
  1901.  
  1902. meta DYN_OTSUKIAI ___DYNAMICIP && OTSUKIAI
  1903. score DYN_OTSUKIAI 2.0
  1904.  
  1905. # In SA 3.2.x, "body" rule has been changed.
  1906. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1907. # 2008.05.24 by [yoh]
  1908. rawbody KONOKIMOCHI /\$3\$N5\$\;\}\$A/
  1909. describe KONOKIMOCHI konokimochi
  1910. score KONOKIMOCHI 0.3
  1911.  
  1912. # In SA 3.2.x, "body" rule has been changed.
  1913. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1914. # 2008.05.24 by [yoh]
  1915. rawbody UWAKI /Ib5\$/
  1916. describe UWAKI uwaki
  1917. score UWAKI 0.3
  1918.  
  1919. meta DYN_UWAKI ___DYNAMICIP && UWAKI
  1920. score DYN_UWAKI 2.0
  1921.  
  1922. # In SA 3.2.x, "body" rule has been changed.
  1923. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1924. # 2008.05.24 by [yoh]
  1925. rawbody FURIN /ITNQ/
  1926. describe FURIN furin
  1927. score FURIN 0.3
  1928.  
  1929. meta DYN_FURIN ___DYNAMICIP && FURIN
  1930. score DYN_FURIN 2.0
  1931.  
  1932. # In SA 3.2.x, "body" rule has been changed.
  1933. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1934. # 2008.05.24 by [yoh]
  1935. rawbody WARIKIRI /3d\$j\@Z\$j/
  1936. describe WARIKIRI warikiri
  1937. score WARIKIRI 0.3
  1938.  
  1939. meta DYN_WARIKIRI ___DYNAMICIP && WARIKIRI
  1940. score DYN_WARIKIRI 2.0
  1941.  
  1942. # In SA 3.2.x, "body" rule has been changed.
  1943. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1944. # 2008.05.24 by [yoh]
  1945. rawbody DOUTEI /F8Dg/
  1946. describe DOUTEI doutei
  1947. score DOUTEI 0.3
  1948.  
  1949. meta DYN_DOUTEI ___DYNAMICIP && DOUTEI
  1950. score DYN_DOUTEI 2.0
  1951.  
  1952. # In SA 3.2.x, "body" rule has been changed.
  1953. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1954. # 2008.05.24 by [yoh]
  1955. rawbody HITODZUMA /\?M\:J/
  1956. describe HITODZUMA hitodzuma
  1957. score HITODZUMA 0.3
  1958.  
  1959. meta DYN_HITODZUMA ___DYNAMICIP && HITODZUMA
  1960. score DYN_HITODZUMA 2.0
  1961.  
  1962. # In SA 3.2.x, "body" rule has been changed.
  1963. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1964. # 2008.05.24 by [yoh]
  1965. rawbody MIDARA /0\|\$i/
  1966. describe MIDARA midara
  1967. score MIDARA 0.3
  1968.  
  1969. meta DYN_MIDARA ___DYNAMICIP && MIDARA
  1970. score DYN_MIDARA 2.0
  1971.  
  1972. # In SA 3.2.x, "body" rule has been changed.
  1973. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1974. # 2008.05.24 by [yoh]
  1975. rawbody HIMITSUNO /HkL\)\$N/
  1976. describe HIMITSUNO himitsuno
  1977. score HIMITSUNO 0.1
  1978.  
  1979. meta DYN_HIMITSUNO ___DYNAMICIP && HIMITSUNO
  1980. score DYN_HIMITSUNO 2.0
  1981.  
  1982. # In SA 3.2.x, "body" rule has been changed.
  1983. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1984. # 2008.05.24 by [yoh]
  1985. rawbody HIMITSUNOHOGE /HkL\)\$N(\=P2q\$\$|M\'C\#|4X78|\$\*IU\$\-9g\$\$)/
  1986. describe HIMITSUNOHOGE himitsuno hogehoge
  1987. score HIMITSUNOHOGE 1.5
  1988.  
  1989. # In SA 3.2.x, "body" rule has been changed.
  1990. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  1991. # 2008.05.24 by [yoh]
  1992. rawbody FUAN /IT0B/
  1993. describe FUAN fuan
  1994. score FUAN 0.2
  1995.  
  1996. meta DYN_FUAN ___DYNAMICIP && FUAN
  1997. score DYN_FUAN 2.0
  1998.  
  1999. # body ANATA /\$\"\$J\$\?(\$\,|\$7\$\+|\$H|\$K|\$N|\$O|\$X\$N|\$b|\$r)/
  2000. # In SA 3.2.x, "body" rule has been changed.
  2001. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  2002. # 2008.05.24 by [yoh]
  2003. rawbody ANATA /(5\.J\}|\$\"\$J\$\?)(\$\,|\$7\$\+|\$H|\$K|\$N|\$O|\$X\$N|\$b|\$r|\$\@)/
  2004. describe ANATA Anata ... call me my name.(sigh)
  2005. score ANATA 0.5
  2006.  
  2007. meta DYN_ANATA ___DYNAMICIP && ANATA
  2008. score DYN_ANATA 2.0
  2009.  
  2010. # In SA 3.2.x, "body" rule has been changed.
  2011. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  2012. # 2008.05.24 by [yoh]
  2013. rawbody ONEGAI /\$\*4j\$\$/
  2014. describe ONEGAI onegai
  2015. score ONEGAI 0.2
  2016.  
  2017. meta DYN_ONEGAI ___DYNAMICIP && ONEGAI
  2018. score DYN_ONEGAI 2.0
  2019.  
  2020. # In SA 3.2.x, "body" rule has been changed.
  2021. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  2022. # 2008.05.24 by [yoh]
  2023. rawbody TOUROKU /EPO\?(\$\,|\$7\$\?|\$7\$A\$c\$\$|\$7\$F|\$7\$J\$\$|\$7\$\^\$9|\$9\$k|\$C\$F|\$G\$\-|\$H\$\$\$\&|\$H\$\+|\$N|\$O|\<T\$N\>R2p|\$"\$j\$,\$H\$\&\$4\$6\$\$\$\^)/
  2024.  
  2025. #)/
  2026. describe TOUROKU touroku
  2027. score TOUROKU 0.5
  2028.  
  2029. meta DYN_TOUROKU ___DYNAMICIP && TOUROKU
  2030. score DYN_TOUROKU 2.0
  2031.  
  2032. #
  2033. # meta ANATAONEGAITOUROKU ANATA && ONEGAI && TOUROKU && (JPSCAMURI || JPSCAMMAILADDRESS)
  2034. # describe ANATAONEGAITOUROKU ANATA ONEGAI TOUROKU to JPSCAMURI or JPSCAMMAILADDRESS
  2035. # score ANATAONEGAITOUROKU 3.0
  2036.  
  2037. # In SA 3.2.x, "body" rule has been changed.
  2038. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  2039. # 2008.05.24 by [yoh]
  2040. rawbody OHENJI /\$\*JV\;v/
  2041. describe OHENJI Ohenji
  2042. score OHENJI 0.2
  2043.  
  2044. meta DYN_OHENJI ___DYNAMICIP && OHENJI
  2045. score DYN_OHENJI 2.0
  2046.  
  2047. meta OHENJIMATTERU OHENJI && MATTERU
  2048. describe OHENJIMATTERU OHENJI && MATTERU
  2049. score OHENJIMATTERU 1.0
  2050.  
  2051. # In SA 3.2.x, "body" rule has been changed.
  2052. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  2053. # 2008.05.24 by [yoh]
  2054. rawbody HOTERU /\%\[\%F\%k/
  2055. describe HOTERU hoteru
  2056. score HOTERU 0.5
  2057.  
  2058. # In SA 3.2.x, "body" rule has been changed.
  2059. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  2060. # 2008.05.24 by [yoh]
  2061. rawbody HOTEL /(HOTEL|\#H\#O\#T\#E\#L)/i
  2062. describe HOTEL hotel
  2063. score HOTEL 0.5
  2064.  
  2065. meta DYN_HOTEL ___DYNAMICIP && (HOTEL || HOTERU)
  2066. score DYN_HOTEL 2.5
  2067.  
  2068. # meta HOTEL __HOTERU || __HOTEL
  2069. # describe HOTEL HOTEL
  2070. # score HOTEL 0.5
  2071.  
  2072. # In SA 3.2.x, "body" rule has been changed.
  2073. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  2074. # 2008.05.24 by [yoh]
  2075. rawbody TOUSATSU /Ep\;\#/
  2076. describe TOUSATSU tousatsu
  2077. score TOUSATSU 1.0
  2078.  
  2079. meta DYN_TOUSATSU ___DYNAMICIP && TOUSATSU
  2080. score DYN_TOUSATSU 4.0
  2081.  
  2082. # In SA 3.2.x, "body" rule has been changed.
  2083. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  2084. # 2008.05.24 by [yoh]
  2085. rawbody KARESHI /H\`\;a/
  2086. describe KARESHI kareshi
  2087. score KARESHI 0.2
  2088.  
  2089. meta DYN_KARESHI ___DYNAMICIP && KARESHI
  2090. score DYN_KARESHI 2.0
  2091.  
  2092. # In SA 3.2.x, "body" rule has been changed.
  2093. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  2094. # 2008.05.24 by [yoh]
  2095. rawbody CHAT /\%A\%c\%C\%H/
  2096. describe CHAT chatto
  2097. score CHAT 0.2
  2098.  
  2099. # In SA 3.2.x, "body" rule has been changed.
  2100. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  2101. # 2008.05.24 by [yoh]
  2102. rawbody HITORIKURASHI /0l\?MJk\$i\$7/
  2103. describe HITORIKURASHI hitorikurashi
  2104. score HITORIKURASHI 0.2
  2105.  
  2106. meta DYN_HITORIKURASHI ___DYNAMICIP && HITORIKURASHI
  2107. score DYN_HITORIKURASHI 2.0
  2108.  
  2109. # In SA 3.2.x, "body" rule has been changed.
  2110. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  2111. # 2008.05.24 by [yoh]
  2112. rawbody CIRCLE /\%5\!\<\%\/\%k/
  2113. describe CIRCLE sa-kuru
  2114. score CIRCLE 0.1
  2115.  
  2116. meta DYN_CIRCLE ___DYNAMICIP && CIRCLE
  2117. score DYN_CIRCLE 1.5
  2118.  
  2119. # In SA 3.2.x, "body" rule has been changed.
  2120. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  2121. # 2008.05.24 by [yoh]
  2122. rawbody MAJIMENAKANKEI /(\?\?LLL\\\$J|3d\$j\@Z\$C\$\?|Bg\?M\$N|BN\$N)(4X78|8r\:\]|\$\*IU\$\-9g\$\$|\$\*\$D\$\-9g\$\$)/
  2123. describe MAJIMENAKANKEI majimenakankei
  2124. score MAJIMENAKANKEI 1.5
  2125.  
  2126. meta DYN_MAJIMENAKANKEI ___DYNAMICIP && MAJIMENAKANKEI
  2127. score DYN_MAJIMENAKANKEI 3.0
  2128.  
  2129. #
  2130. # meta CIRCLEKANKEI CIRCLE && MAJIMENAKANKEI
  2131. # describe CIRCLEKANKEI CIRCLE && MAJIMENAKANKEI
  2132. # score CIRCLEKANKEI 3.0
  2133.  
  2134. # In SA 3.2.x, "body" rule has been changed.
  2135. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  2136. # 2008.05.24 by [yoh]
  2137. rawbody ENQUETE /\%\"\%s\%1\!\<\%H/
  2138. describe ENQUETE anke-to
  2139. score ENQUETE 0.2
  2140.  
  2141. meta DYN_ENQUETE ___DYNAMICIP && ENQUETE
  2142. score DYN_ENQUETE 2.0
  2143.  
  2144. # In SA 3.2.x, "body" rule has been changed.
  2145. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  2146. # 2008.05.24 by [yoh]
  2147. rawbody DAIHYOU /BeI\=/
  2148. describe DAIHYOU daihyou
  2149. score DAIHYOU 0.2
  2150.  
  2151. meta DYN_DAIHYOU ___DYNAMICIP && DAIHYOU
  2152. score DYN_DAIHYOU 2.0
  2153.  
  2154. # In SA 3.2.x, "body" rule has been changed.
  2155. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  2156. # 2008.05.24 by [yoh]
  2157. rawbody BOSHUUWO /(?:Bg){0,1}Jg\=8(?:\$r){0,1}/
  2158. describe BOSHUUWO boshuuwo
  2159. score BOSHUUWO 0.1
  2160.  
  2161. meta DYN_BOSHUUWO ___DYNAMICIP && BOSHUUWO
  2162. score DYN_BOSHUUWO 2.0
  2163.  
  2164. # thrown away 2005.09.14 by [yoh]
  2165. #
  2166. # meta DAIHYOUBOSHUUENQ ENQUETE && DAIHYOU && BOSHUUWO
  2167. # describe DAIHYOUBOSHUUENQ ENQUETE && DAIHYOU && BOSHUUWO
  2168. # score DAIHYOUBOSHUUENQ 1.5
  2169.  
  2170. # In SA 3.2.x, "body" rule has been changed.
  2171. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  2172. # 2008.05.24 by [yoh]
  2173. rawbody DANSEIKAIIN /(CK|\=w)\@\-2q0w/
  2174. describe DANSEIKAIIN danseikaiin
  2175. score DANSEIKAIIN 1.5
  2176.  
  2177. meta DYN_DANSEIKAIIN ___DYNAMICIP && DANSEIKAIIN
  2178. score DYN_DANSEIKAIIN 3.0
  2179.  
  2180. # In SA 3.2.x, "body" rule has been changed.
  2181. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  2182. # 2008.05.24 by [yoh]
  2183. rawbody TOMODACHI /M\'C\#/
  2184. describe TOMODACHI tomodachi
  2185. score TOMODACHI 0.1
  2186.  
  2187. meta DYN_TOMODACHI ___DYNAMICIP && TOMODACHI
  2188. score DYN_TOMODACHI 1.0
  2189.  
  2190. # In SA 3.2.x, "body" rule has been changed.
  2191. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  2192. # 2008.05.24 by [yoh]
  2193. rawbody AISHOU /Aj\@\-/
  2194. describe AISHOU aishou
  2195. score AISHOU 0.2
  2196.  
  2197. meta DYN_AISHOU ___DYNAMICIP && AISHOU
  2198. score DYN_AISHOU 1.0
  2199.  
  2200. # In SA 3.2.x, "body" rule has been changed.
  2201. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  2202. # 2008.05.24 by [yoh]
  2203. rawbody FERA /\%U\%\'\%i/
  2204. describe FERA Japanese porn word: fera
  2205. score FERA 1.0
  2206.  
  2207. meta DYN_FERA ___DYNAMICIP && FERA
  2208. score DYN_FERA 3.0
  2209.  
  2210. # In SA 3.2.x, "body" rule has been changed.
  2211. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  2212. # 2008.05.24 by [yoh]
  2213. rawbody KINSENTEKI /6bA\,E\*\$[JK]/
  2214. describe KINSENTEKI Kinsenteki
  2215. score KINSENTEKI 0.2
  2216.  
  2217. meta DYN_KINSENTEKI ___DYNAMICIP && KINSENTEKI
  2218. score DYN_KINSENTEKI 1.5
  2219.  
  2220. # In SA 3.2.x, "body" rule has been changed.
  2221. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  2222. # 2008.05.24 by [yoh]
  2223. rawbody KIKONSHA /4\{\:\'\<T/
  2224. describe KIKONSHA Kikonsha
  2225. score KIKONSHA 0.2
  2226.  
  2227. # In SA 3.2.x, "body" rule has been changed.
  2228. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  2229. # 2008.05.24 by [yoh]
  2230. rawbody OTTO /IW\$[\+|K|\,|\@|X|O|N|H]/
  2231. describe OTTO otto
  2232. score OTTO 0.1
  2233.  
  2234. # In SA 3.2.x, "body" rule has been changed.
  2235. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  2236. # 2008.05.24 by [yoh]
  2237. rawbody SHUJIN /\<g\?M/
  2238. describe SHUJIN shujin
  2239. score SHUJIN 0.1
  2240.  
  2241. meta DYN_SHUJIN ___DYNAMICIP && (SHUJIN || OTTO || KIKONSHA)
  2242. score DYN_SHUJIN 1.0
  2243.  
  2244. # In SA 3.2.x, "body" rule has been changed.
  2245. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  2246. # 2008.05.24 by [yoh]
  2247. rawbody DEETO /\%G\!\<\%H/
  2248. describe DEETO deeto
  2249. score DEETO 0.1
  2250.  
  2251. meta DYN_DEETO ___DYNAMICIP && DEETO
  2252. score DYN_DEETO 1.0
  2253.  
  2254. # In SA 3.2.x, "body" rule has been changed.
  2255. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  2256. # 2008.05.24 by [yoh]
  2257. rawbody WAGAMAMA /((\$o|2f)\$\,\$\^\$\^|\%o\%\,\%\^\%\^|2fPV)/
  2258. describe WAGAMAMA wagamama
  2259. score WAGAMAMA 0.1
  2260.  
  2261. meta DYN_WAGAMAMA ___DYNAMICIP && WAGAMAMA
  2262. score DYN_WAGAMAMA 1.0
  2263.  
  2264.  
  2265. # In SA 3.2.x, "body" rule has been changed.
  2266. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  2267. # 2008.05.24 by [yoh]
  2268. rawbody ASONDE /M7\$s\$G/
  2269. describe ASONDE asonde
  2270. score ASONDE 0.1
  2271.  
  2272. meta DYN_ASONDE ___DYNAMICIP && ASONDE
  2273. score DYN_ASONDE 1.5
  2274.  
  2275. # In SA 3.2.x, "body" rule has been changed.
  2276. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  2277. # 2008.05.24 by [yoh]
  2278. rawbody SUPPORT /\%5\%\]\!\<\%H/
  2279. describe SUPPORT sapo-to
  2280. score SUPPORT 0.1
  2281.  
  2282. meta DYN_SUPPORT ___DYNAMICIP && SUPPORT
  2283. score DYN_SUPPORT 2.0
  2284.  
  2285. # In SA 3.2.x, "body" rule has been changed.
  2286. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  2287. # 2008.05.24 by [yoh]
  2288. rawbody ___MAN_EN /K\|1_/
  2289. describe ___MAN_EN man'en
  2290.  
  2291. # thrown away 2006.01.05 by [yoh]
  2292. #
  2293. # meta AITAISUPPORT AITAI && SUPPORT && ___MAN_EN && (BAYES_99 || BAYES_95)
  2294. # describe AITAISUPPORT AITAI && SUPPORT
  2295. # score AITAISUPPORT 5.0
  2296.  
  2297. #
  2298. # I wrote this rule at 2005.11.14 00:40
  2299. # I modified this rule at 2005.11.14 10:00 and uploaded at 13:22
  2300. # So, when this NG word will dissapear? :-P
  2301. # 2005.11.14 by [yoh]
  2302. # Yes, "Gyakuen" means fraud.
  2303. # If you're native Japanese, you'd better read this:
  2304. # http://itpro.nikkeibp.co.jp/article/Watcher/20060319/232825/
  2305. # 2006.03.27 by [yoh]
  2306. #
  2307.  
  2308. # In SA 3.2.x, "body" rule has been changed.
  2309. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  2310. # 2008.05.24 by [yoh]
  2311. rawbody GYAKUEN /5U(\!o|1g|1o)/
  2312. describe GYAKUEN gyakuen
  2313. score GYAKUEN 1.0
  2314.  
  2315. #
  2316. # I wrote this rule at 2005.11.14 13:22
  2317. # So, when this NG word will dissapear? :-P
  2318. # 2005.11.14 by [yoh]
  2319. #
  2320.  
  2321. header GYAKUENSUBJ Subject =~ /5U(\!o|1g)/
  2322. describe GYAKUENSUBJ gyakuen in Subject:
  2323. score GYAKUENSUBJ 2.0
  2324.  
  2325. meta DYN_GYAKUEN ___DYNAMICIP && (GYAKUEN || GYAKUENSUBJ)
  2326. score DYN_GYAKUEN 2.5
  2327.  
  2328. # In SA 3.2.x, "body" rule has been changed.
  2329. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  2330. # 2008.05.24 by [yoh]
  2331. rawbody URADVD /N\".{2,5}DVD/
  2332. describe URADVD uradvd
  2333. score URADVD 1.0
  2334.  
  2335. meta DYN_URADVD ___DYNAMICIP && URADVD
  2336. score DYN_URADVD 4.0
  2337.  
  2338. # In SA 3.2.x, "body" rule has been changed.
  2339. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  2340. # 2008.05.24 by [yoh]
  2341. rawbody KEIJIBAN /7G\<\(HD/
  2342. describe KEIJIBAN keijiban
  2343. score KEIJIBAN 0.3
  2344.  
  2345. meta DYN_KEIJIBAN ___DYNAMICIP && KEIJIBAN
  2346. score DYN_KEIJIBAN 1.0
  2347.  
  2348. meta HAJIMETEKEIJIBAN DYN_HAJIMETE && KEIJIBAN
  2349. score HAJIMETEKEIJIBAN 5.5
  2350.  
  2351. # In SA 3.2.x, "body" rule has been changed.
  2352. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  2353. # 2008.05.24 by [yoh]
  2354. rawbody SEFURE /\%\;\%U\%l/
  2355. describe SEFURE sefure
  2356. score SEFURE 0.7
  2357.  
  2358. meta DYN_SEFURE ___DYNAMICIP && SEFURE
  2359. score DYN_SEFURE 2.0
  2360.  
  2361. # In SA 3.2.x, "body" rule has been changed.
  2362. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  2363. # 2008.05.24 by [yoh]
  2364. rawbody OAITE /\$\*Aj\<j/
  2365. describe OAITE oaite
  2366. score OAITE 0.2
  2367.  
  2368. meta DYN_OAITE ___DYNAMICIP && OAITE
  2369. score DYN_OAITE 1.0
  2370.  
  2371. # In SA 3.2.x, "body" rule has been changed.
  2372. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  2373. # 2008.05.24 by [yoh]
  2374. rawbody ECSTASY /\%\(\%\/\%9\%\?\%7/
  2375. describe ECSTASY ecstasy
  2376. score ECSTASY 0.3
  2377.  
  2378. meta DYN_ECSTASY ___DYNAMICIP && ECSTASY
  2379. score DYN_ECSTASY 3.0
  2380.  
  2381. # In SA 3.2.x, "body" rule has been changed.
  2382. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  2383. # 2008.05.24 by [yoh]
  2384. rawbody OMATOME /\$\*\$\^\$H\$a/
  2385. describe OMATOME omatome
  2386. score OMATOME 1.0
  2387.  
  2388. meta DYN_OMATOME ___DYNAMICIP && OMATOME
  2389. score DYN_OMATOME 3.5
  2390.  
  2391.  
  2392. rawbody AFFILIATE /\%\"\%U\%\#\%j\%\(\%\$\%H/
  2393. describe AFFILIATE affiliate
  2394. score AFFILIATE 0.5
  2395.  
  2396. meta DYN_AFFILIATE ___DYNAMICIP && AFFILIATE
  2397. score DYN_AFFILIATE 3.5
  2398.  
  2399. rawbody KASEGU /2T\$0/
  2400. describe KASEGU kasegu
  2401. score KASEGU 0.5
  2402.  
  2403. meta DYN_KASEGU ___DYNAMICIP && KASEGU
  2404. score DYN_KASEGU 3.5
  2405.  
  2406. rawbody KONOTABI /\$3\$N(?:EY|\$?\$S)\$O/
  2407. score KONOTABI 0.5
  2408.  
  2409. meta DYN_KONOTABI ___DYNAMICIP && KONOTABI
  2410. score DYN_KONOTABI 3.5
  2411.  
  2412. rawbody NAIYOUHAIKA /(?:EPO\?FbMF\$O0J2<\$N(?:DL|\$H\$\*)\$j|DL\$j\!\"\@_Dj)/
  2413. score NAIYOUHAIKA 0.5
  2414.  
  2415. meta DYN_NAIYOUHAIKA ___DYNAMICIP && NAIYOUHAIKA
  2416. score DYN_NAIYOUHAIKA 3.5
  2417.  
  2418. rawbody RANKING /\%s\%0E=/
  2419. score RANKING 0.5
  2420.  
  2421. meta DYN_RANKING ___DYNAMICIP && RANKING
  2422. score DYN_RANKING 3.5
  2423.  
  2424.  
  2425.  
  2426. # In SA 3.2.x, "body" rule has been changed.
  2427. # So, for matching ISO-2022-JP strings, we have to change to "rawbody" rule.
  2428. # 2008.05.24 by [yoh]
  2429. rawbody PACHINKO /\%Q\%A\%s\%3/
  2430. describe PACHINKO pachinko
  2431. score PACHINKO 0.1
  2432.  
  2433. meta XSPD_PACHINKO XPEED_KR && PACHINKO
  2434. score XSPD_PACHINKO 5.5
  2435.  
  2436. #
  2437. # added 2010.11.03 by [yoh]
  2438. #
  2439. rawbody SHOUZAI />&:`/
  2440. score SHOUZAI 0.5
  2441.  
  2442. meta DYN_SHOUZAI ___DYNAMICIP && SHOUZAI
  2443. score DYN_SHOUZAI 3.5
  2444.  
  2445. rawbody JOUHOU />pJs/
  2446. score JOUHOU 0.1
  2447.  
  2448. meta JOUHOUSHOUZAI JOUHOU && SHOUZAI
  2449. score JOUHOUSHOUZAI 1.5
  2450.  
  2451. #
  2452. # I wrote this rule at 2005.10.19 10:30.
  2453. # When the faked Received: will be disappeared?
  2454. # 2005.10.19 by [yoh]
  2455. #
  2456. # http://www.iana.org/assignments/ipv4-address-space
  2457. # over 223.0.0.0 is invalid.
  2458. # 2005.12.15 by [yoh]
  2459. #
  2460.  
  2461. # header FORGED_RCVD_IP Received =~ /from.+((2(2[3-9]|[3-9][0-9])|[3-9][0-9][0-9])(\.[0-9]+){3,3}|[0-9]+\.(2(5[6-9]|[6-9][0-9])|[3-9][0-9][0-9])(\.[0-9]+){2,2}|([0-9]+\.){2,2}(2(5[6-9]|[6-9][0-9])|[3-9][0-9][0-9])(\.[0-9]+)|(2(5[6-9]|[6-9][0-9])|[3-9][0-9][0-9])(\.[0-9]+){3,3})/
  2462. # header FORGED_RCVD_IP Received =~ /from.+((2(2[3-9]|[3-9][0-9])|[3-9][0-9][0-9])(\.[0-9]+){3,3}[^a-zA-Z0-9\._-]|[0-9]+\.(2(5[6-9]|[6-9][0-9])|[3-9][0-9][0-9])(\.[0-9]+){2,2}|([0-9]+\.){2,2}(2(5[6-9]|[6-9][0-9])|[3-9][0-9][0-9])(\.[0-9]+)|([0-9]+\.){3,3}(2(5[6-9]|[6-9][0-9])|[3-9][0-9][0-9]))/
  2463. # header FORGED_RCVD_IP Received =~ /from.+((2(2[3-9]|[3-9]\d)|[3-9]\d\d)(\.\d){3}[^a-zA-Z0-9\._-]|\d{1,3}\.(2(5[6-9]|[6-9]\d)|[3-9]\d\d)(?:\.\d{1,3}){2}|(\d{1,3}\.){2}(2(5[6-9]|[6-9]\d)|[3-9]\d\d)(?:\.\d{1,3})|(\d{1,3}\.){3}(2(5[6-9]|[6-9]\d)|[3-9]\d\d))/
  2464. # header FORGED_RCVD_IP Received =~ /from.+(\W(9[6-9]|1[01]\d|120|2(2[3-9]|[3-9]\d)|[3-9]\d\d)(?:\.\d{1,3}){3}[^\w\.-]|\d{1,3}\.(2(5[6-9]|[6-9]\d)|[3-9]\d\d)(?:\.\d{1,3}){2}|(\d{1,3}\.){2}(2(5[6-9]|[6-9]\d)|[3-9]\d\d)(?:\.\d{1,3})|(\d{1,3}\.){3}(2(5[6-9]|[6-9]\d)|[3-9]\d\d))/
  2465. # header FORGED_RCVD_IP Received =~ /(\W([01257]|2[37]|3[1679]|42|7[789]|9[6-9]|1[01]\d|120|17[3-9]|18[0-7]|197|2(2[3-9]|[3-9]\d)|[3-9]\d\d|\d{4,})(?:\.\d{1,3}){3}[^\w\.-]|\d{1,3}\.(2(5[6-9]|[6-9]\d)|[3-9]\d\d)(?:\.\d{1,3}){2}|(\d{1,3}\.){2}(2(5[6-9]|[6-9]\d)|[3-9]\d\d)(?:\.\d{1,3})|(\d{1,3}\.){3}(2(5[6-9]|[6-9]\d)|[3-9]\d\d))/
  2466. # header FORGED_RCVD_IP Received =~ /([^\w\.]([01257]|2[37]|3[1679]|42|7[789]|9[6-9]|1[01]\d|120|17[3-9]|18[0-7]|197|2(2[3-9]|[3-9]\d)|[3-9]\d\d|\d{4,})(\.\d{1,3}){3}[^\w\.-]|\d{1,3}\.(2(5[6-9]|[6-9]\d)|[3-9]\d\d)(\.\d{1,3}){2}|(\d{1,3}\.){2}(2(5[6-9]|[6-9]\d)|[3-9]\d\d)(\.\d{1,3})|(\d{1,3}\.){3}(2(5[6-9]|[6-9]\d)|[3-9]\d\d))/
  2467. # header FORGED_RCVD_IP Received =~ /[^\w\.](([01257]|2[37]|3[1679]|42|7[789]|9[6-9]|1[01]\d|120|17[3-9]|18[0-7]|197|2(2[3-9]|[3-9]\d)|[3-9]\d\d|\d{4,})(\.\d{1,3}){3}|\d{1,3}\.(2(5[6-9]|[6-9]\d)|[3-9]\d\d|\d{4,})(\.\d{1,3}){2}|(\d{1,3}\.){2}(2(5[6-9]|[6-9]\d)|[3-9]\d\d|\d{4,})(\.\d{1,3})|(\d{1,3}\.){3}(2(5[6-9]|[6-9]\d)|[3-9]\d\d|\d{4,}))[^\w\.-]/
  2468. # header FORGED_RCVD_IP Received =~ /[^\w\.](([01257]|2[37]|3[1679]|42|7[789]|9[6-9]|1[01]\d|120|17[3-9]|18[0-7]|197|2(2[3-9]|[3-9]\d)|[3-9]\d\d)(\.\d{1,3}){3}|\d{1,3}\.(2(5[6-9]|[6-9]\d)|[3-9]\d\d)(\.\d{1,3}){2}|(\d{1,3}\.){2}(2(5[6-9]|[6-9]\d)|[3-9]\d\d)(\.\d{1,3})|(\d{1,3}\.){3}(2(5[6-9]|[6-9]\d)|[3-9]\d\d))[^\w\.-]/
  2469. # header FORGED_RCVD_IP Received =~ /[^\w\.](([01257]|2[37]|3[1679]|42|7[789]|9[6-9]|1[01]\d|120|17[3-9]|18[0-7]|197|2(2[3-9]|[3-9]\d)|[3-9]\d\d|\d{4,})(\.\d{1,3}){3}|\d{1,3}\.(2(5[6-9]|[6-9]\d)|[3-9]\d\d|\d{4,})(\.\d{1,3}){2}|(\d{1,3}\.){2}(2(5[6-9]|[6-9]\d)|[3-9]\d\d|\d{4,})(\.\d{1,3})|(\d{1,3}\.){3}(2(5[6-9]|[6-9]\d)|[3-9]\d\d|\d{4,}))[^\w\.-].+with/
  2470. # header FORGED_RCVD_IP Received =~ /[^\w\.](([01257]|2[37]|3[1679]|42|7[89]|9[6-9]|1[01][0-5]|120|17[3-9]|18[0-7]|197|2(2[3-9]|[3-9]\d)|[3-9]\d\d|\d{4,})(\.\d{1,3}){3}|\d{1,3}\.(2(5[6-9]|[6-9]\d)|[3-9]\d\d|\d{4,})(\.\d{1,3}){2}|(\d{1,3}\.){2}(2(5[6-9]|[6-9]\d)|[3-9]\d\d|\d{4,})(\.\d{1,3})|(\d{1,3}\.){3}(2(5[6-9]|[6-9]\d)|[3-9]\d\d|\d{4,}))[\)\] ].+with/
  2471. # header FORGED_RCVD_IP Received =~ /[^\w\.](([01257]|2[37]|3[1679]|4[269]|50|[89]\d|10[0-7]|17[3-9]|18[156]|197|2(2[3-9]|[3-9]\d)|[3-9]\d\d|\d{4,})(\.\d{1,3}){3}|\d{1,3}\.(2(5[6-9]|[6-9]\d)|[3-9]\d\d|\d{4,})(\.\d{1,3}){2}|(\d{1,3}\.){2}(2(5[6-9]|[6-9]\d)|[3-9]\d\d|\d{4,})(\.\d{1,3})|(\d{1,3}\.){3}(2(5[6-9]|[6-9]\d)|[3-9]\d\d|\d{4,}))[\)\] ].+with/
  2472. # Tnx http://twitter.com/mzaki_jp/status/208409295283429376
  2473. # 2012.06.09 by [yoh]
  2474. header FORGED_RCVD_IP Received =~ /[^\w\.](?:(?:0|2(?:2[4-9]|[345]\d)|[3-9]\d\d|\d{4,})(?:\.\d{1,3}){3}|\d{1,3}\.(?:2(?:5[6-9]|[6-9]\d)|[3-9]\d\d|\d{4,})(?:\.\d{1,3}){2}|(?:\d{1,3}\.){2}(?:2(?:5[6-9]|[6-9]\d)|[3-9]\d\d|\d{4,})(?:\.\d{1,3})|(?:\d{1,3}\.){3}(?:2(?:5[6-9]|[6-9]\d)|[3-9]\d\d|\d{4,}))[\)\] ].+with/
  2475. describe FORGED_RCVD_IP Invalid IP number, over 255.
  2476. score FORGED_RCVD_IP 1.0
  2477.  
  2478.  
  2479. # header RCVD_NUMERIC_HELO2 X-Spam-Relays-Untrusted =~ /helo=\!([0-9]{1,3}\.){3,3}[0-9]{1,3}\! .+ ident= envfrom= intl=0 .+ auth= /
  2480. header RCVD_NUMERIC_HELO2 X-Spam-Relays-Untrusted =~ /helo=\!(\d{1,3}\.){3}\d{1,3}\! .+ ident= envfrom= intl=0 .+ auth= /
  2481. describe RCVD_NUMERIC_HELO2 Received: contains bracketted IP address string used for HELO
  2482. score RCVD_NUMERIC_HELO2 1.5
  2483.  
  2484.  
  2485. # added 2009.06.17 by [yoh]
  2486. # modified 2011.01.24 by [yoh]
  2487. # deleted 2011.03.09 by [yoh]
  2488. #
  2489. # header __X_MAILER_PRESENT exists:X-Mailer
  2490. # describe X_MAILER_PRESENT exists:X-Mailer
  2491. # score X_MAILER_PRESENT 0.1
  2492.  
  2493. header X_SHIROYAGI_VER exists:X-Shiroyagi-Version
  2494. score X_SHIROYAGI_VER 1.5
  2495.  
  2496. header X_SHIROYAGI_URL exists:X-Shiroyagi-URL
  2497. score X_SHIROYAGI_URL 1.5
  2498.  
  2499. meta DYN_SHIROYAGI ___DYNAMICIP && (X_SHIROYAGI_VER || X_SHIROYAGI_URL)
  2500. score DYN_SHIROYAGI 3.5
  2501.  
  2502.  
  2503.  
  2504. # thrown away 2005.09.14 by [yoh]
  2505. #
  2506. # meta SUNFINANCE_2 ISO2022JP_CHARSET && OBFUS_JP_TO && !(__HAS_X_MAILER)
  2507. # describe SUNFINANCE_2 ISO2022JP_CHARSET && OBFUS_JP_TO && !(__HAS_X_MAILER)
  2508. # score SUNFINANCE_2 2.4
  2509.  
  2510. header THREAD_INDEX exists:thread-index
  2511. describe THREAD_INDEX thread-index: AcO7Y8iR61tzADqsRmmc5wNiFHEOig==
  2512. score THREAD_INDEX 0.3
  2513.  
  2514. # header THREAD_TOPIC exists: Thread-Topic
  2515. # describe THREAD_TOPIC Thread-Topic: ...(Japanese Subject)...
  2516. # score THREAD_TOPIC 0.3
  2517.  
  2518. meta SJISNOTXMAILER (SHIFT_JIS1 || SJIS_BODY) && ! __HAS_X_MAILER
  2519. describe SJISNOTXMAILER (SHIFT_JIS1 || SJIS_BODY) && ! __HAS_X_MAILER
  2520. score SJISNOTXMAILER 2.0
  2521.  
  2522. meta DYN_SJISNOTXM ___DYNAMICIP && SJISNOTXMAILER
  2523. score DYN_SJISNOTXM 5.0
  2524.  
  2525. meta INVALIDDYN_SJIS DYN_SJISNOTXM && SPF_PASS
  2526. score INVALIDDYN_SJIS 10.0
  2527.  
  2528.  
  2529. # I found that "uri" testing fails to match uri strings preceding Japanese character.
  2530. # 2004.06.19 [yoh]
  2531. rawbody JPPORNURI /http:\/\/[a-z0-9.]*(5611[1-8]\.jp|117net\.net|lovemedo\.jp|miss\-you\.jp|w\-ink\.net|celebc\.com|18kin\.jp|e-dm\.org|4610\.com|koi51\.net|chachat\.net|dekichat\.com|pacificgirls\.com|altero\.tv|1919mmo\.com|008s\.be|warikiri\.to|web-wave\.com|77qq\.net|deai-tt\.com|hitkart\.com|qqq-aaa\.com|amg\.to|net-land\.info|yoitokoro\.com|okokoknet\.net|yoitokoro\.com|av-live\.com|b-tiku\.com|secretoflove\.net|39515[12]\.com|elitecities\.com|free-mode\.net|pure-sweethome\.bz|191919\.cc|garlicbutter\.net|sukeper\.net|551155\.jp|withlove\.the-ninja\.jp|na7\.dynu\.ca)\/{0,1}/
  2532. describe JPPORNURI Japanese porn site
  2533. score JPPORNURI 4.0
  2534.  
  2535. header JPPORNSCAMFROM From =~ /\@(5611[1-8]\.jp|117net\.net|lovemedo\.jp|e-dm\.org|55dvd\.net|koi51\.net|love2deai\.com|lily-adolescence\.|d-mail\.biz|1919japan\.com|395152\.com|vig-seet\.to|1919\.st|adadjp\.com|famail\.jp|venusnetwoerk\.cx|spacelan\.ne\.jp)/
  2536. describe JPPORNSCAMFROM Japanese porn and scam domain
  2537. score JPPORNSCAMFROM 7.0
  2538.  
  2539. # I found that "uri" testing fails to match uri strings preceding Japanese character.
  2540. # 2004.06.19 [yoh]
  2541. # 2004.11.05 [yoh]
  2542. # baken\.tv|hot\.hot\.com|denen-soho\.com|117mail\.net|
  2543. # combzmail\.jp|
  2544. # |[a-z0-9]+
  2545.  
  2546. rawbody JPSCAMURI /https{0,1}:\/\/[a-z0-9-.]*(europe\.webmatrixhosting\.net|gogoway\.orgdns\.org|spread\.or\.tv|maga\.readymade\.jp|value\.webcordial\.com|pika\.tv|19191969\.com|093ana\.com|cam-cam\.net|candypop\.tv|deaiking\.com|milkymail\.net|purelove888\.com|secretoflove\.net|l1l9\.com|otegaruhp\.com\/cobra\/html\/hirokopr|online-jp\.net|outside-lover\.com|blue-ocean2004\.com|naturalget\.com|scoop-on\.(com|jp)|1092\.cn|1092\.gs|19190930\.com|i1i9\.net|l1l9\.com|yoso-zu\.com|rose-kiss\.com|members\.fortunecity\.com|up7\.cc|eyc\.jp|zl8\.jp|61\.96\.62\.167|pure1151\.com|bblive\.tv|ai-angel\.net|soku-aeru\.net|nightpita\.com|dejavu\.to|tada\.ph|peachat\.net|1919japan\.com|to-roku\.com|ceaw\.jp|59862777\.com|orange-rocket\.com|prin\.to|lolo\.ojiji\.net|ana093\.cc|eroero999\.com|love4deai\.com|kicks-ass\.net|is-a-geek\.org|lovemint\.net|e-hot-news\.jp|getget\.oops\.jp|upper\.jp|xx-mail\.jp|px\.a8\.net|pc\.lovefree\.tv|pure1107\.net|ljart\.net|(0-9a-z)+\.ifdef\.jp|(free24mail|365hdate)\.fc2\.com|odaiba-bbs\.jp|ai51\.e-city\.tv|bokumetu\.com|kissmi\.jp|party-jamjam\.org|hosting-geomax\.jp|sf-spot\.com|big-888\.com|o-oku-channel\.com|soresoreweb\.com|geocities\.jp\/(sayacchimail|poophy15)|websamba\.com|members\.lycos\.co\.uk\/cadlove|[a-z0-9-]+\.(tripod\.com|host\.sk)(\/top|\/main){0,1}|xid-love\.netfirms\.com|club-classico\.com|e-ezweb\.jp|rakuen-dx\.com|lover-kiss\.com|cross\.ne\.jp|j-sine\.com|swht\.jp|doxlive\.com|perfectharmony-ms\.org|1251\.us|servecounterstrike\.com|[a-z_-]*deai[a-z_-]*\.[a-z0-9-]+\.(jp|com|net|tv|sk|cn)|61\.197\.117\.99|redmax\.jp|morachao\.com|1251\.cc|formzu\.net|members\.ocry\.com|cbat\.page\.ne\.jp|889860\.com|89balls\.com|filltheblank\.com|members2\.jcom\.home\.ne\.jp\/3385927201|aru-aru\.jpn\.org|otz5678\.hn\.org|tinyurl\.com|choco2\.jp|buisinespp\.dyndns\.dk|abcwill\.dyn\.dhs\.org|yudoweb1\.freewebsitehosting\.com|umimono.no.sapo.pt|656566\.com|sss-japan\.co\.jp|home\.doramail\.com|www40\.brinkster\.com|shameme\.host\.sk|autocall\.jp|dm-mail\.net|www18\.ocn\.ne\.jp\/\~kio-pack|mo-v\.jp|www\.tactnet\.co\.jp|hiromirror-desighner\.net|fff\.lir\.dk|s-s\.kyed\.com|brandwholesaler\.com|nihon-cash\.com|dogyman\.com|yellowsanta\.jp|bottom-up1\.com|hime\.ontheweb\.nu|free-xx\.com|address-bank\.homeip\.net|agk-777\.jp|shotgunmarriage\.net|(minami|farewell|alstroemeria)\.dynu\.ca|kyousai\.squares\.net|gigamerimp\.net|boorats19\.info|sunnyday\.jp|life-line\.mods\.jp|lucavenus\.jp|e-shops\.jp|fox99\.staticcling\.org|e-net\.velvet\.jp|access\.main\.jp|webclick\.chu\.jp|www\.infotop\.jp|www\.mailbank\.biz|ladymaid\.net|new-homebiz\.com|777navi\.cc|riajet\.com|af-sv\.com|yy-life\.com|1151bbs\.jp|gambletips\.net|oogachi-t\.com|keiba-de-myhome-get\.seesaa\.net|pachipuro-m\.com|sugowaza\.jp|free-book\.jp|ippatu\.com|.\$B%a%k%:.\(B\.jp|data-jobbank\.from\.tv|deairooms\.com|1-coin\.jp|combzmail\.jp|insiderscoachingclub\.com|genkiclub\.net|viviani\.jp|sakakibara\.zz\.tc|miss-me\.findyou2\.net|at-soho\.rdy\.jp|pavbq\.com|kagurazaka\.biz|sc37\.vczln\.com|snsns\.my-sv\.net|e-bukken\.co\.jp|ji06\.gtwd\.biz|ktaisearch\.com|shop\.shenlihang\.info|baojpp\.com|sakuradvd\.com|oshirase-jp\.com|genkiclub1470\.com|shoppingjp\.net|rdnw\.net|i-ktai\.com|rkg\.(?:jp|cc)|megami\.hiho\.jp|infodirect\.bz|aboy\.jp|sakuses2012\.web\.fc2\.com|123direct\.info|freesianet\.co\.jp|sisoras\.info|fx-worldalliance\.com|w-net\.cc|yutori-bank\.com|jpn\.org|f\.msgs\.jp|serendipshop\.com|shop-pro\.jp|oison\.xsrv\.jp|crecomcre\.com|1lejend\.com|paz\.jp|kei\.net|reizeike\.com|megami\.hiho\.jp|auc-life\.org|icon-corp\.sub\.jp|helphealjapan\.com|sanwango\.com|serendip-corp\.com|mag-r\.net|incomes\.jp|e-mailcm\.com|air-studio1956\.jp|av-hdvd\.com|jimdo\.com|att7\.jp|uamapuro\.com|kurokage-keiba\.com|5pjsri1w\.net|0707ameblo\.jp|mega-koukoku\.com|nitoujiku\.info|brandsite986\.com|raku\.in|redirect\.goodfreereport\.com|www\.ert61889vu\.net|hm-f\.jp|fict-scho\.com|ams-sir\.com|navit-j\.com|navit-tokubai\.jp|(?:ca|card)\.[a-z0-9]{19,21}\.asia|123direct\.jp|voyage-ex\.jp|emfrm\.com|fg8bc93g888ma\.click|[a-z]{5,6}\.space|infomarket\.link|top-ex\.jp|extent-ex\.jp|pers110\.jp|pers\.exblog\.jp|design110\.blog58\.fc2\.com|www\.atelier-k-plus\.com|specific-ex\.jp|blanc\.to|blanc01\.(?:net|site)|infosite\.site|dfsfeqwrfasfa\.monster|akbaut\.xyz)\/{0,1}/
  2547. describe JPSCAMURI Japanese scam site
  2548. score JPSCAMURI 3.5
  2549.  
  2550. meta JPSCAMURI99 JPSCAMURI && BAYES_99
  2551. describe JPSCAMURI99 JPSCAMURI && BAYES_99
  2552. score JPSCAMURI99 5.0
  2553.  
  2554. meta SJISJPSCAMURI SJIS_C && JPSCAMURI
  2555. describe SJISJPSCAMURI SJIS_C && JPSCAMURI
  2556. score SJISJPSCAMURI 10
  2557.  
  2558. # 2019.09.10 by [yoh]
  2559. meta JPSCAMURITELXM JPSCAMURI && JPSCAMTEL && X_MAILER
  2560. score JPSCAMURITELXM 5.0
  2561.  
  2562. meta RAZORJPSURI RAZOR2_CF_RANGE_51_100 && JPSCAMURI
  2563. score RAZORJPSURI 3.0
  2564.  
  2565. meta RAZORJPSTEL RAZOR2_CF_RANGE_51_100 && JPSCAMTEL
  2566. score RAZORJPSTEL 3.0
  2567.  
  2568. meta RAZORXM RAZOR2_CF_RANGE_51_100 && X_MAILER
  2569. score RAZORXM 3.0
  2570.  
  2571.  
  2572.  
  2573.  
  2574. # rawbody URLTRANSFER /(http:\/\/tinyurl\.com\/{0,1}|http:\/\/www\.google\.([a-z].|com|co\.[a-z].)\/pagead\/iclk\?sa=l\&ai=[A-Za-z]+\&num=\d+\&adurl=http:\/\/)/
  2575. rawbody URLTRANSFER /http:\/\/(?:(?:tinyurl\.com|yourl\.be|cd\.vg|tiny\.cc)\/{0,1}|www\.google\.(?:[a-z]{2}|com|co\.[a-z]{2})\/pagead\/iclk\?sa=l\&ai=[A-Za-z]+\&num=\d+\&adurl=http:\/\/|utun\.jp|bit\.ly)/
  2576. score URLTRANSFER 0.1
  2577.  
  2578. meta DYN_URLTRANS ___DYNAMICIP && URLTRANSFER
  2579. score DYN_URLTRANS 3.5
  2580.  
  2581. meta URLT_CBL URLTRANSFER && RCVD_IN_CBL
  2582. score URLT_CBL 3.5
  2583. meta URLT_SPAMCOP URLTRANSFER && RCVD_IN_BL_SPAMCOP_NET
  2584. score URLT_SPAMCOP 3.5
  2585. meta URLT_DSBL URLTRANSFER && RCVD_IN_DSBL
  2586. score URLT_DSBL 3.5
  2587. # meta URLT_DUL URLTRANSFER && RCVD_IN_SORBS_DUL
  2588. # score URLT_DUL 3.5
  2589.  
  2590. meta URLT_PBL URLTRANSFER && RCVD_IN_PBL
  2591. score URLT_PBL 3.5
  2592. meta URLT_DCN URLTRANSFER && ___DCN
  2593. score URLT_DCN 3.5
  2594.  
  2595.  
  2596. # Umm, I've not seen recent spams including telephone numbers.
  2597. # 2005.04.21 by [yoh]
  2598.  
  2599. body JPSCAMTEL /(?:0774-52-5633|090-8159-3461|0774-56-6428|0120-40-8689|090-8437-9455|090-8174-2533|0774-55-7505|03-3404-7373|\#0\#8\#0\!\]\#5\#4\#4\#3\!\]\#4\#0\#7\#6|0774-55-1479|0774-52-5634|090-9947-4750|090-8502-8857|090-5518-3019|080-3768-3495|090-6010-0125|090-8431-1023|03-5981-0843|09081601952|090-1568-7184|06-6263-2169|0774-52-5639|0774-55-6737|03-5979-6201|0774-55-6726|03-3392-2301|03-3392-2308|06-6556-601[67]|03-5232-6030|052-961-1470|052-961-1448|03-3299-1260|03-3299-6790|0.{0,8}5.{0,8}0.{0,8}6.{0,8}8.{0,8}6.{0,8}1.{0,8}(?:1.{0,8}5.{0,8}1.{0,8}1|1.{0,8}3.{0,8}0.{0,8}0|1.{0,8}3.{0,8}6.{0,8}4)|090-9932-1488|050-3736-035[56]|03-5321-7346|0.{0,5}5.{0,5}0.{0,5}3.{0,5}7.{0,5}3.{0,5}6.{0,5}8.{0,5}0.{0,5}6.{0,5}2.{0,5}|044-281-4654|0120-828-823|03-5829-981[12]|03-5215-570[12]|06-4799-9(?:201|011)|0982-21-(?:3000|5889)|0120-781-437)/
  2600. describe JPSCAMTEL Japanese scam telephone number
  2601. score JPSCAMTEL 4.0
  2602.  
  2603. # body JPSCAMMAILADDRESS /(play\-M\-[0-9]{5}\@[a-z-]+\.net)/
  2604. # body JPSCAMMAILADDRESS /(play|reg)\-M\-[a-z0-9]+\@[a-z-]+\.(net|com|jp)/
  2605. body JPSCAMMAILADDRESS /\@(?:w-technology\.net|icon-corp\.info|helphealjapan\.com|clickclick\.biz\.nf|sanwango\.com|genkimaster\.jp|genkiclub1470\.com|e-mailcm\.com|rainbow\.am|i-lands\.net|kei\.net|ams-sir\.com)/
  2606. describe JPSCAMMAILADDRESS Japanese scam mail address
  2607. score JPSCAMMAILADDRESS 3.0
  2608.  
  2609. # uri SCAMPHARM /http:\/\/[a-z0-9.]*(anadromous3344pi11s\.us|aplace2getmyrx\.com|direct-meds4less\.com|e-prescriptions\.us|ettllrx\.us|findrxfast\.com|good4umeds\.com|hasslefreerx\.com|inspiredbyachievement\.com|morning-meds\.com|okscriptsworld\.com|pharm-martworld\.com|reliableherbalproducts\.com|rxtrx\.us|seenonlyonce\.com|simpleandgreat\.com|smileyproductmall\.com|startoverproducts\.com|stream8759dryg\.us|the-medmart\.com|the-medmartworld\.com|traditionalrx\.com|where2go4rx\.com|worldofrx\.com|thepillsnational\.com)/
  2610.  
  2611. # thrown away 2005.09.14 by [yoh]
  2612. #
  2613. # meta INVYAHJPFALSE ALL_TRUSTED && INVALIDYAHOOJP
  2614. # describe INVYAHJPFALSE ALL_TRUSTED && INVALIDYAHOOJP
  2615. # score INVYAHJPFALSE 3.3
  2616. #
  2617. # meta PLAYINVYAHOOJP JPSCAMMAILADDRESS && INVALIDYAHOOJP
  2618. # describe PLAYINVYAHOOJP JPSCAMMAILADDRESS && INVALIDYAHOOJP
  2619. # score PLAYINVYAHOOJP 7.0
  2620. #
  2621. # rawbody SWEN_A_BOUNCED /<BR><BR><BR>Undelivered mail to <B>[a-z]{6,}\@(america|aol|bigfoot|freemail|microsoft|netmail|puremail|rocketmail|yahoo)\.(com|net)<\/B>/
  2622. # describe SWEN_A_BOUNCED Faked "bounced error" message generated by I-Worm/Swen.A
  2623. # score SWEN_A_BOUNCED 10.0
  2624.  
  2625. # (FORGED_OUTLOOK_TAGS || FORGED_HOTMAIL_RCVD || FORGED_YAHOO_RCVD || FORGED_OUTLOOK_TAGS || FORGED_HOTMAIL_RCVD2 || FORGED_JUNO_RCVD || FORGED_MUA_OIMO || FORGED_HOTMAIL_RCVD2 || FORGED_MUA_OUTLOOK || FORGED_MX_HOTMAIL || FORGED_MUA_OUTLOOK)
  2626.  
  2627. meta FORGED99 BAYES_99 && ___FORGED
  2628. describe FORGED99 FORGED_* && BAYES_99
  2629. score FORGED99 2.0
  2630.  
  2631.  
  2632. # meta MTAIDRBLJP MSGID_FROM_MTA_ID && URLBL_RBLJP
  2633. # describe MTAIDRBLJP MSGID_FROM_MTA_ID && URLBL_RBLJP
  2634. # score MTAIDRBLJP 10.0
  2635.  
  2636. # meta UNDISCMTAID UNDISC_RECIPS && MSGID_FROM_MTA_ID
  2637. # describe UNDISCMTAID UNDISC_RECIPS && MSGID_FROM_MTA_ID
  2638. # score UNDISCMTAID 10.0
  2639.  
  2640. #
  2641. # 2008.06.29 by [yoh]
  2642. #
  2643. # 2019.04.29 by [yoh]
  2644. # meta BOUNCESPAM (__BOUNCE_RPATH_NULL || __BOUNCE_FROM_DAEMON || __BOUNCE_CTYPE ||__BOUNCE_RPATH_MD) && (URIBL_BLACK || URIBL_AB_SURBL || URIBL_SC_SURBL || URIBL_JP_SURBL || URIBL_OB_SURBL || URIBL_SBL || URIBL_RHS_DOB || URIBL_PH_SURBL || URIBL_WS_SURBL )
  2645. meta BOUNCESPAM (__BOUNCE_RPATH_NULL || __BOUNCE_FROM_DAEMON || __BOUNCE_CTYPE ||__BOUNCE_RPATH_MD) && (URIBL_BLACK || URIBL_SBL || URIBL_RHS_DOB || URIBL_PH_SURBL || URIBL_WS_SURBL )
  2646. score BOUNCESPAM 7.5
  2647.  
  2648. #
  2649. # - Razor and Pyzor score
  2650. #
  2651.  
  2652. # Razor2 sometimes fails to recognize ham as spam.
  2653. # So I can't add score.
  2654. # In 3.1.0, you have to enable plugin "Mail::SpamAssassin::Plugin::Razor2"
  2655. # in /etc/spamassassin/v310.pre .
  2656. # http://marc.theaimsgroup.com/?l=spamassassin-announce&m=112674318914008&w=2
  2657. # 2005.09.26 by [yoh]
  2658. #
  2659.  
  2660. score RAZOR2_CF_RANGE_51_100 2.5
  2661. score RAZOR2_CHECK 1.0
  2662.  
  2663. meta RAZORPYZOR RAZOR2_CF_RANGE_51_100 && PYZOR_CHECK && BAYES_99
  2664. describe RAZORPYZOR RAZOR2_CF_RANGE_51_100 && PYZOR_CHECK && BAYES_99
  2665. score RAZORPYZOR 10.0
  2666.  
  2667.  
  2668. # Bayes engine needs frequently maintenance and balanced corpus.
  2669. # So I decided setting low score.
  2670. # 2010.04.14 by [yoh]
  2671. meta RAZOR99 RAZOR2_CF_RANGE_51_100 && BAYES_99
  2672. describe RAZOR99 RAZOR2_CF_RANGE_51_100 && BAYES_99
  2673. score RAZOR99 1.5
  2674.  
  2675. # 2009.09.29 by [yoh]
  2676. # modified 2010.12.16 by [yoh]
  2677. # modified 2015.08.26 by [yoh]
  2678. meta DYN_RAZOR RAZOR2_CHECK && ___DYNAMICIP
  2679. score DYN_RAZOR 10
  2680. meta DYN_RAZOR51 RAZOR2_CF_RANGE_51_100 && ___DYNAMICIP
  2681. score DYN_RAZOR51 10
  2682.  
  2683. # 2019.04.29 by [yoh]
  2684. # meta DYN_RAZORE8 RAZOR2_CF_RANGE_E8_51_100 && ___DYNAMICIP
  2685. # score DYN_RAZORE8 10
  2686.  
  2687.  
  2688. # Pyzor sometimes fails to recognize ham as spam.
  2689. # So I decided setting low score.
  2690. # 2007.07.08 by [yoh]
  2691.  
  2692. score PYZOR_CHECK 1.5
  2693.  
  2694.  
  2695. # Bayes engine needs frequently maintenance and balanced corpus.
  2696. # So I decided setting low score.
  2697. # 2010.04.14 by [yoh]
  2698. meta PYZOR99 PYZOR_CHECK && BAYES_99
  2699. describe PYZOR99 PYZOR_CHECK && BAYES_99
  2700. score PYZOR99 1.5
  2701.  
  2702. # 2009.09.29 by [yoh]
  2703. meta DYN_PYZOR PYZOR_CHECK && ___DYNAMICIP
  2704. score DYN_PYZOR 3.5
  2705.  
  2706.  
  2707. # DCC sometimes fails to recognize ham as spam.
  2708. # So I decided setting low score.
  2709. # 2009.03.22 by [yoh]
  2710.  
  2711. score DCC_CHECK 1.2
  2712.  
  2713. # 2009.09.29 by [yoh]
  2714. meta DYN_DCC DCC_CHECK && ___DYNAMICIP
  2715. score DYN_DCC 3.5
  2716.  
  2717.  
  2718. # 2019.04.29 by [yoh]
  2719. # meta ___DCN RAZOR2_CF_RANGE_E8_51_100 || RAZOR2_CHECK || RAZOR2_CF_RANGE_51_100 || PYZOR_CHECK || DCC_CHECK
  2720. meta ___DCN RAZOR2_CHECK || RAZOR2_CF_RANGE_51_100 || PYZOR_CHECK || DCC_CHECK
  2721.  
  2722. # meta ___FORGED (FORGED_RCVD_HELO || FORGED_OUTLOOK_TAGS || FORGED_HOTMAIL_RCVD || FORGED_YAHOO_RCVD || FORGED_OUTLOOK_TAGS || FORGED_HOTMAIL_RCVD2 || FORGED_JUNO_RCVD || FORGED_MUA_OIMO || FORGED_HOTMAIL_RCVD2 || FORGED_MUA_OUTLOOK || FORGED_MUA_OUTLOOK)
  2723. # meta ___FORGED FORGED_HOTMAIL_RCVD || FORGED_HOTMAIL_RCVD2 || FORGED_JUNO_RCVD || FORGED_MUA_OIMO || FORGED_MUA_OUTLOOK || FORGED_RCVD_HELO || FORGED_YAHOO_RCVD
  2724. meta ___FORGED FORGED_HOTMAIL_RCVD2 || FORGED_MUA_OIMO || FORGED_MUA_OUTLOOK || FORGED_YAHOO_RCVD
  2725.  
  2726. meta FORGED_DCN ___DCN && ___FORGED
  2727. describe FORGED_DCN Distributed Collaborative Network and FORGED_xxx
  2728. score FORGED_DCN 5.5
  2729.  
  2730. meta SPF_DCN (SPF_HELO_SOFTFAIL || SPF_FAIL) && ___DCN
  2731. score SPF_DCN 5.5
  2732.  
  2733. #
  2734. # deleted 2010.09.26 by [yoh]
  2735. #
  2736. # meta THEBAT_DCN REPTO_OVERQUOTE_THEBAT && ___DCN
  2737. # score THEBAT_DCN 5.5
  2738.  
  2739.  
  2740. # 2019.04.29 by [yoh]
  2741. # meta ___TVD TVD_FW_GRAPHIC_ID1 || TVD_FW_GRAPHIC_ID2 || TVD_FW_GRAPHIC_ID3 || TVD_FW_GRAPHIC_NAME_LONG || TVD_PDF_FINGER01
  2742. # meta ___TVD TVD_FW_GRAPHIC_NAME_LONG || TVD_PDF_FINGER01
  2743.  
  2744. # meta TVDFWGR_DCN ___TVD && ___DCN
  2745. meta TVDFWGR_DCN TVD_FW_GRAPHIC_NAME_LONG && ___DCN
  2746. score TVDFWGR_DCN 3.5
  2747.  
  2748. #
  2749. # deleted 2010.09.26 by [yoh]
  2750. #
  2751. # meta THEBAT_TVDFWGR REPTO_OVERQUOTE_THEBAT && ___TVD
  2752. # score THEBAT_TVDFWGR 3.5
  2753.  
  2754. # meta MTAID_THEBAT MSGID_FROM_MTA_ID && REPTO_OVERQUOTE_THEBAT
  2755. # score MTAID_THEBAT 3.5
  2756.  
  2757. # meta MTAID_TVDFWGR MSGID_FROM_MTA_ID && ___TVD
  2758. # score MTAID_TVDFWGR 3.5
  2759.  
  2760. #
  2761. # deleted 2010.09.26 by [yoh]
  2762. #
  2763. # meta RCVDIP_DCN RCVD_HELO_IP_MISMATCH && ___DCN
  2764. # score RCVDIP_DCN 5.5
  2765.  
  2766.  
  2767.  
  2768. # These DNSBLs policy is idealism.
  2769. # We have to escape some legal sites against marking from the DNSBLs.
  2770. # DNS_FROM_RFC_WHOIS
  2771. # DNS_FROM_RFC_POST
  2772. # DNS_FROM_RFC_ABUSE
  2773.  
  2774. # score DNS_FROM_RFC_POST 0.1
  2775. # score DNS_FROM_RFC_ABUSE 0.1
  2776.  
  2777. #
  2778. # Special thanks to: 'Koaihito' Yu-ma shishou and Nasa-n: 2005/09/21 by [yoh]
  2779. #
  2780.  
  2781. header VALIDDOCOMO X-Spam-Relays-Untrusted =~ /^\[ ip=203\.138\.203\.\d{1,3} /
  2782. describe VALIDDOCOMO valid docomo.ne.jp's IP
  2783. score VALIDDOCOMO -3.5
  2784.  
  2785. # meta DNSFRMRFC_WHITE DNS_FROM_RFC_POST && VALIDDOCOMO
  2786. # describe DNSFRMRFC_WHITE for avoiding valid site from DNS_FROM_RFC_POST
  2787. # score DNSFRMRFC_WHITE -3.5
  2788.  
  2789. #
  2790. # Special thanks to: Yajisan and Kamosame: 2005/09/29 by [yoh]
  2791. #
  2792.  
  2793. header VALIDWILLCOM Received =~ /from .*pdxio[0-9]+\.pdx\.ne\.jp.+by /
  2794. describe VALIDWILLCOM valid WILLCOM IP
  2795. score VALIDWILLCOM -3.5
  2796.  
  2797.  
  2798.  
  2799. # -- DNSBL checking --
  2800. # Before you use DNSBL checking, you have to install
  2801. # "Net::DNS - Perl DNS Resolver Module"
  2802. # ex. apt-get install libnet-dns-perl (Debian)
  2803. # 2004.04.23 by [yoh]
  2804.  
  2805. #
  2806. # I found some DNSBLs have wrong IP/URI listings.
  2807. # To avoid wrong judgement, making meta rules with BAYES_99 may be a good
  2808. # solution, I believe.
  2809. # 2005.02.05 by [yoh]
  2810. #
  2811.  
  2812.  
  2813. skip_rbl_checks 0
  2814. rbl_timeout 15
  2815.  
  2816.  
  2817. # http://improbable.org/chris/index.php?ID=109
  2818.  
  2819. header RCVD_IN_RFC_PM eval:check_rbl('relay', 'postmaster.rfc-ignorant.org.')
  2820. describe RCVD_IN_RFC_PM Received via a relay in postmaster.rfc-ignorant.org
  2821. score RCVD_IN_RFC_PM 0.1
  2822.  
  2823. header X_CHINESE_RELAY eval:check_rbl('relay', 'cn.rbl.cluecentral.net.')
  2824. describe X_CHINESE_RELAY Received via a relay in China
  2825. score X_CHINESE_RELAY 0.1
  2826.  
  2827. header X_KOREAN_RELAY eval:check_rbl('relay', 'korea.services.net.')
  2828. describe X_KOREAN_RELAY Received via a relay in Korea
  2829. score X_KOREAN_RELAY 0.1
  2830.  
  2831. meta XKOREAN99 X_KOREAN_RELAY && BAYES_99
  2832. describe XKOREAN99 X_KOREAN_RELAY && BAYES_99
  2833. score XKOREAN99 3.0
  2834.  
  2835. meta XKOREANJP X_KOREAN_RELAY && (ISO2022JP_BODY || SJIS_BODY)
  2836. describe XKOREANJP X_KOREAN_RELAY && (ISO2022JP_BODY || SJIS_BODY)
  2837. score XKOREANJP 2.0
  2838.  
  2839. # block.blars.org is not reliable. see http://check.jippg.org/rblchk.cgi
  2840. #
  2841. # header RCVD_IN_BLARS eval:check_rbl('blars', 'block.blars.org.')
  2842. # describe RCVD_IN_BLARS BLARS: in Blacklist / Blocklist block.blars.org
  2843. # score RCVD_IN_BLARS 0.1
  2844. # tflags RCVD_IN_BLARS net
  2845. #
  2846. # header RCVD_IN_BLARS_SPAM eval:check_rbl_sub('blars', '1')
  2847. # describe RCVD_IN_BLARS_SPAM BLARS: Spam sending domain in Blacklist / Blocklist block.blars.org
  2848. # score RCVD_IN_BLARS_SPAM 0.5
  2849. # tflags RCVD_IN_BLARS_SPAM net
  2850. #
  2851. # header RCVD_IN_BLARS_MULTI eval:check_rbl_sub('blars', '2')
  2852. # describe RCVD_IN_BLARS_MULTI BLARS: Multi-hop relay in Blacklist / Blocklist block.blars.org
  2853. # score RCVD_IN_BLARS_MULTI 0.1
  2854. # tflags RCVD_IN_BLARS_MULTI net
  2855. #
  2856. # header RCVD_IN_BLARS_DIALUP eval:check_rbl_sub('blars-notfirsthop', '4')
  2857. # describe RCVD_IN_BLARS_DIALUP BLARS: Dynamic / Dialups in Blacklist / Blocklist block.blars.org
  2858. # score RCVD_IN_BLARS_DIALUP 0.1
  2859. # tflags RCVD_IN_BLARS_DIALUP net
  2860. #
  2861. # header RCVD_IN_BLARS_HOOPS eval:check_rbl_sub('blars', '8')
  2862. # describe RCVD_IN_BLARS_HOOPS BLARS: Wants spam complainers to jump through hoops in Blacklist / Blocklist block.blars.org
  2863. # score RCVD_IN_BLARS_HOOPS 0.1
  2864. # tflags RCVD_IN_BLARS_HOOPS net
  2865. #
  2866. # header RCVD_IN_BLARS_ABUSE eval:check_rbl_sub('blars', '16')
  2867. # describe RCVD_IN_BLARS_ABUSE BLARS: No working abuse address in Blacklist / Blocklist block.blars.org
  2868. # score RCVD_IN_BLARS_ABUSE 0.1
  2869. # tflags RCVD_IN_BLARS_ABUSE net
  2870. #
  2871. # header RCVD_IN_BLARS_SPAM_WEB eval:check_rbl_sub('blars', '32')
  2872. # describe RCVD_IN_BLARS_SPAM_WEB BLARS: Hosts spamers web sites in Blacklist / Blocklist block.blars.org
  2873. # score RCVD_IN_BLARS_SPAM_WEB 0.01
  2874. # tflags RCVD_IN_BLARS_SPAM_WEB net
  2875. #
  2876. # header RCVD_IN_BLARS_SPAMDROP eval:check_rbl_sub('blars', '64')
  2877. # describe RCVD_IN_BLARS_SPAMDROP BLARS: Hosts spammers email dropboxes in Blacklist / Blocklist block.blars.org
  2878. # score RCVD_IN_BLARS_SPAMDROP 0.01
  2879. # tflags RCVD_IN_BLARS_SPAMDROP net
  2880. #
  2881. # header RCVD_IN_BLARS_HACK eval:check_rbl_sub('blars', '128')
  2882. # describe RCVD_IN_BLARS_HACK BLARS: Breakin attempts in Blacklist / Blocklist block.blars.org
  2883. # score RCVD_IN_BLARS_HACK 0.1
  2884. # tflags RCVD_IN_BLARS_HACK net
  2885. #
  2886. # header RCVD_IN_BLARS_SUE eval:check_rbl_sub('blars', '256')
  2887. # describe RCVD_IN_BLARS_SUE BLARS: Sued or prosecuted DNSBL lister in Blacklist / Blocklist block.blars.org
  2888. # score RCVD_IN_BLARS_SUE 0.1
  2889. # tflags RCVD_IN_BLARS_SUE net
  2890. #
  2891. # header RCVD_IN_BLARS_DOS eval:check_rbl_sub('blars', '512')
  2892. # describe RCVD_IN_BLARS_DOS BLARS: DOS attack in Blacklist / Blocklist block.blars.org
  2893. # score RCVD_IN_BLARS_DOS 0.01
  2894. # tflags RCVD_IN_BLARS_DOS net
  2895. #
  2896. # header RCVD_IN_BLARS_SPAMWARE eval:check_rbl_sub('blars', '1024')
  2897. # describe RCVD_IN_BLARS_SPAMWARE BLARS: Supplier of spamware in Blacklist / Blocklist block.blars.org
  2898. # score RCVD_IN_BLARS_SPAMWARE 0.1
  2899. # tflags RCVD_IN_BLARS_SPAMWARE net
  2900. #
  2901. # header RCVD_IN_BLARS_SPSPRT eval:check_rbl_sub('blars', '2048')
  2902. # describe RCVD_IN_BLARS_SPSPRT BLARS: Knowingly supports spammers in Blacklist / Blocklist block.blars.org
  2903. # score RCVD_IN_BLARS_SPSPRT 0.1
  2904. # tflags RCVD_IN_BLARS_SPSPRT net
  2905. #
  2906. # header RCVD_IN_BLARS_CARTOON eval:check_rbl_sub('blars', '4096')
  2907. # describe RCVD_IN_BLARS_CARTOON BLARS: Legal threats in Blacklist / Blocklist block.blars.org
  2908. # score RCVD_IN_BLARS_CARTOON 0.1
  2909. # tflags RCVD_IN_BLARS_CARTOON net
  2910. #
  2911. # header RCVD_IN_BLARS_HIJCKRLY eval:check_rbl_sub('blars', '8192')
  2912. # describe RCVD_IN_BLARS_HIJCKRLY BLARS: Attempted mail relay exploits in Blacklist / Blocklist block.blars.org
  2913. # score RCVD_IN_BLARS_HIJCKRLY 0.1
  2914. # tflags RCVD_IN_BLARS_HIJCKRLY net
  2915. #
  2916. # header RCVD_IN_BLARS_HIJCKCGI eval:check_rbl_sub('blars', '16384')
  2917. # describe RCVD_IN_BLARS_HIJCKCGI BLARS: Attempted formmail exploits exploits in Blacklist / Blocklist block.blars.org
  2918. # score RCVD_IN_BLARS_HIJCKCGI 0.1
  2919. # tflags RCVD_IN_BLARS_HIJCKCGI net
  2920. #
  2921. # meta BLARS00 RCVD_IN_BLARS && BAYES_00
  2922. # describe BLARS00 RCVD_IN_BLARS is very low reliability.
  2923. # score BLARS00 -5
  2924. #
  2925. # meta BLARS_SPAM00 RCVD_IN_BLARS_SPAM && BAYES_00
  2926. # describe BLARS_SPAM00 RCVD_IN_BLARS_SPAM is very low reliability.
  2927. # score BLARS_SPAM00 -5
  2928. #
  2929.  
  2930. # SpamAssassin local.cf for AHBL BlackList / BlockList
  2931. # "Old blackholes.2mbit.com resurrected as AHBL (dnsbl.ahbl.org)"
  2932. # URL: http://www.ahbl.org
  2933.  
  2934. # AHBL has been closed. http://taedoo.at.webry.info/201501/article_1.html
  2935. # 2015.4.16 by [yoh]
  2936.  
  2937. # header RCVD_IN_AHBL eval:check_rbl('AHBL', 'dnsbl.ahbl.org.')
  2938. # describe RCVD_IN_AHBL AHBL: sender is listed in BlackList / BlockList dnsbl.ahbl.org
  2939. # score RCVD_IN_AHBL 0.5
  2940. # tflags RCVD_IN_AHBL net header RCVD_IN_AHBL_UNKNOWN_1 eval:check_rbl_sub('AHBL', '127.0.0.1')
  2941. # describe RCVD_IN_AHBL_UNKNOWN_1 AHBL: Unknown Category 1 in BlackList / BlockList dnsbl.ahbl.org
  2942. # score RCVD_IN_AHBL_UNKNOWN_1 0.01
  2943. # tflags RCVD_IN_AHBL_UNKNOWN_1 net
  2944. #
  2945. # header RCVD_IN_AHBL_SMTP eval:check_rbl_sub('AHBL', '127.0.0.2')
  2946. # describe RCVD_IN_AHBL_SMTP AHBL: Open SMTP relay in BlackList / BlockList dnsbl.ahbl.org
  2947. # score RCVD_IN_AHBL_SMTP 0.5
  2948. # tflags RCVD_IN_AHBL_SMTP net
  2949.  
  2950. # header RCVD_IN_AHBL_PROXY eval:check_rbl_sub('AHBL', '127.0.0.3')
  2951. # describe RCVD_IN_AHBL_PROXY AHBL: Open Proxy server in BlackList / BlockList dnsbl.ahbl.org
  2952. # score RCVD_IN_AHBL_PROXY 0.2
  2953. # tflags RCVD_IN_AHBL_PROXY net
  2954.  
  2955. # header RCVD_IN_AHBL_SPAM eval:check_rbl_sub('AHBL', '127.0.0.4')
  2956. # describe RCVD_IN_AHBL_SPAM AHBL: Spam Source in BlackList / BlockList dnsbl.ahbl.org
  2957. # score RCVD_IN_AHBL_SPAM 0.1
  2958. # tflags RCVD_IN_AHBL_SPAM net
  2959.  
  2960. # header RCVD_IN_AHBL_RTB eval:check_rbl_sub('AHBL', '127.0.0.5')
  2961. # describe RCVD_IN_AHBL_RTB AHBL: Real-Time Blocked in BlackList / BlockList dnsbl.ahbl.org
  2962. # score RCVD_IN_AHBL_RTB 0.01
  2963. # tflags RCVD_IN_AHBL_RTB net
  2964. #
  2965. # header RCVD_IN_AHBL_FORMMAIL eval:check_rbl_sub('AHBL', '127.0.0.6')
  2966. # describe RCVD_IN_AHBL_FORMMAIL AHBL: Abuseable Form Mail in BlackList / BlockList dnsbl.ahbl.org
  2967. # score RCVD_IN_AHBL_FORMMAIL 0.5
  2968. # tflags RCVD_IN_AHBL_FORMMAIL net
  2969.  
  2970. # header RCVD_IN_AHBL_SPSUPPORT eval:check_rbl_sub('AHBL', '127.0.0.7')
  2971. # describe RCVD_IN_AHBL_SPSUPPORT AHBL: Spam Supporter in BlackList / BlockList dnsbl.ahbl.org
  2972. # score RCVD_IN_AHBL_SPSUPPORT 0.5
  2973. # tflags RCVD_IN_AHBL_SPSUPPORT net
  2974.  
  2975. # header RCVD_IN_AHBL_I_SPAM_SUPPORT eval:check_rbl_sub('AHBL', '127.0.0.8')
  2976. # describe RCVD_IN_AHBL_I_SPAM_SUPPORT AHBL: Indirect Spam supporter in BlackList / BlockList dnsbl.ahbl.org
  2977. # score RCVD_IN_AHBL_I_SPAM_SUPPORT 0.5
  2978. # tflags RCVD_IN_AHBL_I_SPAM_SUPPORT net
  2979. #
  2980. # header RCVD_IN_AHBL_ENDUSER eval:check_rbl_sub('AHBL', '127.0.0.9')
  2981. # describe RCVD_IN_AHBL_ENDUSER AHBL: End User (non mail system) in BlackList / BlockList dnsbl.ahbl.org
  2982. # score RCVD_IN_AHBL_ENDUSER 0.5
  2983. # tflags RCVD_IN_AHBL_ENDUSER net
  2984. #
  2985. # header RCVD_IN_AHBL_SOS eval:check_rbl_sub('AHBL-notfirsthop', '127.0.0.10')
  2986. # describe RCVD_IN_AHBL_SOS AHBL: Shoot On Sight in BlackList / BlockList dnsbl.ahbl.org
  2987. # score RCVD_IN_AHBL_SOS 0.5
  2988. # tflags RCVD_IN_AHBL_SOS net
  2989. #
  2990. # header RCVD_IN_AHBL_RFCI_PA eval:check_rbl_sub('AHBL', '127.0.0.11')
  2991. # describe RCVD_IN_AHBL_RFCI_PA AHBL: Missing Postmaster or Abuse Address in BlackList / BlockList dnsbl.ahbl.org
  2992. # score RCVD_IN_AHBL_RFCI_PA 0.5
  2993. # tflags RCVD_IN_AHBL_RFCI_PA net
  2994. #
  2995. # header RCVD_IN_AHBL_5XXI eval:check_rbl_sub('AHBL', '127.0.0.12')
  2996. # describe RCVD_IN_AHBL_5XXI AHBL: Does not properly handle 5xx errors in BlackList / BlockList dnsbl.ahbl.org
  2997. # score RCVD_IN_AHBL_5XXI 0.5
  2998. # tflags RCVD_IN_AHBL_5XXI net
  2999. #
  3000. # header RCVD_IN_AHBL_RFCI_MISC eval:check_rbl_sub('AHBL', '127.0.0.13')
  3001. # describe RCVD_IN_AHBL_RFCI_MISC AHBL: Other Non-RFC Compliant in BlackList / BlockList dnsbl.ahbl.org
  3002. # score RCVD_IN_AHBL_RFCI_MISC 0.5
  3003. # tflags RCVD_IN_AHBL_RFCI_MISC net
  3004. #
  3005. # header RCVD_IN_AHBL_MISC eval:check_rbl_sub('AHBL', '127.0.0.127')
  3006. # describe RCVD_IN_AHBL_MISC AHBL: Misc (other) in BlackList / BlockList dnsbl.ahbl.org
  3007. # score RCVD_IN_AHBL_MISC 0.5
  3008. # tflags RCVD_IN_AHBL_MISC net
  3009.  
  3010. # Listed in cbl.abuseat.org http://cbl.abuseat.org/
  3011. header RCVD_IN_CBL eval:check_rbl_txt('cbl', 'cbl.abuseat.org.')
  3012. describe RCVD_IN_CBL Received via a relay in cbl.abuseat.org
  3013. tflags RCVD_IN_CBL net
  3014. score RCVD_IN_CBL 0.1
  3015.  
  3016.  
  3017. # Subject: Re: 2 Questions
  3018. # From: Matt Kettler <mkettler at evi-inc.com>
  3019. # Date: Wed, 13 Jul 2005 17:25:19 -0400
  3020. # http://mail-archives.apache.org/mod_mbox/spamassassin-users/200507.mbox/%3c42D586BF.6060600@evi-inc.com%3e
  3021.  
  3022. # removed 2011.04.17 by [yoh]
  3023. # http://bui.asablo.jp/blog/2010/10/31/5459612
  3024. # http://hibari.2ch.net/test/read.cgi/unix/1124772932/394
  3025. # header RCVD_IN_CHINA_KR eval:check_rbl('countrycnkr','cn-kr.blackholes.us.')
  3026. # describe RCVD_IN_CHINA_KR Received from China or Korea
  3027. # tflags RCVD_IN_CHINA_KR net
  3028. # score RCVD_IN_CHINA_KR 0.1
  3029. # added 2011.04.17 by [yoh]
  3030. header RCVD_IN_KOREA eval:check_rbl('wariate.jp','kr.cc.wariate.jp.')
  3031. describe RCVD_IN_KOREA Received via a Korea IP address in kr.cc.wariate.jp
  3032. tflags RCVD_IN_KOREA net
  3033. score RCVD_IN_KOREA 0.1
  3034.  
  3035.  
  3036.  
  3037. # header __RCVD_IN_NERDS eval:check_rbl('nerds', 'zz.countries.nerd.dk.')
  3038. # describe __RCVD_IN_NERDS Rule to match every country
  3039. # tflags __RCVD_IN_NERDS net
  3040. # score RCVD_IN_NERDS_US 2.0
  3041. #
  3042. # header RCVD_IN_NERDS_US eval:check_rbl_sub('nerds', '127.0.3.72)
  3043. # describe RCVD_IN_NERDS_US Rule to deduct weight for US sourced messages
  3044. # tflags RCVD_IN_NERDS_US net nice
  3045. # score RCVD_IN_NERDS_US -2.0
  3046. #
  3047. # header __RCVD_IN_NERDS eval:check_rbl('nerds', 'zz.countries.nerd.dk.')
  3048. #
  3049. #
  3050. # header __RCVD_IN_NERDS eval:check_rbl('nerds','zz.countries.nerd.dk.')
  3051. # describe __RCVD_IN_NERDS Received from a spam country
  3052. # tflags __RCVD_IN_NERDS net
  3053. #
  3054. # header RCVD_IN_NERDS_AR eval:check_rbl_sub('nerds','127.0.0.32')
  3055. # describe RCVD_IN_NERDS_AR Received from Argentina
  3056. # tflags RCVD_IN_NERDS_AR net
  3057. # score RCVD_IN_NERDS_AR 2.5
  3058. #
  3059. # header RCVD_IN_NERDS_BR eval:check_rbl_sub('nerds','127.0.0.76')
  3060. # describe RCVD_IN_NERDS_BR Received from Brazil
  3061. # tflags RCVD_IN_NERDS_BR net
  3062. # score RCVD_IN_NERDS_BR 3.5
  3063. #
  3064. # header RCVD_IN_NERDS_CL eval:check_rbl_sub('nerds','127.0.0.152')
  3065. # describe RCVD_IN_NERDS_CL Received from Chile
  3066. # tflags RCVD_IN_NERDS_CL net
  3067. # score RCVD_IN_NERDS_CL 2.5
  3068. #
  3069. # header RCVD_IN_NERDS_CN eval:check_rbl_sub('nerds','127.0.0.156')
  3070. # describe RCVD_IN_NERDS_CN Received from China
  3071. # tflags RCVD_IN_NERDS_CN net
  3072. # score RCVD_IN_NERDS_CN 3.5
  3073. #
  3074. # header RCVD_IN_NERDS_HK eval:check_rbl_sub('nerds','127.0.1.88')
  3075. # describe RCVD_IN_NERDS_HK Received from Hong Kong
  3076. # tflags RCVD_IN_NERDS_HK net
  3077. # score RCVD_IN_NERDS_HK 2.0
  3078. #
  3079. # header RCVD_IN_NERDS_IN eval:check_rbl_sub('nerds','127.0.1.100')
  3080. # describe RCVD_IN_NERDS_IN Received from India
  3081. # tflags RCVD_IN_NERDS_IN net
  3082. # score RCVD_IN_NERDS_IN 2.5
  3083. #
  3084. # header RCVD_IN_NERDS_JP eval:check_rbl_sub('nerds','127.0.1.136')
  3085. # describe RCVD_IN_NERDS_JP Received from Japan
  3086. # tflags RCVD_IN_NERDS_JP net
  3087. # score RCVD_IN_NERDS_JP 2.0
  3088. #
  3089. # header RCVD_IN_NERDS_KP eval:check_rbl_sub('nerds','127.0.1.152')
  3090. # describe RCVD_IN_NERDS_KP Received from North Korea
  3091. # tflags RCVD_IN_NERDS_KP net
  3092. # score RCVD_IN_NERDS_KR 3.5
  3093. #
  3094. # header RCVD_IN_NERDS_KR eval:check_rbl_sub('nerds','127.0.1.154')
  3095. # describe RCVD_IN_NERDS_KR Received from South Korea
  3096. # tflags RCVD_IN_NERDS_KR net
  3097. # score RCVD_IN_NERDS_KR 3.5
  3098. #
  3099. # header RCVD_IN_NERDS_MY eval:check_rbl_sub('nerds','127.0.1.202')
  3100. # describe RCVD_IN_NERDS_MY Received from Malaysia
  3101. # tflags RCVD_IN_NERDS_MY net
  3102. # score RCVD_IN_NERDS_MY 2.5
  3103. #
  3104. # header RCVD_IN_NERDS_MX eval:check_rbl_sub('nerds','127.0.1.228')
  3105. # describe RCVD_IN_NERDS_MX Received from Mexico
  3106. # tflags RCVD_IN_NERDS_MX net
  3107. # score RCVD_IN_NERDS_MX 2.0
  3108. #
  3109. # header RCVD_IN_NERDS_NG eval:check_rbl_sub('nerds','127.0.2.54')
  3110. # describe RCVD_IN_NERDS_NG Received from Nigera
  3111. # tflags RCVD_IN_NERDS_NG net
  3112. # score RCVD_IN_NERDS_NG 3.5
  3113. #
  3114. # header RCVD_IN_NERDS_RU eval:check_rbl_sub('nerds','127.0.2.131')
  3115. # describe RCVD_IN_NERDS_RU Received from Russia
  3116. # tflags RCVD_IN_NERDS_RU net
  3117. # score RCVD_IN_NERDS_RU 2.5
  3118. #
  3119. # header RCVD_IN_NERDS_SG eval:check_rbl_sub('nerds','127.0.2.190')
  3120. # describe RCVD_IN_NERDS_SG Received from North Singapore
  3121. # tflags RCVD_IN_NERDS_SG net
  3122. # score RCVD_IN_NERDS_SG 2.0
  3123. #
  3124. # header RCVD_IN_NERDS_TW eval:check_rbl_sub('nerds','127.0.0.158')
  3125. # describe RCVD_IN_NERDS_TW Received from South Taiwan
  3126. # tflags RCVD_IN_NERDS_TW net
  3127. # score RCVD_IN_NERDS_TW 2.5
  3128. #
  3129. # header RCVD_IN_NERDS_TH eval:check_rbl_sub('nerds','127.0.2.252')
  3130. # describe RCVD_IN_NERDS_TH Received from Thailand
  3131. # tflags RCVD_IN_NERDS_TH net
  3132. # score RCVD_IN_NERDS_TH 2.5
  3133. #
  3134. # header RCVD_IN_NERDS_TR eval:check_rbl_sub('nerds','127.0.3.24')
  3135. # describe RCVD_IN_NERDS_TR Received from Turkey
  3136. # tflags RCVD_IN_NERDS_TR net
  3137. # score RCVD_IN_NERDS_TR 2.0
  3138.  
  3139.  
  3140. # SORBS, list.dsbl.org, dnsbl.njabl.org have ISP's DHCP IP in Japan.
  3141. # So, meta rules of bayes is needed while using this DNSBL.
  3142. # 2005.1.28 by [yoh]
  3143.  
  3144. # SORBS will be closed.
  3145. # 2009.7.1 by [yoh]
  3146.  
  3147. # score RCVD_IN_SORBS_DUL 0.5
  3148. # score RCVD_IN_SORBS_HTTP 1.0
  3149. # score RCVD_IN_SORBS_MISC 0.5
  3150. # score RCVD_IN_SORBS_SOCKS 1.0
  3151. # score RCVD_IN_SORBS_WEB 1.0
  3152.  
  3153. # meta SORBSDUL99 RCVD_IN_SORBS_DUL && BAYES_99
  3154. # describe SORBSDUL99 RCVD_IN_SORBS_DUL && BAYES_99
  3155. # score SORBSDUL99 2.0
  3156.  
  3157. # meta SORBSDUL00 RCVD_IN_SORBS_DUL && BAYES_00
  3158. # describe SORBSDUL00 RCVD_IN_SORBS_DUL && BAYES_00
  3159. # score SORBSDUL00 -2.0
  3160.  
  3161. # meta DYN_SORBSDUL RCVD_IN_SORBS_DUL && ___DYNAMICIP
  3162. # score DYN_SORBSDUL 3.5
  3163.  
  3164.  
  3165. # score RCVD_IN_SORBS_SOCKS 1.50
  3166. # score RCVD_IN_SORBS_HTTP 1.50
  3167. # score RCVD_IN_OPM 1.50
  3168. # score RCVD_IN_OPM_HTTP_POST 1.50
  3169.  
  3170. #
  3171. # ORDB has been shutdowned. 2006.12.19 by [yoh]
  3172. #
  3173. # header RCVD_IN_RELAYS_ORDBORG rbleval:check_rbl('relay', 'relays.ordb.org.')
  3174. # describe RCVD_IN_RELAYS_ORDBORG Received via a relay in relays.ordb.org
  3175. # tflags RCVD_IN_RELAYS_ORDBORG net
  3176. # score RCVD_IN_RELAYS_ORDBORG 0.5
  3177.  
  3178.  
  3179. score RCVD_IN_DSBL 0.5
  3180.  
  3181. #
  3182. # SPAMCOP - very strict DNSBL, but it's not complete.
  3183. # Sometimes SPAMCOP records hammy IPs.
  3184. # 2005.09.25 by [yoh]
  3185. #
  3186. score RCVD_IN_BL_SPAMCOP_NET 0.1
  3187.  
  3188. meta SPAMCOP99 RCVD_IN_BL_SPAMCOP_NET && BAYES_99
  3189. describe SPAMCOP99 RCVD_IN_BL_SPAMCOP_NET && BAYES_99
  3190. score SPAMCOP99 3.0
  3191.  
  3192. meta SPAMCOP95 RCVD_IN_BL_SPAMCOP_NET && BAYES_95
  3193. describe SPAMCOP95 RCVD_IN_BL_SPAMCOP_NET && BAYES_95
  3194. score SPAMCOP95 1.5
  3195.  
  3196. meta SPAMCOP00 RCVD_IN_BL_SPAMCOP_NET && BAYES_00
  3197. describe SPAMCOP00 RCVD_IN_BL_SPAMCOP_NET && BAYES_00
  3198. score SPAMCOP00 -5.0
  3199.  
  3200. meta RAZORSPAMCOP RCVD_IN_BL_SPAMCOP_NET && RAZOR2_CF_RANGE_51_100
  3201. describe RAZORSPAMCOP RCVD_IN_BL_SPAMCOP_NET && RAZOR2_CF_RANGE_51_100
  3202. score RAZORSPAMCOP 8.0
  3203.  
  3204. # meta FORGEDSPAMCOP RCVD_IN_BL_SPAMCOP_NET && ___FORGED
  3205. # describe FORGEDSPAMCOP Distributed Collaborative Network and RCVD_IN_BL_SPAMCOP_NET
  3206. # score FORGEDSPAMCOP 3.0
  3207.  
  3208.  
  3209. score RCVD_IN_SBL 0.1
  3210. score RCVD_IN_XBL 0.5
  3211.  
  3212. # added 2011.04.28 by [yoh]
  3213. score RCVD_IN_PBL 0.5
  3214.  
  3215. # meta SBL99 RCVD_IN_SBL && BAYES_99
  3216. # describe SBL99 RCVD_IN_SBL && BAYES_99
  3217. # score SBL99 3.50
  3218.  
  3219. # score RCVD_IN_NJABL_PROXY 0.50
  3220. # score RCVD_IN_NJABL 0.50
  3221.  
  3222. # score RCVD_IN_NJABL_RELAY 0.50
  3223. # score DNS_FROM_RFCI_DSN 1.50
  3224.  
  3225. # score RCVD_IN_NJABL_DUL 0.50
  3226.  
  3227. # meta NJABLDUL99 RCVD_IN_NJABL_DUL && BAYES_99
  3228. # describe NJABLDUL99 RCVD_IN_NJABL_DUL && BAYES_99
  3229. # score NJABLDUL99 0.5
  3230.  
  3231. # meta DYN_NJABLDUL RCVD_IN_NJABL_DUL && ___DYNAMICIP
  3232. # score DYN_NJABLDUL 1.5
  3233.  
  3234.  
  3235. # score RCVD_IN_WHOIS_INVALID 1.0
  3236.  
  3237. # URIBL_BLACK includes false positive URIs.
  3238. # 2007.12.09 by [yoh]
  3239. score URIBL_BLACK 1.0
  3240.  
  3241. meta BLACK_BRBL URIBL_BLACK && RCVD_IN_BRBL_LASTEXT
  3242. score BLACK_BRBL 2.5
  3243.  
  3244. meta BLACK_SPAMCOP URIBL_BLACK && RCVD_IN_BL_SPAMCOP_NET
  3245. score BLACK_SPAMCOP 2.5
  3246.  
  3247.  
  3248. # meta RCVD_COP_SORBS_DSBL RCVD_IN_BL_SPAMCOP_NET && (RCVD_IN_SORBS || RCVD_IN_DSBL) && BAYES_99
  3249. # describe RCVD_COP_SORBS_DSBL RCVD_IN_BL_SPAMCOP_NET && (RCVD_IN_SORBS || RCVD_IN_DSBL) && BAYES_99
  3250. # score RCVD_COP_SORBS_DSBL 3.0
  3251.  
  3252. meta RCVDSBL99 RCVD_IN_SBL && BAYES_99
  3253. describe RCVDSBL99 RCVD_IN_SBL && BAYES_99
  3254. score RCVDSBL99 2.5
  3255.  
  3256. meta RCVDSBLBLACK RCVD_IN_SBL && URIBL_BLACK
  3257. score RCVDSBLBLACK 5.5
  3258.  
  3259.  
  3260. meta FORGEDDSBL RCVD_IN_DSBL && ___FORGED
  3261. describe FORGEDDSBL Distributed Collaborative Network and RCVD_IN_DSBL
  3262. score FORGEDDSBL 2.5
  3263.  
  3264.  
  3265.  
  3266. meta RCVDCBL99 RCVD_IN_CBL && BAYES_99
  3267. describe RCVDCBL99 RCVD_IN_CBL && BAYES_99
  3268. score RCVDCBL99 3.5
  3269.  
  3270. meta RCVDXBL99 RCVD_IN_XBL && BAYES_99
  3271. describe RCVDXBL99 RCVD_IN_XBL && BAYES_99
  3272. score RCVDXBL99 3.5
  3273.  
  3274. meta FORGEDXBL RCVD_IN_XBL && ___FORGED
  3275. describe FORGEDXBL Distributed Collaborative Network and RCVD_IN_XBL
  3276. score FORGEDXBL 2.5
  3277.  
  3278. # 2019.04.29 by [yoh]
  3279. # meta TVDFWGR_XBL ___TVD && RCVD_IN_XBL
  3280. # score TVDFWGR_XBL 3.5
  3281.  
  3282. # 2019.04.29 by [yoh]
  3283. # meta TVDFWGR_COP ___TVD && RCVD_IN_BL_SPAMCOP_NET
  3284. # score TVDFWGR_COP 3.5
  3285.  
  3286. meta SPF_COP (SPF_HELO_SOFTFAIL || SPF_FAIL) && RCVD_IN_BL_SPAMCOP_NET
  3287. score SPF_COP 3.5
  3288.  
  3289. meta SPF_PBL (SPF_HELO_SOFTFAIL || SPF_FAIL) && RCVD_IN_PBL
  3290. score SPF_PBL 3.5
  3291.  
  3292.  
  3293. # added 2011.02.2 by [yoh]
  3294. # deleted 2011.05.20 by [yoh]
  3295. # meta DYN_SPF_XMAILER SPF_PASS && ___DYNAMICIP && ! __HAS_X_MAILER
  3296. # score DYN_SPF_XMAILER 5.5
  3297.  
  3298.  
  3299.  
  3300. meta XBL_DCN ___DCN && RCVD_IN_XBL
  3301. score XBL_DCN 3.5
  3302. meta CBL_DCN ___DCN && RCVD_IN_CBL
  3303. score CBL_DCN 3.5
  3304. meta PBL_DCN ___DCN && RCVD_IN_PBL
  3305. score PBL_DCN 3.5
  3306. meta BLACK_DCN ___DCN && URIBL_BLACK
  3307. score BLACK_DCN 3.5
  3308. meta SBL_DCN ___DCN && URIBL_SBL
  3309. score SBL_DCN 3.5
  3310. # meta DUL_DCN ___DCN && RCVD_IN_SORBS_DUL
  3311. # score DUL_DCN 3.5
  3312.  
  3313.  
  3314.  
  3315. # meta RCVD_COP_SBL_XBL RCVD_IN_BL_SPAMCOP_NET && RCVD_IN_SBL && BAYES_99
  3316. # describe RCVD_COP_SBL_XBL RCVD_IN_BL_SPAMCOP_NET && RCVD_IN_SBL && BAYES_99
  3317. # score RCVD_COP_SBL_XBL 3.0
  3318. #
  3319. # meta RCVD_COP_CBL RCVD_IN_BL_SPAMCOP_NET && RCVD_IN_CBL && BAYES_99
  3320. # describe RCVD_COP_CBL RCVD_IN_BL_SPAMCOP_NET && RCVD_IN_CBL && BAYES_99
  3321. # score RCVD_COP_CBL 3.0
  3322. #
  3323. # meta RCVD_CBL_SBL_XBL RCVD_IN_SBL && RCVD_IN_CBL && BAYES_99
  3324. # describe RCVD_CBL_SBL_XBL RCVD_IN_SBL && RCVD_IN_CBL && BAYES_99
  3325. # score RCVD_CBL_SBL_XBL 3.0
  3326.  
  3327.  
  3328. # URIBL_SBL has missing uri.
  3329. # So, it's not reliable.
  3330. # 2005.02.02 by [yoh]
  3331. # 2006.01.02 by [yoh]
  3332. # score URIBL_SBL 2.0
  3333. score URIBL_SBL 0.1
  3334.  
  3335. meta URIBLSBL99 URIBL_SBL && BAYES_99
  3336. describe URIBLSBL99 URIBL_SBL && BAYES_99
  3337. score URIBLSBL99 2.0
  3338.  
  3339. meta URIBLSBL00 URIBL_SBL && BAYES_00
  3340. describe URIBLSBL00 URIBL_SBL && BAYES_00
  3341. score URIBLSBL00 -2.0
  3342.  
  3343. #
  3344. # deleted 2010.09.26 by [yoh]
  3345. #
  3346. # meta RCVDIP_URIBLSBL URIBL_SBL && RCVD_HELO_IP_MISMATCH
  3347. # score RCVDIP_URIBLSBL 3.5
  3348.  
  3349. # 2009.07.30 by [yoh]
  3350. # 2010.12.25 renamed by [yoh]
  3351. meta DYN_URLSBL URIBL_SBL && ___DYNAMICIP
  3352. score DYN_URLSBL 3.5
  3353. # 2010.12.25 by [yoh]
  3354. meta DYN_SBL RCVD_IN_SBL && ___DYNAMICIP
  3355. score DYN_SBL 10
  3356.  
  3357.  
  3358. # 2011.11.21 by [yoh]
  3359. # 2019.04.29 by [yoh]
  3360. # meta DYN_URIBL (URIBL_BLACK || URIBL_AB_SURBL || URIBL_SC_SURBL || URIBL_JP_SURBL || URIBL_OB_SURBL || URIBL_SBL || URIBL_RHS_DOB || URIBL_PH_SURBL || URIBL_WS_SURBL ) && ___DYNAMICIP
  3361. meta DYN_URIBL (URIBL_BLACK || URIBL_SBL || URIBL_RHS_DOB || URIBL_PH_SURBL || URIBL_WS_SURBL ) && ___DYNAMICIP
  3362. score DYN_URIBL 3.5
  3363.  
  3364. # Now, URIBL_WS_SURBL is reliable.
  3365. # 2005.06.07 by [yoh]
  3366. # score URIBL_WS_SURBL 1.0
  3367.  
  3368. # Now, URIBL_JP_SURBL is reliable.
  3369. # 2005.06.07 by [yoh]
  3370. #- urirhssub URIBL_JP_SURBL multi.surbl.org. A 64
  3371. #- body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL')
  3372. #- describe URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html
  3373. #- tflags URIBL_JP_SURBL net
  3374. #- score URIBL_JP_SURBL 1.0
  3375.  
  3376.  
  3377. # From: Jeff Chan <jeffc at surbl.org>
  3378. # Subject: Please test sc2.surbl.org (and xs.surbl.org)
  3379. # Date: Mon, 25 Jul 2005 06:14:59 GMT
  3380. # http://mail-archives.apache.org/mod_mbox/spamassassin-users/200507.mbox/%3c1974834350.20050724231459@surbl.org%3e
  3381. # From: Jeff Chan <jeffc at surbl.org>
  3382. # Subject: Re: Please test sc2.surbl.org (and xs.surbl.org)
  3383. # Date: Mon, 25 Jul 2005 08:55:12 GMT
  3384. # http://mail-archives.apache.org/mod_mbox/spamassassin-users/200507.mbox/%3c497174917.20050725015512@surbl.org%3e
  3385.  
  3386. #- urirhsbl URIBL_SC2_SURBL sc2.surbl.org. A
  3387. #- body URIBL_SC2_SURBL eval:check_uridnsbl('URIBL_SC2_SURBL')
  3388. #- describe URIBL_SC2_SURBL Has URI in SC2 at http://www.surbl.org/lists.html
  3389. #- tflags URIBL_SC2_SURBL net
  3390.  
  3391. #- score URIBL_SC2_SURBL 1.0
  3392.  
  3393. #- urirhsbl URIBL_XS_SURBL xs.surbl.org. A
  3394. #- body URIBL_XS_SURBL eval:check_uridnsbl('URIBL_XS_SURBL')
  3395. #- describe URIBL_XS_SURBL Has URI in XS - Testing
  3396. #- tflags URIBL_XS_SURBL net
  3397.  
  3398. #- score URIBL_XS_SURBL 1.0
  3399.  
  3400.  
  3401.  
  3402. # score RCVD_IN_SORBS_WEB 1.5
  3403. # meta SORBSWEB99 RCVD_IN_SORBS_WEB && BAYES_99
  3404. # describe SORBSWEB99 RCVD_IN_SORBS_WEB && BAYES_99
  3405. # score SORBSWEB99 1.5
  3406.  
  3407. #- score URIBL_OB_SURBL 0.1
  3408.  
  3409. # 2019.04.29 by [yoh]
  3410. # meta SURBL99 (URIBL_AB_SURBL || URIBL_OB_SURBL || URIBL_PH_SURBL || URIBL_SC_SURBL || URIBL_WS_SURBL || URIBL_JP_SURBL || URIBL_SC2_SURBL || URIBL_XS_SURBL) && BAYES_99
  3411. meta SURBL99 (URIBL_PH_SURBL || URIBL_WS_SURBL) && BAYES_99
  3412. describe SURBL99 URIBL_??_SURBL && BAYES_99
  3413. score SURBL99 3.5
  3414.  
  3415. # 2019.04.29 by [yoh]
  3416. # meta SURBL_DCN (URIBL_AB_SURBL || URIBL_OB_SURBL || URIBL_PH_SURBL || URIBL_SC_SURBL || URIBL_WS_SURBL || URIBL_JP_SURBL || URIBL_SC2_SURBL || URIBL_XS_SURBL) && ___DCN
  3417. meta SURBL_DCN (URIBL_PH_SURBL || URIBL_WS_SURBL) && ___DCN
  3418. describe SURBL_DCN Distributed Collaborative Network and URIBL_??_SURBL
  3419. score SURBL_DCN 5.5
  3420.  
  3421.  
  3422. #
  3423. # rbl.jp: strict and reliable DNSBL originated from Japan: 2004.11.27 by [yoh]
  3424. #
  3425. # Unfortunately the rbl.jp service has ended.
  3426. # http://www.hart.co.jp/
  3427. # http://archive.is/hNiC9
  3428. # https://it.srad.jp/story/17/09/13/0649245/
  3429. # 2017.10.01 by [yoh]
  3430.  
  3431. #- urirhssub URLBL_RBLJP url.rbl.jp. A 2
  3432. #- body URLBL_RBLJP eval:check_uridnsbl('URLBL_RBLJP')
  3433. #- describe URLBL_RBLJP Has URI in url.rbl.jp
  3434. #- tflags URLBL_RBLJP net
  3435.  
  3436. uridnsbl_skip_domain livedoor.com reset.jp asahi-net.or.jp hi-ho.ne.jp 2ch.net hatena.ne.jp
  3437. uridnsbl_skip_domain mixi.jp
  3438. #- score URLBL_RBLJP 1.5
  3439.  
  3440. #- meta URLRBLJP99 URLBL_RBLJP && BAYES_99
  3441. #- describe URLRBLJP99 URLBL_RBLJP && BAYES_99
  3442. #- score URLRBLJP99 2.0
  3443.  
  3444. #- meta URLRBLJP_DCN URLBL_RBLJP && ___DCN
  3445. #- describe URLRBLJP_DCN URLBL_RBLJP && ___DCN
  3446. #- score URLRBLJP_DCN 10
  3447.  
  3448. #- meta URLRBLJP_DYN URLBL_RBLJP && ___DYNAMICIP
  3449. #- score URLRBLJP_DYN 5.5
  3450.  
  3451.  
  3452. #- header RCVD_IN_SHORT_RBL_JP eval:check_rbl_txt('rbl.jp', 'short.rbl.jp.')
  3453. #- describe RCVD_IN_SHORT_RBL_JP Received via a relay in short.rbl.jp
  3454. #- tflags RCVD_IN_SHORT_RBL_JP net
  3455. #- score RCVD_IN_SHORT_RBL_JP 1.5
  3456.  
  3457. #- header RCVD_IN_VIRUS_RBL_JP eval:check_rbl_txt('rbl.jp', 'virus.rbl.jp.')
  3458. #- describe RCVD_IN_VIRUS_RBL_JP Received via a relay in virus.rbl.jp
  3459. #- tflags RCVD_IN_VIRUS_RBL_JP net
  3460. #- score RCVD_IN_VIRUS_RBL_JP 1.0
  3461.  
  3462.  
  3463. #- meta SHORTRBLJP99 RCVD_IN_SHORT_RBL_JP && BAYES_99
  3464. #- describe SHORTRBLJP99 RCVD_IN_SHORT_RBL_JP && BAYES_99
  3465. #- score SHORTRBLJP99 1.5
  3466.  
  3467. #- meta RBLJP_URL_SHORT URLBL_RBLJP && RCVD_IN_SHORT_RBL_JP
  3468. #- score RBLJP_URL_SHORT 5.0
  3469.  
  3470.  
  3471. #- meta OTHER_RBLJIS JPSCAMURI && (ARIN || RIPE_NCC || LACNIC || AFRINIC || ___KOREATAIWANCHINA )
  3472. #- score OTHER_RBLJIS 1.5
  3473.  
  3474. #
  3475. # I stopped using fiveten.
  3476. # 2006.12.14 by [yoh]
  3477. #
  3478.  
  3479. # http://marc.theaimsgroup.com/?l=spamassassin-users&m=111558903223018&w=2
  3480.  
  3481. # header __RCVD_IN_FIVETENSG eval:check_rbl('blackholes', 'blackholes.five-ten-sg.com.')
  3482. # describe __RCVD_IN_FIVETENSG Received via a relay in blackholes.five-ten-sg.com
  3483. # tflags __RCVD_IN_FIVETENSG net
  3484.  
  3485. # header RCVD_IN_FIVETENSG eval:check_rbl_sub('blackholes', '127.0.0.2')
  3486. # describe RCVD_IN_FIVETENSG Received via a spam relay in blackholes.five-ten-sg.com
  3487. # tflags RCVD_IN_FIVETENSG net
  3488. # score RCVD_IN_FIVETENSG 0.1
  3489.  
  3490. # meta FIVETEN99 RCVD_IN_FIVETENSG && BAYES_99
  3491. # describe FIVETEN99 RCVD_IN_FIVETENSG && BAYES_99
  3492. # score FIVETEN99 0.2
  3493.  
  3494. # meta RAZORFIVETEN RCVD_IN_FIVETENSG && RAZOR2_CF_RANGE_51_100
  3495. # describe RAZORFIVETEN RCVD_IN_FIVETENSG && RAZOR2_CF_RANGE_51_100
  3496. # score RAZORFIVETEN 1.0
  3497.  
  3498. # meta DYN_FIVETEN RCVD_IN_FIVETENSG && ___DYNAMICIP
  3499. # score DYN_FIVETEN 3.0
  3500.  
  3501. #
  3502. # http://mail-archives.apache.org/mod_mbox/spamassassin-users/200508.mbox/%3cLLEAJOOJPGKIFDOKCKLCEEFKDEAA.salist@floridacpu.com%3e
  3503. #
  3504.  
  3505. # removed 2011.04.17 by [yoh]
  3506. # http://bui.asablo.jp/blog/2010/10/31/5459612
  3507. # http://hibari.2ch.net/test/read.cgi/unix/1124772932/394
  3508. # header RCVD_IN_CHINA eval:check_rbl('country', 'china.blackholes.us')
  3509. # describe RCVD_IN_CHINA Received via a China IP address in china.blackholes.us
  3510. # tflags RCVD_IN_CHINA net
  3511. # score RCVD_IN_CHINA 0.1
  3512.  
  3513. # header RCVD_IN_TAIWAN eval:check_rbl('country', 'taiwan.blackholes.us.')
  3514. # describe RCVD_IN_TAIWAN Received via a Taiwan IP address in taiwan.blackholes.us
  3515. # tflags RCVD_IN_TAIWAN net
  3516. # score RCVD_IN_TAIWAN 0.1
  3517.  
  3518. # added 2011.04.17 by [yoh]
  3519. header RCVD_IN_CHINA eval:check_rbl('wariate.jp', 'cn.cc.wariate.jp.')
  3520. describe RCVD_IN_CHINA Received via a China IP address in cn.cc.wariate.jp
  3521. tflags RCVD_IN_CHINA net
  3522. score RCVD_IN_CHINA 0.1
  3523.  
  3524. header RCVD_IN_TAIWAN eval:check_rbl('wariate.jp', 'tw.cc.wariate.jp.')
  3525. describe RCVD_IN_TAIWAN Received via a Taiwan IP address in tw.cc.wariate.jp
  3526. tflags RCVD_IN_TAIWAN net
  3527. score RCVD_IN_TAIWAN 0.1
  3528.  
  3529.  
  3530. # http://mailspike.org/anubis/implementation_sa.html
  3531. # 2010/12/29 added by [yoh]
  3532. ## Spam sources
  3533. header __RCVD_IN_MSPIKE eval:check_rbl('mspike-lastexternal', 'bl.mailspike.net.')
  3534. tflags __RCVD_IN_MSPIKE net
  3535.  
  3536. ##### Reputation compensations
  3537. # Definitions
  3538. header __RCVD_IN_MSPIKE_Z eval:check_rbl_sub('mspike-lastexternal', '^127\.0\.0\.2$')
  3539. describe __RCVD_IN_MSPIKE_Z Spam wave participant
  3540. tflags __RCVD_IN_MSPIKE_Z net
  3541. header RCVD_IN_MSPIKE_L5 eval:check_rbl_sub('mspike-lastexternal', '^127\.0\.0\.10$')
  3542. describe RCVD_IN_MSPIKE_L5 Very bad reputation (-5)
  3543. tflags RCVD_IN_MSPIKE_L5 net
  3544. header RCVD_IN_MSPIKE_L4 eval:check_rbl_sub('mspike-lastexternal', '^127\.0\.0\.11$')
  3545. describe RCVD_IN_MSPIKE_L4 Bad reputation (-4)
  3546. tflags RCVD_IN_MSPIKE_L4 net
  3547. header RCVD_IN_MSPIKE_L3 eval:check_rbl_sub('mspike-lastexternal', '^127\.0\.0\.12$')
  3548. describe RCVD_IN_MSPIKE_L3 Low reputation (-3)
  3549. tflags RCVD_IN_MSPIKE_L3 net
  3550.  
  3551. # *_L and *_Z may overlap each other, so account for that
  3552. meta __RCVD_IN_MSPIKE_LOW RCVD_IN_MSPIKE_L5 || RCVD_IN_MSPIKE_L4 || RCVD_IN_MSPIKE_L3
  3553. meta RCVD_IN_MSPIKE_ZBI __RCVD_IN_MSPIKE_Z && !__RCVD_IN_MSPIKE_LOW
  3554.  
  3555. # Scores
  3556. score RCVD_IN_MSPIKE_ZBI 4.1
  3557. score RCVD_IN_MSPIKE_L5 4.1
  3558. score RCVD_IN_MSPIKE_L4 3.5
  3559. score RCVD_IN_MSPIKE_L3 2.9
  3560.  
  3561.  
  3562.  
  3563. # meta DNSFRMRFCPST99 DNS_FROM_RFC_POST && BAYES_99 && ! VALIDDOCOMO
  3564. # describe DNSFRMRFCPST99 DNS_FROM_RFC_POST && BAYES_99 && ! VALIDDOCOMO
  3565. # score DNSFRMRFCPST99 1.5
  3566.  
  3567. # meta DYN_DNSFRMRFCPST DNS_FROM_RFC_POST && ___DYNAMICIP
  3568. # score DYN_DNSFRMRFCPST 3.5
  3569.  
  3570. meta DYN_JPSCAMURI JPSCAMURI && ___DYNAMICIP
  3571. score DYN_JPSCAMURI 5.0
  3572.  
  3573. # added 2011.04.07 by [yoh]
  3574. meta DYN_JPSCAMTEL JPSCAMTEL && ___DYNAMICIP
  3575. score DYN_JPSCAMTEL 3.0
  3576.  
  3577. # added 2011.04.07 by [yoh]
  3578. meta DYN_JPSCAMMAILADDRESS JPSCAMMAILADDRESS && ___DYNAMICIP
  3579. score DYN_JPSCAMMAILADDRESS 3.0
  3580.  
  3581. # added 2011.07.01 by [yoh]
  3582. meta XMAILER_JPSCAMTEL JPSCAMTEL && ! __HAS_X_MAILER && ! ___DYNAMICIP
  3583. score XMAILER_JPSCAMTEL 3.0
  3584.  
  3585.  
  3586.  
  3587. score MISSING_MID 1.0
  3588.  
  3589. meta DYN_MISSMID MISSING_MID && ___DYNAMICIP
  3590. score DYN_MISSMID 3.5
  3591.  
  3592.  
  3593. # 2010.01.18 by [yoh]
  3594. meta DYN_XYHFB XYAHOOFILTEREDBULK && ___DYNAMICIP
  3595. score DYN_XYHFB 3.5
  3596.  
  3597. meta DYN_XKR X_KOREAN_RELAY && ___DYNAMICIP
  3598. score DYN_XKR 3.5
  3599.  
  3600.  
  3601. # 2010.06.25 by [yoh]
  3602. meta DYN_CBL RCVD_IN_CBL && ___DYNAMICIP
  3603. score DYN_CBL 10
  3604.  
  3605. # 2019.04.29 by [yoh]
  3606. # meta DYN_RBLJP RCVD_IN_SHORT_RBL_JP && ___DYNAMICIP
  3607. # score DYN_RBLJP 3.5
  3608.  
  3609. # 2015.08.07 score modified by [yoh]
  3610. meta DYN_BRBL RCVD_IN_BRBL_LASTEXT && ___DYNAMICIP
  3611. score DYN_BRBL 10
  3612.  
  3613. meta DYN_PBL RCVD_IN_PBL && ___DYNAMICIP
  3614. score DYN_PBL 3.5
  3615.  
  3616. # 2011.04.26 by [yoh]
  3617. # 2015.08.13 score modified by [yoh]
  3618. meta DYN_RNBL RCVD_IN_RP_RNBL && ___DYNAMICIP
  3619. score DYN_RNBL 10
  3620.  
  3621.  
  3622. #
  3623. #
  3624. # New rules from version 3.1.0
  3625. # 2005.09.20 by [yoh]
  3626. #
  3627. #
  3628.  
  3629. # meta DNSFRMRFCABS99 DNS_FROM_RFC_ABUSE && BAYES_99 && ! VALIDDOCOMO
  3630. # describe DNSFRMRFCABS99 DNS_FROM_RFC_ABUSE && BAYES_99 && ! VALIDDOCOMO
  3631. # score DNSFRMRFCABS99 0.2
  3632.  
  3633. # RCVD_IN_WHOIS_BOGONS is very low reliability.
  3634. # 2007.08.11 by [yoh]
  3635. #
  3636. # score RCVD_IN_WHOIS_BOGONS 0.1
  3637.  
  3638. # meta RCVDINWHSBGNS99 RCVD_IN_WHOIS_BOGONS && BAYES_99
  3639. # describe RCVDINWHSBGNS99 RCVD_IN_WHOIS_BOGONS && BAYES_99
  3640. # score RCVDINWHSBGNS99 1.0
  3641.  
  3642. # meta RCVDINWHSINV99 RCVD_IN_WHOIS_INVALID && BAYES_99
  3643. # describe RCVDINWHSINV99 RCVD_IN_WHOIS_INVALID && BAYES_99
  3644. # score RCVDINWHSINV99 4.5
  3645.  
  3646. # meta DNSFRMSCRSG99 DNS_FROM_SECURITYSAGE && BAYES_99
  3647. # describe DNSFRMSCRSG99 DNS_FROM_SECURITYSAGE && BAYES_99
  3648. # score DNSFRMSCRSG99 4.5
  3649.  
  3650. # These rules are needless and have bad influence for detecting bounce spams.
  3651. # 2008.09.06 by [yoh]
  3652. score RCVD_IN_DNSWL_LOW 0
  3653. score RCVD_IN_DNSWL_MED 0
  3654. score RCVD_IN_DNSWL_HI 0
  3655.  
  3656. # 2018.11.30 by [yoh]
  3657. score RCVD_IN_DNSWL_NONE -1.5
  3658.  
  3659. # =-=-=-=-=-=-=-=-=-=-=-=-=-=- detecting ISP's IP =-=-=-=-=-=-=-=-=-=-=-=-=-=-
  3660.  
  3661. #
  3662. # But, some ham's Received: includes private IP with same HELO & BY.
  3663. # 2006.02.25 by [yoh]
  3664. # Revised for strictly matching.
  3665. # 2006.02.25 by [yoh]
  3666. #
  3667.  
  3668. # header HELO_BY_SAME X-Spam-Relays-Untrusted =~ /^\[ ip=(?!(?:127\.0\.0\.1|192\.168(?:\.\d{1,3}){2}|172\.(?:1[6-9]|2\d|3[01])(?:\.\d{1,3}){2}|10(?:\.\d{1,3}){3}))\d{2,3}(?:\.\d{1,3}){3} rdns=[^\[]* helo=([\w\._-]+) by=\1 [^\[\]]+ \]/
  3669. header HELO_BY_SAME X-Spam-Relays-Untrusted =~ /^\[ ip=(?!(?:127\.0\.0\.1|192\.168(?:\.\d{1,3}){2}|172\.(?:1[6-9]|2\d|3[01])(?:\.\d{1,3}){2}|10(?:\.\d{1,3}){3}))\d{2,3}(?:\.\d{1,3}){3} rdns=[^\[]* helo=([\w\._-]+) by=\1 /
  3670. describe HELO_BY_SAME HELO is same received MTA's FQDN
  3671. score HELO_BY_SAME 1.5
  3672.  
  3673. # header HELO_BY_PARTIALSAME X-Spam-Relays-Untrusted =~ /^\[ ip=(?!(?:127\.0\.0\.1|192\.168(?:\.\d{1,3}){2}|172\.(?:1[6-9]|2\d|3[01])(?:\.\d{1,3}){2}|207\.46(?:\.\d{1,3}){2}|10(?:\.\d{1,3}){3}))\d{2,3}(?:\.\d{1,3}){3} rdns=[^\[]* helo=([\w\._-]+) by=[\w\._-]+\1 [^\[\]]+ \]/
  3674. header HELO_BY_PARTIALSAME X-Spam-Relays-Untrusted =~ /^\[ ip=(?!(?:127\.0\.0\.1|192\.168(?:\.\d{1,3}){2}|172\.(?:1[6-9]|2\d|3[01])(?:\.\d{1,3}){2}|207\.46(?:\.\d{1,3}){2}|10(?:\.\d{1,3}){3}))\d{2,3}(?:\.\d{1,3}){3} rdns=[^\[]* helo=([\w\._-]+) by=[\w\._-]+\1 /
  3675. describe HELO_BY_PARTIALSAME HELO is same received MTA's domain name
  3676. score HELO_BY_PARTIALSAME 1.5
  3677.  
  3678. meta HLBYPRSM_KTC HELO_BY_PARTIALSAME && (___KOREATAIWANCHINA || DIRECTYOURNET) && ISO2022JP_BODY
  3679. score HLBYPRSM_KTC 5
  3680.  
  3681. # meta HLBY_MTAID HLBYPRSM_KTC && MSGID_FROM_MTA_ID
  3682. # score HLBY_MTAID 5
  3683.  
  3684. meta HLBYPRSM_DCN HELO_BY_PARTIALSAME && ___DCN
  3685. score HLBYPRSM_DCN 5
  3686.  
  3687.  
  3688. meta ASIA1HOPHLBYPTSM ONLY1HOPDIRECT && ___DYNAMICIP && HELO_BY_PARTIALSAME
  3689. score ASIA1HOPHLBYPTSM 5
  3690.  
  3691.  
  3692. header RCVD_IPNUMONLY Received =~ /from (\d{1,3}\.){3}\d{1,3} by (\d{1,3}\.){3}\d{1,3}\;/
  3693. describe RCVD_IPNUMONLY Received: contains only IP numbers and date str
  3694. score RCVD_IPNUMONLY 3.5
  3695.  
  3696. meta RCVDIP_ILLCHR RCVD_IPNUMONLY && (SUBJ_ILLEGAL_CHARS || FROM_ILLEGAL_CHARS)
  3697. score RCVDIP_ILLCHR 5.0
  3698.  
  3699. #
  3700. #
  3701. # detecting Japanese spammer's heaven.
  3702. # 2004.08.23 by [yoh]
  3703. #
  3704. #
  3705.  
  3706. # 210.143.144.0-210.143.159.255
  3707. # 220.150.0.0 - 220.150.255.255
  3708. # 220.215.0.0 - 220.215.127.255
  3709. # 221.113.64.0 - 221.113.127.255
  3710. # 43.244.0.0/16
  3711. # 61.203.160.0-61.203.175.255
  3712. # 61.44.0.0 - 61.44.127.255
  3713. # 61.12.128.0 - 61.12.255.255
  3714.  
  3715.  
  3716. # header YOURNET Received =~ /from .+ap\.yournet\.ne\.jp /
  3717. # header YOURNET Received =~ /(from .+ap\.yournet\.ne\.jp |.+fbb\.ReSET\.JP |61\.203\.((16[0-9]|17[0-4])\.[0-9]{1,3}|175\.0)|220\.215\.([0-9]|[1-9][0-9]|1[01][0-9]|12[0-7])\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]))/
  3718. # header YOURNET Received =~ /(from .+ap\.yournet\.ne\.jp |.+fbb\.ReSET\.JP |61\.203\.((16[0-9]|17[0-4])\.[0-9]{1,3}|175\.0)|220\.215\.([0-9]|[1-9][0-9]|1[01][0-9]|12[0-7])\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])|43\.244(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2,2})/
  3719.  
  3720. # header YOURNET Received =~ /(from .+ap\.yournet\.ne\.jp |.+fbb\.ReSET\.JP |61\.203\.((16[0-9]|17[0-4])\.[0-9]{1,3}|175\.0)|220\.215\.([0-9]|[1-9][0-9]|1[01][0-9]|12[0-7])\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])|(43\.244|220\.150)(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2,2})/
  3721.  
  3722. # header YOURNET Received =~ /from .+(.+(fbb\.ReSET\.JP|ap\.yournet\.ne\.jp)[^a-z]+[0-9]{2,3}(\.[0-9]{1,3}){3,3}|61\.203\.(16[0-9]|17[0-5])\.[0-9]{1,3}|61\.44\.([0-9]|[1-9][0-9]|1(1[0-9]|2[0-7]))\.[0-9]{1,3}|220\.215\.([0-9]|[1-9][0-9]|1[01][0-9]|12[0-7])\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])|(43\.244|220\.150)(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2,2})[^(a-z]{0,3}by /
  3723.  
  3724. # header YOURNET X-Spam-Relays-Untrusted =~ /(ip=((43\.244|220\.(150|215))(\.[0-9]{1,3}){2}|(61\.203\.1(6[0-9]|7[0-5])|61\.44\.([0-9]|[1-9][0-9]|1[01][0-9]|12[0-7])|61\.12\.(12[89]|1[3-9][0-9]|2[0-4][0-9]|25[0-5])|210\.143\.1(4[4-9]|5[0-9])|221\.113\.(6[4-9]|[7-9][0-9]|1[01][0-9]|12[0-7]))\.[0-9]{1,3})|rdns=.+(fbb\.ReSET\.JP|ap\.yournet\.ne\.jp)) .+ident= envfrom= intl=0 .+auth= /
  3725. # thrown away 2011.12.02 by [yoh]
  3726. # header YOURNET X-Spam-Relays-Untrusted =~ /(ip=((43\.244|220\.(?:150|215))(?:\.\d{1,3}){2}|(61\.203\.1(6\d|7[0-5])|61\.44\.(\d|[1-9]\d|1[01]\d|12[0-7])|61\.12\.(?:12[89]|1[3-9]\d|2[0-4]\d|25[0-5])|210\.143\.1(4[4-9]|5\d)|219\.112\.(\d|[1-9]\d|1[01]\d|12[0-7])|221\.113\.(6[4-9]|[7-9]\d|1[01]\d|12[0-7]))\.\d{1,3})|rdns=.+(fbb\.ReSET\.JP|ap\.yournet\.ne\.jp)) .+ ident= envfrom= intl=0 [^\[\]]+auth= /
  3727. # describe YOURNET Japanese spammer's heaven: yournet.ne.jp
  3728. # score YOURNET 0.5
  3729.  
  3730. # thrown away 2005.09.14 by [yoh]
  3731. #
  3732. # meta RFCIYOURNET RCVD_IN_RFCI && YOURNET
  3733. # describe RFCIYOURNET RCVD_IN_RFCI && YOURNET
  3734. # score RFCIYOURNET 4.0
  3735.  
  3736. # meta SORBSYOURNET RCVD_IN_SORBS && YOURNET
  3737. # describe SORBSYOURNET RCVD_IN_SORBS && YOURNET
  3738. # score SORBSYOURNET 3.0
  3739.  
  3740. #
  3741. # thrown away 2006.04.09 by [yoh]
  3742. #
  3743. # meta COPYOURNET RCVD_IN_BL_SPAMCOP_NET && YOURNET
  3744. # describe COPYOURNET RCVD_IN_BL_SPAMCOP_NET && YOURNET
  3745. # score COPYOURNET 5.0
  3746. #
  3747. # # meta INVALIDYAHOOJPYOURNET INVALIDYAHOOJP && YOURNET && RCVDFRMLOCALIP
  3748. # meta INVALIDYAHOOJPYOURNET INVALIDYAHOOJP && YOURNET
  3749. # describe INVALIDYAHOOJPYOURNET INVALIDYAHOOJP && YOURNET
  3750. # score INVALIDYAHOOJPYOURNET 10.0
  3751.  
  3752.  
  3753. # 163.139.0.0 - 163.139.255.255
  3754. # 202.215.32.0-202.215.33.0
  3755. # 202.215.175.0-202.215.179.255
  3756. # 202.215.181.0-202.215.192.255
  3757. # 202.215.194.0-202.215.195.255
  3758. # 202.215.196.0-202.215.197.255
  3759. # 202.215.198.0-202.215.203.255
  3760. # 202.215.204.0-202.215.205.255
  3761. # 202.215.206.0-202.215.207.255
  3762. # 202.215.211.0-202.215.211.255
  3763. # 202.215.214.0-202.215.215.255
  3764. # 202.215.216.0-202.215.219.255
  3765. # 202.215.224.0-202.215.224.255
  3766. # 202.215.225.0-202.215.230.255
  3767. # 202.215.232.0-202.215.233.255
  3768. # 202.215.234.0-202.215.239.255
  3769. # (202.215.242.0-202.215.251.255)
  3770.  
  3771. # 220.247.0.0 - 220.247.127.255
  3772.  
  3773. # 202.215.132.0-202.215.133.0
  3774. # header VECTANTDYNIP Received =~ /from .*(202\.215\.13[23]\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])|(d[0-9]{1,3}\.JgunmaFL1|s[0-9]{1,3}\.ItokyoFL18)\.vectant\.ne\.jp)/
  3775. # header VECTANTDYNIP Received =~ /from .*(202\.215\.13[23]\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])|(d[0-9]{1,3}\.JgunmaFL1|[ds][0-9]{1,3}\.[GI]tokyoFL[0-9]+)\.vectant\.ne\.jp)/
  3776.  
  3777. # header VECTANTDYNIP Received =~ /from .*(d[0-9]{2,3}\.[A-Z][a-z]+FL[0-9]+|wd[0-9]+\.(afl|AFL)[0-9]+)\.vectant\.ne\.jp/
  3778. # X-Spam-Relays-Untrusted =~ /(ip=202\.215(\.\d{1,3}){2}|rdns=(d[0-9]{2,3}\.[A-Z][a-z]+FL[0-9]+|wd[0-9]+\.(afl|AFL)[0-9]+)\.vectant\.ne\.jp) .+ ident= envfrom= intl=0 [^\[\]]+auth= /
  3779. # header VECTANTDYNIP X-Spam-Relays-Untrusted =~ /(ip=((202\.215|222\.228)(\.\d{1,3}){2}|222\.229\.(\d|[1-5]\d|6[0-3])\.\d{1,3})|rdns=(d[0-9]{2,3}\.[A-Z][a-z]+FL[0-9]+|wd[0-9]+\.([ab]fl|[AB]FL)[0-9a-fA-F]+)\.vectant\.ne\.jp) [^\[\]]+ ident= envfrom= intl=0 [^\[\]]+auth= /
  3780. header VECTANTDYNIP X-Spam-Relays-Untrusted =~ /rdns=((e|w|w4|)d\d+\.[ABFGHIJNS]+[a-z]*(DS[AI]|FL){0,1}[bcd0-9]+|(?:163-139|202-215)(-\d{1,3}){2}\.(uis){0,1}rv)\.vectant\.ne\.jp [^\[\]]+ ident= envfrom= intl=0 [^\[\]]+auth= /
  3781. describe VECTANTDYNIP vectant.ne.jp: seems to be almost same yournet.ne.jp
  3782. score VECTANTDYNIP 0.1
  3783.  
  3784. # thrown away 2005.09.14 by [yoh]
  3785. #
  3786. # meta VFLETSYAHOO INVALIDNOTYAHOO && VECTANTDYNIP
  3787. # describe VFLETSYAHOO INVALIDNOTYAHOO && VECTANTDYNIP
  3788. # score VFLETSYAHOO 3.5
  3789.  
  3790. # 61.197.0.0-61.197.127.0
  3791. # 210.165.128.0-210.165.255.0
  3792. # 219.102.248.0 - 219.102.255.255
  3793. # header INFOSPHERE Received =~ /from.*(61\.197\.([0-9]|[1-9][0-9]|1[01][0-9]|12[0-7])\.([0-9]|[1-9][0-9]|2[0-4][0-9]|25[0-5])|\.nttpc\.ne\.jp)/
  3794. # header INFOSPHERE Received =~ /from.*(61\.197\.([0-9]|[1-9][0-9]|1[01][0-9]|12[0-7])\.([0-9]|[1-9][0-9]|2[0-4][0-9]|25[0-5])|\.nttpc\.ne\.jp|210\.165\.(12[89]|1[3-9][0-9]|2[0-4][0-9]|25[0-5])\.([0-9]|[1-9][0-9]|2[0-4][0-9]|25[0-5]))/
  3795. # header INFOSPHERE X-Spam-Relays-Untrusted =~ /(ip=(61\.197\.(\d|[1-9]\d|1[01]\d|12[0-7])\.\d{1,3}|210\.165\.(12[89]|1[3-9]\d|2[0-4]\d|25[0-5])\.\d{1,3}|219\.102(\.\d{1,3}){2})|rdns=.+\.nttpc\.ne\.jp) .+ ident= envfrom= intl=0 .+auth= /
  3796. # header INFOSPHERE X-Spam-Relays-Untrusted =~ /(ip=(210\.165\.(12[89]|1[3-9]\d|2[0-4]\d|25[0-5])\.\d{1,3}|(61\.197|203\.138|219\.102)(\.\d{1,3}){2})|rdns=.+\.nttpc\.ne\.jp) .+ ident= envfrom= intl=0 .+auth= /
  3797. # header INFOSPHERE X-Spam-Relays-Untrusted =~ /(ip=(210\.165\.(12[89]|1[3-9]\d|2[0-4]\d|25[0-5])\.\d{1,3}|(61\.197|203\.138|210\.136|219\.102)(\.\d{1,3}){2})|rdns=.+\.nttpc\.ne\.jp) .+ ident= envfrom= intl=0 [^\[\]]+auth= /
  3798. # describe INFOSPHERE The Business Provider: InfoSphere
  3799. # score INFOSPHERE 0.1
  3800.  
  3801. #
  3802. # thrown away 2006.04.09 by [yoh]
  3803. #
  3804. # # meta YAHOOJPINFOSPHERE (VALIDYAHOOJP || INVALIDYAHOOJP) && INFOSPHERE && RCVDFRMLOCALIP
  3805. # meta YAHOOJPINFOSPHERE (VALIDYAHOOJP || INVALIDYAHOOJP) && INFOSPHERE
  3806. # describe YAHOOJPINFOSPHERE Why business user uses yahoo.co.jp free Mail address?
  3807. # score YAHOOJPINFOSPHERE 5.0
  3808.  
  3809. # thrown away 2005.09.15 by [yoh]
  3810. #
  3811. # 67.18.0.0 - 67.19.255.255
  3812. # header ___THEPLANET Received =~ /from.*(61\.1[89](\.([0-9]|[1-9][0-9]|2[0-4][0-9]|25[0-5])){1,2}|reverse\.theplanet\.com)/
  3813. # describe ___THEPLANET a farm of 3rd party relay hosts: ThePlanet.com
  3814. # score ___THEPLANET 7.0
  3815.  
  3816. # Received: .+p[0-9]+-[a-z0-9-]+\.[a-z]+\.ocn.ne.jp
  3817. # header OCNNEJP Received =~ /from .+\.[a-z]+\.ocn\.ne\.jp/
  3818.  
  3819. # 219.160.0.0 - 219.165.255.255
  3820. # 219\.16[0-5](\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2,2}
  3821. # 222.144.0.0 - 222.151.255.255
  3822. # 222\.(14[4-9]|15[01])(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2,2}
  3823.  
  3824. # Received =~ /from .+(p[0-9]+-[a-z0-9-]+\.[a-z]+\.ocn\.ne\.jp|(219\.16[0-5]|222\.(14[4-9]|15[01]))(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2,2})/
  3825. header OCNNEJP X-Spam-Relays-Untrusted =~ /(ip=((219\.16[0-5]|222\.(?:14[4-9]|15[01]))(\.\d){2}|222\.146\.(?:12[89]|1[3-9]\d|2[0-4]\d|25[0-5])\.\d{1,3})|rdns=p[0-9]+-[a-z0-9-]+\.[a-z]+\.ocn\.ne\.jp) .+ ident= envfrom= intl=0 [^\[\]]+auth= /
  3826. describe OCNNEJP OCN - Open Computer Network
  3827. score OCNNEJP 0.1
  3828.  
  3829. #
  3830. # thrown away 2006.04.09 by [yoh]
  3831. #
  3832. # header ___VALIDOCN Received =~ /from .+p[0-9]+-[a-z0-9-]+\.[a-z]+\.ocn\.ne\.jp.+by smtp\.[a-z]+\.ocn\.ne\.jp /
  3833. # describe ___VALIDOCN valid ocn sender
  3834. # score ___VALIDOCN 0.1
  3835.  
  3836. # meta DIRECTOCN OCNNEJP && ! ___VALIDOCN
  3837. # describe DIRECTOCN seems to post from ocn.ne.jp dynamic IP to receiver's MTA
  3838. # score DIRECTOCN 1.0
  3839.  
  3840.  
  3841. # thrown away 2005.09.14 by [yoh]
  3842. #
  3843. # meta OCNPLANET (___THEPLANET || ___EVERYONE) && OCNNEJP
  3844. # describe OCNPLANET probably this mail came from OCN through THEPLANET
  3845. # score OCNPLANET 10.0
  3846. #
  3847. # meta YAHOOJPOCNPLANET (VALIDYAHOOJP || INVALIDYAHOOJP) && OCNPLANET
  3848. # describe YAHOOJPOCNPLANET free yahoo.co.jp mail address user uses THEPLANET
  3849. # score YAHOOJPOCNPLANET 10.0
  3850.  
  3851. #
  3852. # thrown away 2006.04.09 by [yoh]
  3853. #
  3854. # meta ___YAHOOJPOCN (VALIDYAHOOJP || INVALIDYAHOOJP) && OCNNEJP
  3855. # describe ___YAHOOJPOCN free yahoo.co.jp mail address user uses OCN
  3856. # score ___YAHOOJPOCN 2.0
  3857.  
  3858. # header RCVDFRMLOCALIP Received =~ /from (\[(192\.168\.[0-9]{1,3}\.[0-9]{1,3}|127\.0\.0\.1)]|[a-z0-9-.]+ \(HELO \?(192\.168\.[0-9]{1,3}\.[0-9]{1,3}|127\.0\.0\.1)\?\))/
  3859. # header RCVDFRMLOCALIP Received =~ /from [a-z0-9-.]+ \(\[127\.0\.0\.1\]\)/
  3860. # header RCVDFRMLOCALIP Received =~ /from (\[(192\.168\.[0-9]{1,3}\.[0-9]{1,3}|127\.0\.0\.1)\]|[a-z0-9-.]+ \(HELO \?(192\.168\.[0-9]{1,3}\.[0-9]{1,3}|127\.0\.0\.1)\?\)|[a-z0-9-.]+ \(\[127\.0\.0\.1\]\) by local)/
  3861. # header RCVDFRMLOCALIP Received =~ /from (\[192\.168\.[0-9]{1,3}\.[0-9]{1,3} \([a-z0-9-.]+ \[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\)|\[\(192\.168\.[0-9]{1,3}\.[0-9]{1,3}|127\.0\.0\.1)\]|[a-z0-9-.]+ \(HELO \?(192\.168\.[0-9]{1,3}\.[0-9]{1,3}|127\.0\.0\.1)\?\)|[a-z0-9-.]+ \(\[127\.0\.0\.1\]\) by local)/
  3862. # header RCVDFRMLOCALIP Received =~ /from \[192\.168\.[0-9]{1,3}\.[0-9]{1,3}\] \([a-z0-9-.]+ \[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/
  3863. #
  3864. # thrown away 2005.09.29 by [yoh]
  3865. #
  3866. # header RCVDFRMLOCALIP Received =~ /from ([a-z0-9-.]+ \(HELO \?(192\.168\.[0-9]{1,3}\.[0-9]{1,3}|127\.0\.0\.1)\?\)|[a-z0-9-.]+ \(\[127\.0\.0\.1\]\) by local)/
  3867. # describe RCVDFRMLOCALIP Received: from [127.0.0.1]
  3868. # score RCVDFRMLOCALIP 0.1
  3869. #
  3870. #
  3871. # thrown away 2006.04.09 by [yoh]
  3872. #
  3873. # # meta YAHOOJPOCN ___YAHOOJPOCN && RCVDFRMLOCALIP
  3874. # meta YAHOOJPOCN ___YAHOOJPOCN
  3875. # describe YAHOOJPOCN free yahoo.co.jp mail address user uses OCN
  3876. # score YAHOOJPOCN 5.0
  3877.  
  3878.  
  3879. # thrown away 2005.09.15 by [yoh]
  3880. #
  3881. # 66.98.128.0 - 66.98.255.255
  3882. # header ___EVERYONE Received =~ /from.*(66\.98\.(12[89]|1[3-9][0-9]|2[0-4][0-9]|25[0-5])\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])|\.ev1servers\.net)/
  3883. # describe ___EVERYONE Everyones Internet, Inc.
  3884. # score ___EVERYONE 1.0
  3885.  
  3886. # 202.215.247.0 <-> 202.215.247.127
  3887. header ANNIENET Received =~ /from.*(202\.215\.247\.(\d|[1-9]\d|1[01]\d|12[0-7])|\.annie\.ne\.jp)/
  3888. describe ANNIENET Annie Corporation
  3889. score ANNIENET 3.0
  3890.  
  3891. # thrown away 2005.09.14 by [yoh]
  3892. #
  3893. # meta ANNIEINFOS INFOSPHERE && ___ANNIENET
  3894. # describe ANNIEINFOS INFOSPHERE user uses annie.ne.jp for sending spam.
  3895. # score ANNIEINFOS 10.0
  3896.  
  3897. # thrown away 2006.09.03 by [yoh]
  3898. #
  3899. # 210.173.72.0-210.173.73.0
  3900. # header CCNET Received =~ /from.*(210\.173\.7[23]\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])|\.cc-net\.or\.jp)/
  3901. # describe CCNET City Connection Corp.
  3902. # score CCNET 3.0
  3903.  
  3904. # thrown away 2005.09.14 by [yoh]
  3905. #
  3906. # meta CCNETYOURNET ___CCNET && YOURNET
  3907. # describe CCNETYOURNET yournet.ne.jp user uses relay site.
  3908. # score CCNETYOURNET 10.0
  3909.  
  3910. # 210.239.63.0 <-> 210.239.63.63
  3911. header IDATAKRP2 Received =~ /from.*210\.239\.63\.([0-9|[1-5][0-9]|6[0-3])/
  3912. describe IDATAKRP2 IDATA Co.,Ltd.
  3913. score IDATAKRP2 15.0
  3914.  
  3915. #
  3916. #202.181.105.181
  3917. #202.181.105.184
  3918. #202.181.105.185
  3919. #202.181.105.237
  3920. #202.181.105.238
  3921. #202.181.98.207
  3922. #202.181.98.208
  3923. #202.222.28.194
  3924. #202.222.30.140
  3925. #202.222.30.20
  3926. #202.222.31.188
  3927. #
  3928. # 210.188.205.24
  3929. # 202.222.31.180
  3930. # 202.222.30.196
  3931. # 210.188.205.24
  3932. #
  3933. #
  3934. # Received =~ /from .*sv[0-9]{1,3}\.lolipop\.jp/
  3935. header LOLIPOP X-Spam-Relays-Untrusted =~ /^\[ ip=(?:157\.7\.104\.75|202\.181\.105\.136|202\.222\.(?:19\.80|30\.196|31\.180)|210\.172\.144\.(?:16|85|144|176)|210\.188\.(?:205\.(?:24|55|211)|220\.157)|219\.94\.(?:131\.186|167\.177)) /
  3936. describe LOLIPOP Japanese spammer's footstool: lolipop.jp
  3937. score LOLIPOP 1.5
  3938.  
  3939. # 202.61.29.93
  3940. # 202.61.29.82
  3941.  
  3942. header IMAPCC Received =~ /from .*[a-z0-9]+\.i-map\.cc/
  3943. describe IMAPCC i-map.cc
  3944. score IMAPCC 5.0
  3945.  
  3946.  
  3947. #
  3948. #202.181.99.18
  3949. #202.181.99.20
  3950. #202.181.99.32
  3951. #202.181.99.36
  3952. #202.181.99.42
  3953. #202.181.99.43
  3954. #202.181.99.51
  3955. #202.181.99.56
  3956. #202.181.99.59
  3957. #202.181.99.70
  3958. #202.181.99.72
  3959. #
  3960. #59.106.13.43
  3961. #
  3962. header SAKURAWEB Received =~ /from .*www[0-9]{1,3}\.sakura\.ne\.jp/
  3963. describe SAKURAWEB Japanese spammer uses footstool web hosting service: sakura.ne.jp
  3964. score SAKURAWEB 0.1
  3965.  
  3966. # meta SAKURAYAHOO INVALIDYAHOOJP && SAKURAWEB
  3967. # describe SAKURAYAHOO SAKURA web servers are used for spammer's mta
  3968. # score SAKURAYAHOO 3.0
  3969.  
  3970. # meta LOLIPOPYAHOO INVALIDYAHOOJP && LOLIPOP
  3971. # describe LOLIPOPYAHOO LOLIPOP web servers are used for spammer's mta
  3972. # score LOLIPOPYAHOO 3.0
  3973.  
  3974.  
  3975. # [210.239.39.128 <-> 210.239.39.191] 210.239.39.128/26
  3976. header SOHO Received =~ /from .*210\.239\.39\.1(2[89]|[3-8][0-9]|9[01])/
  3977. describe SOHO SOHO CO., LTD.
  3978. score SOHO 1.5
  3979.  
  3980. # 210.166.236.128 <-> 210.166.236.255
  3981. header CSIDENET Received =~ /from .*(.+cside\.jp|210\.166\.236\.(?:12[89]|1[3-9][0-9]|2[0-4][0-9]|25[0-5]))/
  3982. describe CSIDENET CsideNet: some spammers live in and use for footstool.
  3983. score CSIDENET 1.5
  3984.  
  3985. # meta CSIDEYAHOO CSIDENET && INVALIDYAHOOJP
  3986. # describe CSIDEYAHOO CSIDENET && INVALIDYAHOOJP
  3987. # score CSIDEYAHOO 3.5
  3988.  
  3989. # 220.151.197.64 - 220.151.197.79
  3990. header NICNAME Received =~ /220\.151\.197\.(6[4-9]|7[0-9])/
  3991. describe NICNAME NIC-NAME.com
  3992. score NICNAME 0.5
  3993.  
  3994. # meta NICNAMEYAHOO NICNAME && INVALIDYAHOOJP
  3995. # describe NICNAMEYAHOO NICNAME && INVALIDYAHOOJP
  3996. # score NICNAMEYAHOO 3.5
  3997.  
  3998.  
  3999. header SONETDYNIP Received =~ /from .+p[a-z0-9]{5,6}\.[a-z0-9]{7,8}\.ap\.so-net\.ne\.jp/
  4000. describe SONETDYNIP so-net.ne.jp dynamic IP
  4001. score SONETDYNIP 0.1
  4002.  
  4003. header ___VALIDSONET Received =~ /from .+p[a-z0-9]{5,6}\.[a-z0-9]{7,8}\.ap\.so-net\.ne\.jp.*by (mail\.[a-z][a-z][0-9][0-9]|mx[0-9][0-9]\.ms)\.so-net\.ne\.jp/
  4004. describe ___VALIDSONET valid so-net sender
  4005. score ___VALIDSONET 0.1
  4006.  
  4007. # meta DIRECTSONET SONETDYNIP && ! ___VALIDSONET
  4008. # describe DIRECTSONET seems to post from so-net.ne.jp dynamic IP to receiver's MTA
  4009. # score DIRECTSONET 1.0
  4010.  
  4011. # thrown away 2005.09.14 by [yoh]
  4012. #
  4013. # meta YAHOOJPSONET INVALIDYAHOOJP && DIRECTSONET
  4014. # describe YAHOOJPSONET INVALIDYAHOOJP && DIRECTSONET
  4015. # score YAHOOJPSONET 3.5
  4016.  
  4017. # thrown away 2006.04.09 by [yoh]
  4018. # Why?
  4019. # Because, all 'INVALIDYAHOOJP' doesn't pass through yahoo.co.jp's MTA,
  4020. # so this rule is meaningless.
  4021. #
  4022. # # header ___NOTYAHOO Message-ID =~ /(?!.*yahoo)/
  4023. # header ___NOTYAHOO Message-ID !~ /.+\@(?=yahoo\.co\.jp)/
  4024. # describe ___NOTYAHOO Message-ID is not yahoo.co.jp
  4025. # score ___NOTYAHOO 0.1
  4026. #
  4027. # meta INVALIDNOTYAHOO INVALIDYAHOOJP && ___NOTYAHOO
  4028. # describe INVALIDNOTYAHOO This mail didn't pass through yahoo.co.jp's MTA
  4029. # score INVALIDNOTYAHOO 1.5
  4030. #
  4031. # meta NOTYAHOOMSGID INVALIDNOTYAHOO && MSGID_FROM_MTA_ID
  4032. # describe NOTYAHOOMSGID INVALIDNOTYAHOO && MSGID_FROM_MTA_ID
  4033. # score NOTYAHOOMSGID 2.0
  4034.  
  4035.  
  4036. # thrown away 2005.12.26 by [yoh]
  4037. #
  4038. # meta INVYAHOOJPBLARS INVALIDYAHOOJP && RCVD_IN_BLARS && (RCVD_IN_BLARS_SPAM || RCVD_IN_BLARS_ABUSE)
  4039. # describe INVYAHOOJPBLARS INVALIDYAHOOJP && RCVD_IN_BLARS && (RCVD_IN_BLARS_SPAM || RCVD_IN_BLARS_ABUSE)
  4040. # score INVYAHOOJPBLARS 3.0
  4041.  
  4042. meta INVYAHOOJPDCN INVALIDYAHOOJP && ___DCN
  4043. score INVYAHOOJPDCN 3.5
  4044.  
  4045.  
  4046. # 211.10.191.64/26
  4047. header EMNETNEJP Received =~ /from .+rev\.em-net\.ne\.jp/
  4048. describe EMNETNEJP em-net.ne.jp
  4049. score EMNETNEJP 0.1
  4050.  
  4051. #
  4052. # deleted 2010.10.16 by [yoh]
  4053. #
  4054. # 61.7.0.0 - 61.7.127.255
  4055. # header SNI_NOC X-Spam-Relays-Untrusted =~ /ip=61\.7\.(\d|[1-9]\d|1[01]\d|12[0-7])\.\d{1,3} .+ ident= envfrom= intl=0 [^\[\]]+auth= /
  4056. # describe SNI_NOC Sagashimbun Co., Ltd.
  4057. # score SNI_NOC 0.1
  4058.  
  4059.  
  4060. #
  4061. # deleted 2010.10.16 by [yoh]
  4062. #
  4063. # 202.171.224.0 - 202.171.224.255
  4064. # header XEXONNET X-Spam-Relays-Untrusted =~ /ip=202\.171\.224\.[0-9]{1,3} .+ ident= envfrom= intl=0 [^\[\]]+auth= /
  4065. # describe XEXONNET spammer's hosting service (see `host spamsrv[2-6].hn.org` `host xexon.net`)
  4066. # score XEXONNET 3.5
  4067. #
  4068. # meta XEXON99 XEXONNET && (BAYES_99 || BAYES_95)
  4069. # describe XEXON99 XEXONNET && (BAYES_99 || BAYES_95)
  4070. # score XEXON99 10
  4071.  
  4072.  
  4073. # http://www.google.co.jp/search?as_q=spam&num=100&hl=ja&inlang=ja&ie=EUC-JP&oe=EUC-JP&btnG=Google+%B8%A1%BA%F7&as_epq=combzmail+jp&as_oq=&as_eq=&lr=&as_ft=i&as_filetype=&as_qdr=all&as_occt=any&as_dt=i&as_sitesearch=&as_rights=
  4074. # 60.32.107.224 - 60.32.107.239
  4075. # 60.32.176.224 - 60.32.176.231
  4076. # 61.115.238.96-61.115.238.127
  4077. # 211.133.130.128-211.133.130.255
  4078. # 210.188.215.0-210.188.215.63
  4079. # 210.188.215.128-210.188.215.191
  4080. # header COMBZMAIL_JP X-Spam-Relays-Untrusted =~ /ip=(60\.32\.107\.2(2[4-9]|3\d)|60\.32\.176\.2(2[4-9]|3[01])|60\.32\.177\.(\d|1[0-5])|61\.115\.238\.(9[6-9]|1[01]\d|12[0-7])|210\.188\.215\.(\d|[1-5]\d|6[0-3]|12[89]|1[3-8]\d|19[01])|211\.133\.130\.(12[89]|1[3-9]\d|2\d\d)) .+ ident= envfrom= intl=0 [^\[\]]+auth= /
  4081. header COMBZMAIL_JP X-Spam-Relays-Untrusted =~ /(ip=(60\.32\.107\.2(2[4-9]|3\d)|60\.32\.176\.2(2[4-9]|3[01])|60\.32\.177\.(\d|1[0-5])|61\.115\.238\.(9[6-9]|1[01]\d|12[0-7])|210\.188\.215\.(\d|[1-5]\d|6[0-3]|12[89]|1[3-8]\d|19[01])|211\.133\.130\.(?:12[89]|1[3-9]\d|2\d\d))|helo=[\d\w.]+\.combzmail\.jp) .+ ident= envfrom= intl=0 [^\[\]]+auth= /
  4082. describe COMBZMAIL_JP Combz Inc.
  4083. score COMBZMAIL_JP 1.5
  4084.  
  4085. # 203.131.192.0 - 203.131.207.255
  4086. # 125.6.0.0 - 125.6.255.255
  4087. header DATAHOTEL_JP X-Spam-Relays-Untrusted =~ /^\[ ip=(?:125\.6\.(?:140\.5|141\.(?:24|39|4[0-3]))|203\.(?:104\.97\.101|131\.198\.71)) /
  4088. describe DATAHOTEL_JP Livedoor Co., Ltd.
  4089. score DATAHOTEL_JP 1.5
  4090.  
  4091.  
  4092. header EXCITEWEB X-Spam-Relays-Untrusted =~ /^\[ ip=180\.235\.97\.1(?:8[789]|9[01]) /
  4093. describe EXCITEWEB web mail from Excite Japan Co., Ltd.
  4094. score EXCITEWEB 1.5
  4095.  
  4096.  
  4097. # =-=-=-=-=-=- Foreign ISP rules using X-Spam-Relays-Untrusted =-=-=-=-=-=-
  4098. # 2005.12.5 by [yoh]
  4099. #
  4100.  
  4101. # 222.101.0.80 - 222.122.255.254
  4102. # 222.122.45.0-222.122.46.255
  4103. # 222.101.0.80 - 222.122.255.254
  4104. # header KORNET Received =~ /from .+(222\.122\.4[56]\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])|59\.([0-9]|[12][0-9]|3[0-3])(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2,2})/
  4105. # 222\.1(0[1-9]|1[0-9]|2[0-2])(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2,2}
  4106. # 218.144.0.0 - 218.159.255.255
  4107. # 221.144.0.0 - 221.168.255.255
  4108. # 222.101.0.80 - 222.122.255.255
  4109. # 59.0.0.0 - 59.31.255.255
  4110. # KORNET Smile Serv
  4111. # header KORNET Received =~ /from .+(218\.1(4[4-9]|5[0-9])|221\.1(4[4-9]|5[0-9]|6[0-8])|222\.1(0[1-9]|1[0-9]|2[012])|59\.([0-9]|[12][0-9]|3[01]))(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2,2}/
  4112. # describe KORNET Korea Telecom
  4113. # score KORNET 1.5
  4114. # 59.0.0.0 - 59.31.255.255
  4115. # 211.54.0.0 - 211.55.255.255
  4116. # 211.192.0.0 - 211.199.255.255
  4117. # 211.216.0.0 - 211.231.255.255
  4118. # 218.144.0.0 - 218.159.255.255
  4119. # 220.70.0.0 - 220.95.255.255
  4120. # 221.144.0.0 - 221.168.255.255
  4121. # 222.96.0.0 - 222.122.255.255
  4122.  
  4123. # 61.72.0.0 - 61.85.255.255
  4124.  
  4125. # 220.116.0.0 - 220.127.255.255
  4126.  
  4127. # header KOREATELECOM Received =~ /from .+(218\.1(4[4-9]|5[0-9])|221\.1(4[4-9]|5[0-9]|6[0-8])|59\.([0-9]|[12][0-9]|3[0-3])|222\.(9[6-9]|1([01][0-9]|2[012]))|211\.(19[2-9]|5[45]|2(1[6-9]|2[0-9]|3[01])))(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2,2}/
  4128. # header KOREATELECOM X-Spam-Relays-Untrusted =~ /ip=(218\.1(4[4-9]|5[0-9])|221\.1(4[4-9]|5[0-9]|6[0-8])|59\.([0-9]|[12][0-9]|3[0-3])|222\.(9[6-9]|1([01][0-9]|2[012]))|211\.(19[2-9]|5[45]|2(1[6-9]|2[0-9]|3[01])))(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2,2} rdns= .+ident= envfrom= intl=0 .+auth= /
  4129. # header KOREATELECOM X-Spam-Relays-Untrusted =~ /ip=(59\.(\d|[12]\d|3[0-3])|61\.(7[2-9]|8[0-5])|211\.(19[2-9]|5[45]|2(1[6-9]|2\d|3[01]))|218\.1(4[4-9]|5\d)|220\.([78]\d|9[0-5]|11[6-9]|12[0-7])|221\.1(4[4-9]|5\d|6[0-8])|222\.(9[6-9]|1([01]\d|2[012])))(\.\d{1,3}){2,2} .+ident= envfrom= intl=0 .+auth= /
  4130. # 211.38.0.0 - 211.38.255.255
  4131. # 203.236.44.0 - 203.236.127.255
  4132. # header KOREATELECOM X-Spam-Relays-Untrusted =~ /ip=((59\.(\d|[12]\d|3[0-3])|61\.(7[2-9]|8[0-5])|211\.(38|19[2-9]|5[45]|2(1[6-9]|2\d|3[01]))|218\.1(4[4-9]|5\d)|220\.([78]\d|9[0-5]|11[6-9]|12[0-7])|221\.1(4[4-9]|5\d|6[0-8])|222\.(9[6-9]|1([01]\d|2[012])))(\.\d{1,3}){2}|203\.234\.(1(2[89]|[3-9]\d)|2([0-4]\d|5[0-5]))\.\d{1,3}) [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  4133. # 210.91.0.0 - 210.91.255.255
  4134. # 210.92.0.0 - 210.92.63.255
  4135. # 210.101.64.0 - 210.101.127.255
  4136. # 210.105.0.0 - 210.105.255.255
  4137. # 210.113.0.0 - 210.113.255.255
  4138. # 210.121.128.0 - 210.121.255.255
  4139. # 210.123.0.0 - 210.123.255.255
  4140. # 210.126.0.0 - 210.126.127.255
  4141. # 210.183.0.0 - 210.183.255.255
  4142. # 210.217.0.0 - 210.217.127.255
  4143. # 210.222.0.0 - 210.222.255.255
  4144. # 210.223.0.0 - 210.223.255.255
  4145. # 211.48.0.0 - 211.48.255.255
  4146. # 203.228.0.0 - 203.228.127.255
  4147. # 125.128.0.0 - 125.159.255.255
  4148. # 211.107.1.0-211.107.255.255
  4149. # 203.232.2.0- 203.232.125.255
  4150. # 121.128.0.0 - 121.191.255.255
  4151. # 168.126.0.0 - 168.126.255.255
  4152. # 211.105.0.0 - 211.106.255.255
  4153. # 210.92.0.0 - 210.92.63.255
  4154. # header KOREATELECOM X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:59\.(?:\d|[12]\d|3[0-3])|61\.(?:7[2-9]|8[0-5])|112\.1(?:[678]\d|9[01])|115\.(?:1[6-9]|2[0-3])|118\.(?:3[2-9]|[45]\d|6[0-3])|119\.(?:19[2-9]|2[01]\d|22[0-3])|121\.1(?:2[89]|[3-8]\d|9[01])|125\.1(?:2[89]|[345]\d)|128\.134|168\.126|175\.(?:19[2-9]|2\d\d)|183\.(?:9[6-9]|1[01]\d|12[0-7])|210\.(?:9[19]|105|113|123|183|22[23])|211\.(?:34|46|[34]8|19[2-9]|5[14-7]|10[4-7]|11[34]|18[45]|2(?:1[6-9]|2\d|3[01]))|218\.1(?:4[4-9]|5\d)|220\.(?:[78]\d|9[0-5]|11[6-9]|12[0-7])|221\.1(?:4[4-9]|5\d|6[0-8])|222\.(?:9[6-9]|1(?:[01]\d|2[012])))(?:\.\d{1,3}){2}|(?:203\.234\.(?:1(?:2[89]|[3-9]\d)|2(?:[0-4]\d|5[0-5]))|203\.236\.(?:4[4-9]|[5-9]\d|1[01]\d|12[0-7])|203\.251\.(?:\d|\d\d|1[0-8]\d|19[01])|(?:210\.92|211\.35)\.(?:\d|[1-5]\d|6[0-3])|(?:210\.121|211\.3[35])\.(?:12[89]|1[3-9]\d|2\d\d)|(?:203\.2(?:28|32)|210\.(?:9[56]|10[14]|126|217))\.(?:\d|\d\d|1[01]\d|12[0-7])|211\.43\.(?:\d|[12]\d|3[01]))\.\d{1,3}) /
  4155.  
  4156. # PUBNET-KR
  4157. # Korea Telecom-PUBNET
  4158. # KTFWING Korea Telecom Freetel Corp
  4159. header KOREATELECOM X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:1\.(?:9[6-9]|10\d|11[01])|14\.(?:3[2-9]|[45]\d|6[0-3])|59\.(?:\d|[12]\d|3[0-3])|61\.(?:7[2-9]|8[0-5]|108)|112\.1(?:[678]\d|9[01])|115\.(?:1[6-9]|2[0-3])|118\.(?:3[2-9]|[45]\d|6[0-3])|119\.(?:19[2-9]|2[01]\d|22[0-3])|121\.1(?:2[89]|[3-8]\d|9[01])|125\.1(?:2[89]|[345]\d)|128\.134|168\.126|175\.(?:19[2-9]|2\d\d)|183\.(?:9[6-9]|1[01]\d|12[0-7])|210\.(?:9[159]|105|113|123|183|22[23])|211\.(?:34|46|[34]8|19[2-9]|5[14-7]|10[4-7]|11[34]|18[45]|2(?:1[6-9]|2\d|3[01]))|218\.1(?:4[4-9]|5\d)|220\.(?:[78]\d|9[0-5]|11[6-9]|12[0-7])|221\.1(?:4[4-9]|5\d|6[0-8])|222\.(?:9[6-9]|1(?:[01]\d|2[012])))(?:\.\d{1,3}){2}|(?:203\.236\.(?:4[4-9]|[5-9]\d|1[01]\d|12[0-7])|203\.249\.1(?:[678]\d|9[01])|203\.251\.(?:\d|\d\d|1[0-8]\d|19[01])|203\.252\.27|211\.39\.1(?:2[89]|[345]\d)|(?:203\.234|210\.121|211\.3[35])\.(?:12[89]|1[3-9]\d|2\d\d)|(?:210\.92|211\.35)\.(?:\d|[1-5]\d|6[0-3])|(?:203\.2(?:28|32)|210\.(?:9[56]|10[14]|126|217))\.(?:\d|\d\d|1[01]\d|12[0-7])|211\.43\.(?:\d|[12]\d|3[01]|6[4-9]|[789]\d|1[01]\d|12[0-7]))\.\d{1,3}) /
  4160. describe KOREATELECOM [KR]Korea Telecom
  4161. score KOREATELECOM 1.5
  4162.  
  4163.  
  4164. # 211.200.0.0-211.215.255.255
  4165.  
  4166. # 221.138.0.0 - 221.143.255.255
  4167. # 221.139.0.0 - 221.139.7.255
  4168. # 218.38.14.0-218.38.14.255
  4169.  
  4170. # 58.224.0.0 - 58.239.255.255
  4171. # 221.138.0.0 - 221.143.255.255
  4172. # 218.38.0.0-218.39.255.255
  4173.  
  4174. # 218.48.0.0-218.55.255.255
  4175. # 218.232.0.0-218.239.255.255
  4176.  
  4177. # 219.240.0.0-219.241.255.255
  4178.  
  4179. # 222.232.0.0-222.239.255.255
  4180. # 211.176.0.0-211.179.255.255
  4181. # 211.52.128.0-211.52.143.255
  4182.  
  4183. # header HANAROTELECOM Received =~ /from .+(58\.2(2[4-9]|3[0-9])|211\.(17[6-9]|20[0-9]|21[0-5])|221\.1(3[89]|4[0-3])|218\.(3[89]|4[89]|5[0-5]|23[2-9])|219\.24[01]|222\.23[2-9])(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2,2}/
  4184.  
  4185. # rdns= helo=mail\.[a-z0-9_-]+\.(com|net)/
  4186. # header HANAROTELECOM X-Spam-Relays-Untrusted =~ /ip=(58\.2(2[4-9]|3[0-9])|211\.(17[6-9]|20[0-9]|21[0-5])|221\.1(3[89]|4[0-3])|218\.(3[89]|4[89]|5[0-5]|23[2-9])|219\.(24[01]|25[45])|222\.23[2-9])(\.[0-9]{1,3}){2,2} .+ident= envfrom= intl=0 .+auth= /
  4187. # header HANAROTELECOM X-Spam-Relays-Untrusted =~ /ip=(58\.2(2[4-9]|3[0-9])|211\.(49|17[6-9]|20[0-9]|21[0-5])|221\.1(3[89]|4[0-3])|218\.(3[89]|4[89]|5[0-5]|23[2-9])|219\.(24[01]|25[45])|222\.23[2-9])(\.[0-9]{1,3}){2,2} .+ident= envfrom= intl=0 .+auth= /
  4188. # 219.248.0.0-219.251.255.255
  4189. # 61.254.0.0 - 61.254.127.255
  4190. # 124.111.0.0 - 124.111.255.255
  4191. # 211.44.15.0-211.44.253.255
  4192. # 211.108.0.0-211.108.255.255
  4193. # 61.98.0.0 - 61.99.255.255
  4194. # 211.117.0.0 - 211.117.255.255
  4195. # 61.254.160.0 - 61.255.255.255
  4196. # 61.254.0.0 - 61.254.127.255
  4197. # 61.105.0.0 - 61.105.255.255
  4198. # 123.212.0.0 - 123.215.255.255
  4199. # 211.244.0.0 - 211.244.255.255
  4200. # 211.33.0.0 - 211.33.127.255
  4201. # header HANAROTELECOM X-Spam-Relays-Untrusted =~ /ip=((58\.(12[0-7]|2(2[4-9]|3\d))|61\.(9[89]|105|25[35])|121\.12[45]|123\.21[2-5]|124\.111|211\.(49|5[289]|108|117|17[6-9]|20\d|21[0-5]|24[345])|218\.(3[89]|4[89]|5[0-5]|23[2-9])|219\.(24[0189]|25[0145])|221\.1(3[89]|4[0-3])|222\.23[2-9])(\.\d{1,3}){2}|(61\.254\.(\d|[1-9]\d|1[01]\d|12[0-7]|1[6-9]\d|2\d\d)|211\.33\.(\d|\d\d|1[01]\d|12[0-7])|211\.44\.(1[5-9]|[2-9]\d|1\d\d|2[0-4]\d|25[0-3])|211\.52\.1(2[89]|3\d|4[0-3]))\.\d{1,3}) [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  4202. header HANAROTELECOM X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:58\.(?:12[0-7]|2(?:2[4-9]|3\d))|61\.(?:9[89]|105|25[35])|110\.(?:[89]|1[0-5])|114\.20[0-7]|116\.12[0-7]|118\.2(?:1[6-9]|2[0-3])|121\.12[45]|123\.21[2-5]|12[34]\.111|175\.1(?:1[2-9]|2[0-7])|180\.(?:6[4-9]|7[01])|211\.(?:49|5[289]|108|117|17[6-9]|20\d|21[0-5]|24[345])|218\.(?:3[89]|4[89]|5[0-5]|23[2-9])|219\.(?:24[0189]|25[0145])|221\.1(?:3[89]|4[0-3])|222\.23[2-9])(?:\.\d{1,3}){2}|(?:61\.254\.(?:\d|\d\d|1[01]\d|12[0-7]|1[6-9]\d|2\d\d)|211\.33\.(?:\d|\d\d|1[01]\d|12[0-7])|211\.44\.(?:1[5-9]|[2-9]\d|1\d\d|2[0-4]\d|25[0-3])|211\.52\.1(?:2[89]|3\d|4[0-3]))\.\d{1,3}) /
  4203. describe HANAROTELECOM [KR]Hanaro Telecom, Inc.(also AKA HANANET)
  4204. score HANAROTELECOM 1.5
  4205.  
  4206.  
  4207. # 211.36.0.0-211.36.63.255
  4208. # 211.240.60.0-211.240.60.255
  4209. # 211.52.113.0-211.52.113.255
  4210. # 211.174.128.0 - 211.174.255.255
  4211. # 210.219.242.64-210.219.242.255
  4212. # header ELIMNET Received =~ /from .+(211\.36\.([0-9]|[1-5][0-9]|6[0-3])\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])|(211\.240\.60|211\.52\.113)\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]))/
  4213. # header ELIMNET X-Spam-Relays-Untrusted =~ /ip=(211\.36\.([0-9]|[1-5][0-9]|6[0-3])\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])|(211\.240\.60|211\.52\.113)\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])) rdns= .+ident= envfrom= intl=0 .+auth= /
  4214. # header ELIMNET X-Spam-Relays-Untrusted =~ /ip=211\.(36\.([0-9]|[1-5][0-9]|6[0-3])|52\.(6[4-9]|[7-9][0-9]|1[01][0-9]|12[0-7])|174\.(12[89]|1[3-9][0-9]|2[0-4][0-9]|25[0-5])|240\.([0-9]|[1-9][0-9]|1[01][0-9]|12[0-7]))\.[0-9]{1,3} rdns= [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  4215. # header ELIMNET X-Spam-Relays-Untrusted =~ /^\[ ip=(?:210\.219\.(?:19[2-9]|2\d\d)\.\d{1,3}|211\.(?:36\.(?:\d|[1-5]\d|6[0-3])|52\.(?:6[4-9]|[7-9]\d|1[01]\d|12[0-7])|112\.(?:\d|[1-5]\d|6[0-3])|174\.(?:12[89]|1[3-9]\d|2\d\d)|210\.181\.2(?:2[4-9]|[345]\d)|211\.174\.(?:12[89]|1[3-9]\d|2\d\d)|240\.(?:\d|\d\d|1[01]\d|12[0-7]))\.\d{1,3}) /
  4216. # header ELIMNET X-Spam-Relays-Untrusted =~ /^\[ ip=(?:210\.181\.2(?:2[4-9]|[345]\d)|210\.2(?:19|20)\.(?:19[2-9]|2\d\d)|211\.(?:36\.(?:\d|[1-5]\d|6[0-3])|52\.(?:6[4-9]|[7-9]\d|1[01]\d|12[0-7])|112\.(?:\d|[1-5]\d|6[0-3])|174\.(?:12[89]|1[3-9]\d|2\d\d)|240\.(?:\d|\d\d|1[01]\d|12[0-7])))\.\d{1,3} /
  4217. header ELIMNET X-Spam-Relays-Untrusted =~ /^\[ ip=(?:203\.239\.1(?:2[89]|[4-8]\d|9[01])|210\.118\.(?:\d|[12]\d|3[01])|210\.181\.2(?:2[4-9]|[345]\d)|210\.2(?:19|20)\.(?:19[2-9]|2\d\d)|211\.(?:36\.(?:\d|[1-5]\d|6[0-3])|52\.(?:6[4-9]|[7-9]\d|1[01]\d|12[0-7])|112\.(?:\d|[1-5]\d|6[0-3])|174\.(?:12[89]|1[3-9]\d|2\d\d)|240\.(?:\d|\d\d|1[01]\d|12[0-7])))\.\d{1,3} /
  4218. describe ELIMNET [KR]ELIMNET-IDC
  4219. score ELIMNET 1.5
  4220.  
  4221. # 220.230.0.0 - 220.230.255.255
  4222. # 59.150.0.0 - 59.150.255.255
  4223. # 125.57.0.0 - 125.57.255.255
  4224. # 211.183.0.0 - 211.183.255.255
  4225. # 211.175.0.0 - 211.175.255.255
  4226. # 211.61.128.0-211.61.255.255
  4227.  
  4228. # header DREAMX Received =~ /from .+(220\.230|59\.150|125\.57)(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2,2}/
  4229. # header DREAMX X-Spam-Relays-Untrusted =~ /ip=(220\.230|59\.150|125\.57|211\.1(75|83))(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2,2} rdns= .+ident= envfrom= intl=0 .+auth= /
  4230. # 211.247.128.0 - 211.247.255.255
  4231. # 61.103.0.0 - 61.103.255.255
  4232. # header DREAMX X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:220\.230|59\.150|61\.103|125\.57|211\.1(?:75|83))(?:\.\d{1,3}){2}|(?:61\.96|211\.(?:61|247))\.(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3}) /
  4233. # header DREAMX X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:220\.230|59\.150|61\.103|125\.57|211\.1(?:75|83))(?:\.\d{1,3}){2}|(?:(?:61\.96|211\.(?:61|247))\.(?:12[89]|1[3-9]\d|2\d\d)|211\.242\.(?:19[2-9]|2\d\d))\.\d{1,3}) /
  4234. header DREAMX X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:61\.96|220\.(?:64|230)|59\.150|61\.103|125\.57|211\.1(?:75|83))(?:\.\d{1,3}){2}|(?:211\.111\.(?:\d|\d\d|1[01]\d|12[0-7])|(?:211\.(?:61|247))\.(?:12[89]|1[3-9]\d|2\d\d)|211\.242\.(?:19[2-9]|2\d\d))\.\d{1,3}) /
  4235. describe DREAMX [KR]DREAMLINE CO.
  4236. score DREAMX 1.5
  4237.  
  4238. # 58.180.0.0 - 58.180.255.255
  4239. # 211.190.0.0-211.191.255.255
  4240. # 61.248.0.0 - 61.249.246.255
  4241. # 210.111.0.0-210.111.127.255
  4242. # 211.113.128.0-211.113.255.255
  4243.  
  4244. # header SHINBIRO Received =~ /from .+58\.180(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2,2}/
  4245. # header SHINBIRO X-Spam-Relays-Untrusted =~ /ip=58\.180(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2,2} .+ident= envfrom= intl=0 .+auth= /
  4246. # header SHINBIRO X-Spam-Relays-Untrusted =~ /ip=(58\.180|211\.19[01])(\.[0-9]{1,3}){2,2} .+ident= envfrom= intl=0 .+auth= /
  4247. # 210.127.204.0-210.127.255.255
  4248. # 61.110.0.0 - 61.111.255.255
  4249. # 203.240.128.0 - 203.240.255.255
  4250. # 210.114.220.0-210.114.250.255
  4251. # header SHINBIRO X-Spam-Relays-Untrusted =~ /ip=((58\.180|61\.11[01]|211\.19[01]|61\.248)(\.\d{1,3}){2}|(61\.249\.(\d|[1-9]\d|1\d\d|2[0-3]\d|24[0-6])|203\.251\.(19[2-9]|2\d\d)|210\.111\.(\d|\d\d|1[01]\d|12[0-7])|210\.114\.2([234]\d|50)|210\.127\.2(0[4-9]|[1-5]\d)|(203\.240|211\.113)\.(12[89]|1[3-9]\d|2\d\d))\.\d{1,3}) [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  4252.  
  4253. # 211.61.64.0 - 211.61.127.255
  4254. # header SHINBIRO X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:58\.180|61\.11[01]|211\.19[01]|61\.248)(?:\.\d{1,3}){2}|(?:61\.249\.(?:\d|[1-9]\d|1\d\d|2[0-3]\d|24[0-6])|203\.251\.(?:19[2-9]|2\d\d)|210\.111\.(?:\d|\d\d|1[01]\d|12[0-7])|210\.114\.2(?:[234]\d|50)|210\.127\.2(?:0[4-9]|[1-5]\d)|211\.61\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])|(?:203\.240|211\.113)\.(?:12[89]|1[3-9]\d|2\d\d))\.\d{1,3}) /
  4255. header SHINBIRO X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:58\.180|61\.11[01]|211\.19[01]|61\.248)(?:\.\d{1,3}){2}|(?:61\.249\.(?:\d|[1-9]\d|1\d\d|2[0-3]\d|24[0-6])|113\.130\.(?:6[4-9]|[78]\d|9[0-5])|203\.251\.(?:19[2-9]|2\d\d)|210\.111\.(?:\d|\d\d|1[01]\d|12[0-7])|210\.127\.2(?:0[4-9]|[1-5]\d)|211\.61\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])|(?:202\.30|203\.228|203\.240|210\.11[48]|211\.113)\.(?:12[89]|1[3-9]\d|2\d\d))\.\d{1,3}) /
  4256. describe SHINBIRO [KR]ONSE Telecom Co.
  4257. score SHINBIRO 1.5
  4258.  
  4259.  
  4260. # 219.252.0.0-219.253.255.255
  4261. # 58.102.0.0 - 58.103.255.255
  4262. # 61.104.0.0 - 61.104.255.255
  4263. # header SKNETWORKS Received =~ /from .+219\.25[23](\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2,2}/
  4264. # 124.136.0.0 - 124.139.255.255
  4265. # 124.0.0.0 - 124.1.255.255
  4266. # 61.254.128.0 - 61.254.159.255
  4267. # header SKNETWORKS X-Spam-Relays-Untrusted =~ /ip=((58\.10[23]|61\.104|124\.([01]|13[6-9])|219\.25[23])(\.\d{1,3}){2}|61\.254\.1(2[89]|[345]\d)\.\d{1,3}) [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  4268. # SK Telecom
  4269. header SKNETWORKS X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:1\.2(?:2[4-9]|[345]\d)|27\.1(?:[67]\d|8[0-3])|42\.(?:1[6-9]|[23]\d|4[0-7])|58\.10[23]|61\.104|114\.5[23]|124\.(?:[0-3]|13[6-9])|211\.58|219\.25[2-5])(?:\.\d{1,3}){2}|(?:61\.254|210\.221)\.1(?:2[89]|[345]\d)\.\d{1,3}|(?:61\.101|210\.221|211\.3[37])\.(?:\d|\d\d|1[01]\d|12[0-7])\.\d{1,3}|210\.205\.(?:\d|[1-5]\d|6[0-3])\.\d{1,3}|210\.219\.1(?:2[89]|[3-8]\d|9[01])\.\d{1,3}|211\.(?:63|115)\.(?:\d|[12]\d|3[01])\.\d{1,3}|218\.36\.(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3}) /
  4270. describe SKNETWORKS [KR]SK Networks co., Ltd
  4271. score SKNETWORKS 1.5
  4272.  
  4273. # 61.32.0.0 - 61.43.255.255
  4274. # 125.176.0.0 - 125.191.255.255
  4275. # 210.124.0.0 - 210.124.255.255
  4276. # 211.180.0.0 - 211.181.255.255
  4277. # 211.168.0.0 - 211.171.255.255
  4278. # 211.45.192.0 - 211.45.255.255
  4279. # header BORANET Received =~ /from .+61\.(3[2-9]|4[0-3])(\.[0-9]{1,3}){2,2}[\)\] ]/
  4280. # header BORANET X-Spam-Relays-Untrusted =~ /ip=(61\.(3[2-9]|4[0-3])|125\.1(7[6-9]|8[0-9]|9[01]))(\.[0-9]{1,3}){2,2} .+ident= envfrom= intl=0 .+auth= /
  4281. # header BORANET X-Spam-Relays-Untrusted =~ /ip=(61\.(3[2-9]|4[0-3])|125\.1(7[6-9]|8[0-9]|9[01])|210\.124|211\.1(6[89]|7[01]|8[01]))(\.[0-9]{1,3}){2,2} .+ident= envfrom= intl=0 .+auth= /
  4282. # header BORANET X-Spam-Relays-Untrusted =~ /ip=((61\.(3[2-9]|4[0-3])|125\.1(7[6-9]|8[0-9]|9[01])|210\.124|211\.1(6[89]|7[01]|8[01]))(\.[0-9]{1,3}){2,2}|211\.45\.(19[2-9]|2[0-4][0-9]|25[0-5])\.[0-9]{1,3}) .+ident= envfrom= intl=0 .+auth= /
  4283. # header BORANET X-Spam-Relays-Untrusted =~ /ip=((58\.7[2-9]|61\.(3[2-9]|4[0-3])|125\.1(7[6-9]|8\d|9[01])|210\.124|211\.1(6[89]|7[01]|8[01]))(\.\d{1,3}){2}|211\.45\.(19[2-9]|2[0-4]\d|25[0-5])\.\d{1,3}) .+ident= envfrom= intl=0 .+auth= /
  4284. # 211.118.0.0 - 211.119.255.255
  4285. # 60.196.0.0 - 60.197.255.255
  4286. # 210.92.64.0 - 210.92.255.255
  4287. # 211.40.0.0 - 211.40.255.255
  4288. # 210.101.128.0 - 210.101.191.255
  4289. # 211.53.0.0 - 211.53.255.255
  4290. # 210.216.0.0 - 210.216.255.255
  4291. # 125\.(1(7[6-9]|8\d|9[01])|24[0-7])|
  4292. # 164.124.0.0 - 164.124.255.255
  4293. # 203.248.128.0 - 203.248.255.255
  4294. # 210.108.0.0 - 210.108.255.255
  4295. # 121.64.0.0 - 121.67.255.255
  4296. # 125.248.0.0 - 125.251.255.255
  4297. # 58.150.0.0 - 58.151.255.255
  4298. # 123.140.0.0 - 123.143.255.255
  4299. # 210.98.128.0 - 210.98.191.255
  4300. # header BORANET X-Spam-Relays-Untrusted =~ /ip=((58\.(7[2-9]|15[01]|184)|59\.18[67]|60\.19[67]|61\.(3[2-9]|4[0-3])|121\.6[4-7]|123\.14[0-3]|125\.2(4\d|5[01])|164\.124|203\.248\.(1(2[89]|[3-9]\d)|2\d\d)|210\.(10[78]|12[04]|182|216)|211\.(32|40|5[03]|1(1[89]|6[89]|7[01]|8[01])))(\.\d{1,3}){2}|210\.92\.(6[4-9]|[7-9]\d|1\d\d|2[0-4]\d|25[0-5])\.\d{1,3}|210\.98\.1(2[89]|[3-8]\d|9[01])\.\d{1,3}|210\.101\.(12[89]|1[3-8]\d|19[01])\.\d{1,3}|211\.45\.(19[2-9]|2[0-4]\d|25[0-5])\.\d{1,3}) [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  4301. # LG POWERCOMM
  4302. header BORANET X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:1\.2(?:0[89]|1\d|2[0-3])|58\.(?:7[2-9]|15[01]|184)|59\.18[67]|60\.19[67]|61\.(?:3[2-9]|4[0-3])|112\.(?:7[67]|2(?:1[6-9]|2[0-3]))|115\.(?:8[89]|9[0-5])|117\.(?:52|11[01])|118\.1(?:2[89]|3[01])|121\.6[4-7]|123\.14[0-3]|125\.2(?:4\d|5[01])|164\.124|203\.248\.(?:1(?:2[89]|[3-9]\d)|2\d\d)|210\.(?:10[78]|12[04]|182|20[67]|216)|211\.(?:32|40|5[03]|1(?:1[89]|6[89]|7[01]|8[01])))(?:\.\d{1,3}){2}|110\.45\.(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3}|114\.108\.1(?:2[89]|[3-8]\d|9[01])\.\d{1,3}|121\.254\.(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3}|203\.247\.1(?:2[89]|[3-5]\d)\.\d{1,3}|203\.252\.(?:\d|1[0-5])\.\d{1,3}|210\.92\.(?:6[4-9]|[7-9]\d|1\d\d|2\d\d)\.\d{1,3}|210\.96\.(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3}|210\.98\.1(?:2[89]|[3-8]\d|9[01])\.\d{1,3}|210\.101\.(?:12[89]|1[3-8]\d|19[01])\.\d{1,3}|210\.220\.(?:9[6-9]|1[01]\d|12[0-7])\.\d{1,3}|211\.42\.1(?:[678]\d|9[01])\.\d{1,3}|211\.43\.(?:19[2-9]|2[01]\d|22[0-3])\.\d{1,3}|211\.45\.(?:19[2-9]|2\d\d)\.\d{1,3}|211\.63\.(?:3[2-9]|[45]\d|6[0-3])\.\d{1,3}|(?:210\.116|211\.115)\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])\.\d{1,3}|211\.174\.(?:4[89]|5\d|6[0-3])\.\d{1,3}|211\.233\.(?:\d|[1-8]\d|9[0-5])\.\d{1,3}|211\.234\.(?:\d|\d\d|1[01]\d|12[0-7])\.\d{1,3}|211\.238\.(?:9[6-9]|1[01]\d|12[0-7])\.\d{1,3}|222\.231\.(?:\d|[1-5]\d|6[0-3])\.\d{1,3}) /
  4303. describe BORANET [KR]DACOM Corp.
  4304. score BORANET 1.5
  4305.  
  4306. # 218.37.0.0-218.37.255.255
  4307. # 61.109.0.0 - 61.109.127.255
  4308. # 124.80.0.0 - 124.80.255.255
  4309. # 61.247.64.0 - 61.247.127.255
  4310. # 124.199.128.0 - 124.199.255.255
  4311. # header HANVITINB X-Spam-Relays-Untrusted =~ /ip=((124\.80|218\.37)(\.[0-9]{1,3}){2}|(61\.109\.(\d|[1-9]\d|1[01]\d|12[0-7])|61\.247\.(6[4-9]|[789]\d|1[01]\d|12[0-7])|124\.199\.(12[89]|1[3-9]\d|2\d\d)|211\.237\.(1[678]\d|19[01]))\.\d{1,3}) [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  4312. header HANVITINB X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:124\.80|218\.37)(?:\.\d{1,3}){2}|(?:61\.109\.(?:\d|\d\d|1[01]\d|12[0-7])|61\.247\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])|(?:124\.199|218\.101)\.(?:12[89]|1[3-9]\d|2\d\d)|211\.237\.(?:1[678]\d|19[01]))\.\d{1,3}) /
  4313. describe HANVITINB [KR]Hanvitinb
  4314. score HANVITINB 1.5
  4315.  
  4316. # 58.140.0.0 - 58.143.255.255
  4317. header CNM_COMM X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:58\.14[0-3]|112\.214|118\.176|120\.142|121\.88|124\.5)(?:\.[0-9]{1,3}){2}|(?:114\.30|211\.172)\.(?:\d|[12]\d|3[01])\.\d{1,3}) /
  4318. describe CNM_COMM [KR]C&M Communication Co., Ltd.
  4319. score CNM_COMM 1.5
  4320.  
  4321. # 211.109.0.0 - 211.110.255.255
  4322. # 211.186.0.0 - 211.187.255.255
  4323. # header THRUNET X-Spam-Relays-Untrusted =~ /ip=211\.1(09|10|8[67])(\.[0-9]{1,3}){2} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  4324. header THRUNET X-Spam-Relays-Untrusted =~ /^\[ ip=211\.1(?:09|10|8[67])(?:\.\d{1,3}){2} /
  4325. describe THRUNET [KR]Thrunet Co., Ltd.
  4326. score THRUNET 1.5
  4327.  
  4328. # 211.236.128.0-211.236.223.255
  4329. header TACHYNET X-Spam-Relays-Untrusted =~ /^\[ ip=(?:61\.4\.(?:19[2-9]|2\d\d)|211\.236\.(?:12[89]|1[3-9]\d|2[01]\d|22[0-3]))\.\d{1,3} /
  4330. describe TACHYNET [KR]TACHYNET-INFRA
  4331. score TACHYNET 1.5
  4332.  
  4333. # 211.247.0.0 - 211.247.127.255
  4334. # 203.90.32.0 - 203.90.63.255
  4335. # 203.210.32.0 - 203.210.63.255
  4336. # 211.115.224.0-211.115.255.255
  4337. # 61.252.192.0-61.252.255.255
  4338. # 211.173.128.0-211.173.159.255
  4339. # 210.2.32.0 - 210.2.63.255
  4340. # 211.172.64.0 - 211.172.79.255
  4341. header CHEONANVITSSEN_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:61\.252\.(?:19[2-9]|2\d\d)|203\.(?:90|210)\.(?:3[2-9]|[45]\d|6[0-3])|210\.2\.(?:3[2-9]|[45]\d|6[0-3])|210\.210\.(?:19[2-9]|2\d\d)|211\.115\.2(?:2[4-9]|[345]\d)|211\.172\.(?:6[4-9]|7\d)|211\.173\.1(?:2[89]|[345]\d)|211\.247\.(?:\d|[1-9]\d|1[01]\d|12[0-7]))\.\d{1,3} /
  4342. describe CHEONANVITSSEN_KR [KR] Cable TV Cheonan BroadcasMunhwa-dong, Cheonan-si
  4343. score CHEONANVITSSEN_KR 1.5
  4344.  
  4345. # 61.247.64.0 - 61.247.127.255
  4346. header CABLELINE_KR X-Spam-Relays-Untrusted =~ /^\[ ip=61\.247\.(?:6[4-9]|[7-9]\d|1[01]\d|12[0-7])\.\d{1,3} /
  4347. describe CABLELINE_KR [KR]BANDOCABLELINE
  4348. score CABLELINE_KR 1.5
  4349.  
  4350. # 211.112.64.0 - 211.112.95.255
  4351. header ICNDIGITAL_KR X-Spam-Relays-Untrusted =~ /^\[ ip=211\.112\.(?:6[4-9]|[78]\d|9[0-5])\.\d{1,3} /
  4352. describe ICNDIGITAL_KR [KR]Korea Cable TV Namincheon Brodcasting Co., Ltd.
  4353. score ICNDIGITAL_KR 1.5
  4354.  
  4355. # 218.209.0.0 - 218.209.255.255
  4356. # 222.251.128.0 - 222.251.255.255
  4357. # header TBROAD_KR X-Spam-Relays-Untrusted =~ /ip=218\.209(\.\d{1,3}){2} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  4358. header TBROAD_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(218\.209(?:\.\d{1,3}){2}|222\.251\.(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3}) /
  4359. describe TBROAD_KR [KR]Korea Cable Television Suwon Broadcating Co.
  4360. score TBROAD_KR 1.5
  4361.  
  4362. # 61.106.64.0 - 61.106.79.255
  4363. # 202.136.128.0 - 202.136.159.255
  4364. # 211.237.208.0-211.237.223.255
  4365. # 211.172.208.0-211.172.223.255
  4366. # 203.130.96.0 - 203.130.127.255
  4367. header KNCTV_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:61\.106\.(?:6[4-9]|7\d)|110\.92\.(?:12[89]|1[[3-9]\d|2\d\d)|111\.84\.(?:\d|\d\d|1[01]\d|12[0-7])|113\.10\.(?:\d|[1-5]\d|6[0-3])|202\.136\.1(?:2[89]|[3-5]\d)|203\.130\.(?:9[6-9]|1[01]\d|12[0-7])|211\.(?:172|237)\.2(?:0[89]|1\d|2[0-3]))\.\d{1,3} /
  4368. describe KNCTV_KR [KR]KangNam CableTV
  4369. score KNCTV_KR 1.5
  4370.  
  4371. # 163.180.0.0 - 163.180.255.255
  4372. header KHUNET_KR X-Spam-Relays-Untrusted =~ /ip=163\.180(?:\.\d{1,3}){2} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  4373. describe KHUNET_KR [KR]Kyung Hee University
  4374. score KHUNET_KR 1.5
  4375.  
  4376. # 203.240.0.0 - 203.243.255.255
  4377. # 61.96.0.0 - 61.111.255.255
  4378. # 211.41.0.0 - 211.41.255.255
  4379. # 211.104.0.0 - 211.119.255.255
  4380. # 211.54.0.0 - 211.59.255.255
  4381. # 211.232.0.0 - 211.255.255.255
  4382. # 203.226.0.0 - 203.231.255.255
  4383. # 220.64.0.0 - 220.71.255.255
  4384. # 210.90.0.0 - 210.91.255.255
  4385. # 210.125.0.0 - 210.127.255.255
  4386. # 203.224.0.0 - 203.255.255.255
  4387. # 218.36.0.0 - 218.39.255.255
  4388. header KRNIC_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:61\.(?:9[6-9]|10\d|11[01]|24[89]|25\d)|203\.2(?:2[4-9]|[345]\d)|210\.(?:9\d|1[01]\d|12[0-7]|17[89]|18[0-3]|217)|211\.(?:3[2-9]|[45]\d|6[0-3]|10[4-9]|11\d|16[89]|17[2-9]|1[89]\d|2\d\d)|218\.3[6-9]|220\.(?:6[4-9]|7[01]))(?:\.\d{1,3}){2} /
  4389. describe KRNIC_KR [KR]Korea Network Information Center
  4390. score KRNIC_KR 1.5
  4391.  
  4392. # 58.65.64.0 - 58.65.127.255
  4393. # 211.246.128.0 - 211.246.255.255
  4394. # header SCSNET_KR X-Spam-Relays-Untrusted =~ /ip=58\.65\.(6[4-9]|[7-9]\d|1[01]\d|12[0-7])\.\d{1,3} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  4395. header SCSNET_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:58\.65\.(?:6[4-9]|[7-9]\d|1[01]\d|12[0-7])|(?:124\.153|211\.246)\.(?:12[89]|1[3-9]\d|2\d\d))\.\d{1,3} /
  4396. describe SCSNET_KR [KR]Seokyung Cable Television Co.. Ltd.
  4397. score SCSNET_KR 1.5
  4398.  
  4399. # 168.188.0.0 - 168.188.255.255
  4400. header CHUNGNAM_KR X-Spam-Relays-Untrusted =~ /ip=168\.188(?:\.\d{1,3}){2} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  4401. describe CHUNGNAM_KR [KR]Chungnam National University
  4402. score CHUNGNAM_KR 1.5
  4403.  
  4404. # 165.132.0.0 - 165.132.255.255
  4405. header YONSEI_NET_KR X-Spam-Relays-Untrusted =~ /ip=165\.132(?:\.\d{1,3}){2} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  4406. describe YONSEI_NET_KR [KR]imported inetnum object for YONSEI
  4407. score YONSEI_NET_KR 1.5
  4408.  
  4409. # 124.48.0.0 - 124.63.255.255
  4410. # 125.176.0.0 - 125.191.255.255
  4411. # 122.32.0.0 - 122.47.255.255
  4412. # 116.32.0.0 - 116.47.255.255
  4413. # /ip=(116\.(3[2-8]|4[0-7])|119\.(6[4-9]|7[01])|122\.(3[2-9]|4[0-7])|124\.(4[89]|5\d|6[0-3])|125\.1(7[6-9]|8\d|9[01]))(\.\d{1,3}){2} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  4414.  
  4415. header XPEED_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:58\.148|112\.1(?:4[4-9]|5\d)|115\.1(?:3[6-9]|4[0-3])|116\.(?:3[2-9]|4[0-7])|119\.(?:6[4-9]|7[01])|122\.(?:3[2-9]|4[0-7])|124\.(?:4[89]|5\d|6[0-3])|125\.1(?:7[6-9]|8\d|9[01])|180\.2(?:2[4-9]|3[01])|182\.2(?:0[89]|1\d|2[0-3]))(?:\.\d{1,3}){2} /
  4416. describe XPEED_KR [KR]POWERCOM
  4417. score XPEED_KR 1.5
  4418.  
  4419. header __XPEEDMAILER X-Mailer =~ /(NEXTism Mailer|Shadow Mail v)/
  4420.  
  4421. meta XPEEDMAILER ISO2022JP_BODY && __XPEEDMAILER && XPEED_KR
  4422. score XPEEDMAILER 5.5
  4423.  
  4424.  
  4425.  
  4426. # 168.131.0.0 - 168.131.255.255
  4427. header CHONNAM_NET_KR X-Spam-Relays-Untrusted =~ /ip=168\.131(?:\.\d{1,3}){2} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  4428. describe CHONNAM_NET_KR [KR]Chonnam National University
  4429. score CHONNAM_NET_KR 1.5
  4430.  
  4431. # 203.210.16.0 - 203.210.31.255
  4432. header DOTNAME_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:121\.0\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])|203\.210\.(?:1[6-9]|2\d|3[01]))\.\d{1,3} /
  4433. describe DOTNAME_KR [KR]Dotname Korea Corp
  4434. score DOTNAME_KR 1.5
  4435.  
  4436. # 124.197.128.0 - 124.197.223.255
  4437. header DONGDAEMUN_KR X-Spam-Relays-Untrusted =~ /ip=124\.197\.(?:12[89]|1[3-9]\d|2[01]\d|22[0-3])\.\d{1,3} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  4438. describe DONGDAEMUN_KR [KR]Dongdaemun cable networks,Inc.
  4439. score DONGDAEMUN_KR 1.5
  4440.  
  4441. # 58.145.0.0 - 58.145.127.255
  4442. # 203.229.0.0 - 203.229.127.255
  4443. header QRIXNET_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:58\.145|123\.109|203\.229)\.(?:\d|\d\d|1[01]\d|12[0-7])|61\.102\.(?:12[89]|1[3-8]\d|2[01]\d|22[0-3])|111\.65\.1(?:2[89]|[3-8]\d|9[01])|124\.254\.(?:12[89]|1[3-9]\d|2\d\d)|(?:61\.251|211\.189)\.2(?:2[4-9]|[345]\d))\.\d{1,3} /
  4444. describe QRIXNET_KR [KR]QRIXNET
  4445. score QRIXNET_KR 1.5
  4446.  
  4447. # 211.41.0.0-211.41.46.255
  4448. header KITINET_KR X-Spam-Relays-Untrusted =~ /^\[ ip=211\.41\.(\d|[1-5]\d|6[0-3])\.\d{1,3} /
  4449. describe KITINET_KR [KR]KITINET-INFRA
  4450. score KITINET_KR 1.5
  4451.  
  4452. # 124.198.0.0 - 124.198.127.255
  4453. header HAIONNET_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:49\.254|115\.144|121\.1[25]6)(?:\.\d{1,3}){2}|124\.198\.(\d|\d\d|1[01]\d|12[0-7])\.\d{1,3}|202\.133\.(?:1[6-9]|2\d|3[01])\.\d{1,3}|203\.109\.(?:\d|[12]\d|3[01])\.\d{1,3}) /
  4454. describe HAIONNET_KR [KR]HAIonNet
  4455. score HAIONNET_KR 1.5
  4456.  
  4457.  
  4458. # 210.97.134.0-210.97.159.255
  4459. # 220.66.0.0-220.69.249.255
  4460. # 203.230.128.0-203.230.255.255
  4461. # 210.110.0.0-210.110.127.255
  4462. # 220.66.0.0-220.66.127.255
  4463. header KREN_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:203\.23[02]|210\.102)\.(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3}|203\.249\.(?:9[6-9]|1[01]\d|12[0-7])\.\d{1,3}|203\.2(?:34|50)\.(?:6[4-9]|[78]\d|9[0-5])\.\d{1,3}|(?:203\.246|210\.93)\.(?:\d|\d\d|1[01]\d|12[0-7])\.\d{1,3}|210\.97\.1(?:3[4-9]|[45]\d)\.\d{1,3}|210\.110\.(?:\d|\d\d|1[01]\d|12[0-7])\.\d{1,3}|220\.(?:6[6-9]|149)(?:\.\d{1,3}){2}) /
  4464. describe KREN_KR [KR]kyungdongjeongbodaehak
  4465. score KREN_KR 1.5
  4466.  
  4467. # 202.150.176.0 - 202.150.191.255
  4468. # 211.47.80.0 - 211.47.127.255
  4469. # 120.50.64.0 - 120.50.127.255
  4470. # 114.199.128.0 - 114.199.255.255
  4471. header HCN_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:114\.199\.(?:1(2[89]|[3-9]\d)|2\d\d)|111\.118\.(\d|\d\d|1[01]\d|12[0-7])|112\.72\.(?:12[89]|1[3-9]\d|2\d\d)|120\.50\.(6[4-9]|[789]\d|1[01]\d|12[0-7])|202\.150\.1(7[6-9]|8\d|9[01])|211\.(41\.(?:19[2-9]|20[0-7])|47\.([89]\d|1[01]\d|12[0-7])|237\.2[45]\d))\.\d{1,3} /
  4472. describe HCN_KR [KR]HYUNDAI COMMUNICATIONS & NETWORK
  4473. score HCN_KR 1.5
  4474.  
  4475.  
  4476. replace_tag VAAN_IPS (?:58\.181\.(?:\d|[1-5]\d|6[0-3])|(?:112\.136|122\.199)\.(?:12[89]|1[3-9]\d|2\d\d)|211\.47\.2(?:2[4-9]|3\d)|211\.45\.(?:9[6-9]|1[01]\d|12[0-7])|211\.56\.2(?:2[4-9]|[345]\d)|211\.232\.(?:\d|\d\d|1[0-8]\d|19[01])|221\.132\.(?:6[4-9]|[78]\d|9[0-5]))\.\d{1,3}
  4477.  
  4478. # 211.56.224.0 - 211.56.255.255
  4479. # 58.181.0.0 - 58.181.63.255
  4480. header VAAN_KR X-Spam-Relays-Untrusted =~ /^\[ ip=<VAAN_IPS> /
  4481. describe VAAN_KR [KR]NexG
  4482. score VAAN_KR 1.5
  4483. header ___GOOMAIL_VAAN_KR X-Original-IP =~ /\[<VAAN_IPS>\]/
  4484. header ___INFOSEEK_WEBMAIL_VAAN_KR X-OriginalIP =~ /<VAAN_IPS>/
  4485.  
  4486. meta WM_VAAN_KR ___GOOMAIL_VAAN_KR || ___INFOSEEK_WEBMAIL_VAAN_KR
  4487. describe WM_VAAN_KR [KR]webmail from VAAN_KR
  4488. score WM_VAAN_KR 1.5
  4489.  
  4490. # 124.217.192.0 - 124.217.223.255
  4491. # 180.210.0.0 - 180.210.127.255
  4492. header HCLC_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:101\.79\.\d{1,3}|(?:110\.4|113\.30)\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])|114\.141\.(?:\d|[12]\d|3[01])|124\.217\.(?:19[2-9]|2[01]\d|22[0-3])|180\.210\.(?:\d|\d\d|1[01]\d|12[0-7])|182\.252\.(?:12[89]|1[3-9]\d|2\d\d)|210\.4\.2(?:1[6-9]|2[0-3]))\.\d{1,3} /
  4493. describe HCLC_KR [KR]395-65 Korea Computer BLDG F3 Sindaebang-dong Dongjak-gu Seoul
  4494. score HCLC_KR 1.5
  4495.  
  4496. header GDSYS_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:180\.131\.(\d|[1-5]\d|6[0-3])|183\.86\.(?:19[2-9]|2\d\d))\.\d{1,3} /
  4497. describe GDSYS_KR [KR]INCHON Incheon IT Tower Nam-gu Dohwa 1-dong Incheon
  4498. score GDSYS_KR 1.5
  4499.  
  4500. header BOLU_TELECOM_KR X-Spam-Relays-Untrusted =~ /^\[ ip=202\.173\.2(?:2[4-9]|[345]\d)\.\d{1,3} /
  4501. describe BOLU_TELECOM_KR [KR]DONGGUAN BOLU TELECOM SCIENCE&TECHNOLOGY CORPORATINOLTD
  4502. score BOLU_TELECOM_KR 1.5
  4503.  
  4504. header JNDINFO_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:61\.97\.1(?:[678]\d|9[01])|110\.93\.1(?:1[2-9]|2[0-7])|110\.165\.(?:\d|[12]\d|3[01])|115\.85\.1(?:[678]\d|9[01])|121\.101\.(?:19[2-9]|20[0-7])|175\.106\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])|211\.174\.(?:3[2-9]|4[0-7])|(?:101\.101|223\.130)\.(?:12[89]|1[3-9]\d|2\d\d))\.\d{1,3} /
  4505. describe JNDINFO_KR [KR]JND Communication
  4506. score JNDINFO_KR 1.5
  4507.  
  4508. header DITIZONE_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:61\.97\.2(?:2[4-9]|3\d)|113\.199\.(?:\d|\d\d|1[01]\d|12[0-7])|210\.97\.1(?:6\d|[78]\d|9[01])|211\.111\.2(?:2[4-9]|[345]\d)|211\.112\.(?:9[6-9]|1[01]\d|12[0-7]))\.\d{1,3} /
  4509. describe DITIZONE_KR [KR]ABN 23-3, Jeongja-dong, Seongnam-Si, Bundang-gu, GYEONGGI-DO
  4510. score DITIZONE_KR 1.5
  4511.  
  4512. header SEJONGNET_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:61\.100\.(?:\d|\d\d|1[0-8]\d|19[01])|61\.250\.(?:6[4-9]|[78]\d|9[0-5])|61\.252\.1(?:[678]\d|9[01])|(?:203\.227|210\.1(?:09|22))\.\d{1,3}|(?:203\.2(?:3[589]|48)|210\.112)\.(?:\d|\d\d|1[01]\d|12[0-7])|(?:61\.109|203\.243|210\.1(?:03|16))\.(?:12[89]|1[3-9]\d|2\d\d)|211\.115\.(?:19[2-9]|20[0-7])|211\.172\.(?:9[6-9]|10\d|11[01])|211\.189\.1(?:[678]\d|9[01])|211\.236\.2(?:2[4-9]|[345]\d)|211\.238\.(?:\d|[12]\d|3[01])|211\.239\.(?:\d|\d\d|1[0-8]\d|19[01]))\.\d{1,3} /
  4513. describe SEJONGNET_KR [KR]SEJONG TELECOM
  4514. score SEJONGNET_KR 1.5
  4515.  
  4516. header KINXINC_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:121\.78(?:\.\d{1,3}){2}|122\.49\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])\.\d{1,3}|203\.84\.2[45]\d\.\d{1,3}|203\.236\.(?:19[2-9]|2\d\d)\.\d{1,3}|203\.238\.1(?:7[6-9]|8\d|9[01])\.\d{1,3}|203\.246\.1(?:6\d|7[0-5])\.\d{1,3}) /
  4517. describe KINXINC_KR [KR]KINX 5F, Daelim Acrotel, Dogok-Dong, Gangnam-gu,SEOUL
  4518. score KINXINC_KR 1.5
  4519.  
  4520. header SAMSUNGSDS_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:180\.23[6-9]\.\d{1,3}|210\.94\.(?:3[2-9]|[45]\d|6[0-3])|210\.118\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])|211\.189\.(?:\d|\d\d|1[01]\d|12[0-7]))\.\d{1,3} /
  4521. describe SAMSUNGSDS_KR [KR]SamsungSDS Inc.
  4522. score SAMSUNGSDS_KR 1.5
  4523.  
  4524. header RAYNET_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:122\.129\.2[45]\d|211\.238\.(?:3[2-9]|[45]\d|6[0-3]))\.\d{1,3} /
  4525. describe RAYNET_KR [KR]GORayNet
  4526. score RAYNET_KR 1.5
  4527.  
  4528. # HANINTERNET
  4529. header DURUAN_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:61\.97\.1(?:2[89]|[345]\d)|121\.0\.(?:12[89]|1[3-9]\d|2\d\d)|211\.(?:47\.1(?:7[6-9]|8\d|9[01])|63\.(?:7[6-9]|8\d|9[0-5])|237\.(?:3[2-9]|4[0-7])|238\.1(?:2[89]|3\d|4[0-3])))\.\d{1,3} /
  4530. describe DURUAN_KR [KR]Duruan
  4531. score DURUAN_KR 1.5
  4532.  
  4533. # header HINETWORKS_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:61\.250\.(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3}|211\.47\.(?:12[89]|1[345]\d)\.\d{1,3}|211\.241\.(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3}|(?:211\.254|218\.36)\.(?:\d|\d\d|1[01]\d|12[0-7])\.\d{1,3}) /
  4534. header HINETWORKS_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:61\.250|211\.241|223\.165)\.(?:12[89]|1[3-9]\d|2\d\d)|180\.189\.1(?:7[6-9]|8\d|9[01])|211\.41\.1(?:[678]\d|9[01])|211\.(?:47|189)\.1(?:2[89]|[345]\d)|211\.(?:116|235)\.2(?:2[4-9]|[345]\d)|(?:211\.254|218\.36)\.(?:\d|\d\d|1[01]\d|12[0-7])|211\.255\.(?:3[2-8]|[45]\d|6[0-3]))\.\d{1,3} /
  4535. describe HINETWORKS_KR [KR]HiLine Internet Service Inc.
  4536. score HINETWORKS_KR 1.5
  4537.  
  4538. # header OK_NET_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:61\.97\.1(?:1[2-9]|2[0-7])|125\.7\.(?:19[2-9]|2\d\d)|210\.221\.(?:19[2-9]|2[01]\d|22[0-3]))\.\d{1,3} /
  4539. header OK_NET_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:61\.97\.1(?:1[2-9]|2[0-7])|125\.7\.(?:19[2-9]|2\d\d)|210\.221\.(?:19[2-9]|2[01]\d|22[0-3])|211\.238\.2[45]\d)\.\d{1,3} /
  4540. describe OK_NET_KR [KR]OK-NET Co,. Ltd
  4541. score OK_NET_KR 1.5
  4542.  
  4543. header KTNET_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:203\.242\.(?:12[89]|1[3-9]\d|2\d\d)|210\.181\.(?:19[2-9]|2[01]\d|22[0-3])|210\.217\.1(?:2[89]|[345]\d)|211\.37\.(?:19[2-9]|2[01]\d|22[0-3]))\.\d{1,3} /
  4544. describe KTNET_KR [KR]Korea Trade Network
  4545. score KTNET_KR 1.5
  4546.  
  4547. header EHOSTIDC_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:27\.255\.(?:6[4-9]|[78]\d|9[0-5])|61\.97\.2[45]\d|180\.150\.2(?:2[4-9]|3[01]))\.\d{1,3} /
  4548. describe EHOSTIDC_KR [KR]EHOST IDC 916 Newticastle Geumcheon-gu Gasan-dong Seoul
  4549. score EHOSTIDC_KR 1.5
  4550.  
  4551. header GYEONG_NET_KR X-Spam-Relays-Untrusted =~ /^\[ ip=203\.255\.(?:\d|[1-5]\d|6[0-3])\.\d{1,3} /
  4552. describe GYEONG_NET_KR [KR]GyeongSang National University
  4553. score GYEONG_NET_KR 1.5
  4554.  
  4555. header SMILESERV_KR X-Spam-Relays-Untrusted =~ /^\[ ip=115\.68(?:\.\d{1,3}){2} /
  4556. describe SMILESERV_KR [KR]2F Daeryung Techno Tower 2-cha Gasan-dong Geumcheon-gu
  4557. score SMILESERV_KR 1.5
  4558.  
  4559. header PETINET_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:210\.180\.(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3}|211\.182(?:\.\d{1,3}){2}) /
  4560. describe PETINET_KR [KR]BUSAN EDUCATION RESEARCH & INFORMATION CENTER
  4561. score PETINET_KR 1.5
  4562.  
  4563. header CDNETWORKS_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:116\.193\.(?:8\d|9[0-5])|118\.107\.1(?:6\d|7[0-5]))\.\d{1,3} /
  4564. describe CDNETWORKS_KR [KR]828-7 Yeoksam 1-dong gangnamgu Seoul
  4565. score CDNETWORKS_KR 1.5
  4566.  
  4567. header KAIST_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:143\.248(?:\.\d{1,3}){2}|110\.76\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])\.\d{1,3}) /
  4568. describe KAIST_KR [KR]Korea Advanced Institute of Science and Technology
  4569. score KAIST_KR 1.5
  4570.  
  4571. # 211.255.192.0 - 211.255.207.255
  4572. header KOINS_KR X-Spam-Relays-Untrusted =~ /^\[ ip=211\.255\.(?:19[2-9]|20[0-7])\.\d{1,3} /
  4573. describe KOINS_KR [KR]KOSCOM Korea Exchange Yeongdeungpo-gu Yeouido-dong Seoul
  4574. score KOINS_KR 1.5
  4575.  
  4576. # 203.252.128.0 - 203.252.191.255
  4577. # 192.203.145.0 - 192.203.145.255
  4578. header KONKUKNET_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:192\.203\.145|203\.252\.1(?:2[89]|[3-8]\d|9[01]))\.\d{1,3} /
  4579. describe KONKUKNET_KR [KR]Konkuk University
  4580. score KONKUKNET_KR 1.5
  4581.  
  4582. header CABLENET_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:112\.133\.(?:\d|\d\d|1[01]\d|12[0-7])|119\.77\.(?:9[6-9]|1[01]\d|12[0-7])|122\.202\.(?:12[89]|1[3-9]\d|2\d\d))\.\d{1,3} /
  4583. describe CABLENET_KR [KR]422 KCTV JEJU BROADCASTING, yeon-dong jeju si jejudo,690-815
  4584. score CABLENET_KR 1.5
  4585.  
  4586. header PIRANHA_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:110\.165\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])|114\.141\.2(?:2[4-9]|[345]\d)|182\.163\.(?:12[89]|1[3-9]\d|2\d\d))\.\d{1,3} /
  4587. describe PIRANHA_KR [KR]Piranha Systems 48-14, Ganseok-dong Namdong-gu Incheon
  4588. score PIRANHA_KR 1.5
  4589.  
  4590. header LDCC_KR X-Spam-Relays-Untrusted =~ /^\[ ip=210\.93\.1(?:2[89]|[3-8]\d|9[01])\.\d{1,3} /
  4591. describe LDCC_KR [KR]Lotte Data Communication Company
  4592. score LDCC_KR 1.5
  4593.  
  4594. header CST21_KR X-Spam-Relays-Untrusted =~ /^\[ ip=115\.178\.(?:6[4-9]|[5-8]\d|9[0-5])\.\d{1,3} /
  4595. describe CST21_KR [KR]13F Daelim Acrotel C-Dong,467-6 Dogok-dong Gangnam-gu Seoul
  4596. score CST21_KR 1.5
  4597.  
  4598. header DAEWOO_KR X-Spam-Relays-Untrusted =~ /^\[ ip=152\.149(?:\.\d{1,3}){2} /
  4599. describe DAEWOO_KR [KR]Daewoo Infomation Systems co.
  4600. score DAEWOO_KR 1.5
  4601.  
  4602. header NHN_KR X-Spam-Relays-Untrusted =~ /^\[ ip=175\.158\.(?:\d|[12]\d|3[01])\.\d{1,3} /
  4603. describe NHN_KR [KR]Venture Town 25-1, Jeongjadong, Bundang-gu,Seongnam-si, Kyounggi-do
  4604. score NHN_KR 1.5
  4605.  
  4606. header ESONET_KR X-Spam-Relays-Untrusted =~ /^\[ ip=122\.99\.(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3} /
  4607. describe ESONET_KR [KR]3F 1577-8, Sillim-dong, Gwanak-gu, Seoul-si
  4608. score ESONET_KR 1.5
  4609.  
  4610. header JCNIDC_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:27\.96|49\.50)\.1(?:2[89]|[3-8]\d|9[01])\.\d{1,3} /
  4611. describe JCNIDC_KR [KR]60-44, EnC Dream Tower 7-cha Gasan-dong Geumcheon-gu Seoul-si
  4612. score JCNIDC_KR 1.5
  4613.  
  4614. header JIGUNET_KR X-Spam-Relays-Untrusted =~ /^\[ ip=211\.172\.1(?:1[2-9]|2[0-7])\.\d{1,3} /
  4615. describe JIGUNET_KR [KR]IOSYSTEM
  4616. score JIGUNET_KR 1.5
  4617.  
  4618. # SPEEDONSTV
  4619. # SOOSUNG CABLE TELEVISION INC
  4620. # CJ-HELLOVISION-KR
  4621. header CJ_CABLENET_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:1\.17[67]|110\.4[67]|119\.149|180\.182)(?:\.\d{1,3}){2}|(?:(?:119\.75|122\.128)\.1(?:2[89]|[3-8]\d|9[01])|(?:120\.136|180\.92)\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7]))\.\d{1,3}) /
  4622. describe CJ_CABLENET_KR [KR]1254, sinjeongdong, yangcheongu, Seoul, 158-070
  4623. score CJ_CABLENET_KR 1.5
  4624.  
  4625. header HANINTERNET_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:121\.0\.(?:12[89]|1[3-9]\d|2\d\d)|210\.16\.(?:19[2-9]|2\d\d))\.\d{1,3} /
  4626. describe HANINTERNET_KR [KR]Guro-dong, Guro-gu, SEOUL, 152-050
  4627. score HANINTERNET_KR 1.5
  4628.  
  4629. # 221.133.48.0 - 221.133.63.255
  4630. # 211.35.64.0 - 211.35.79.255
  4631. header KPIN_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:211\.35\.(?:6[4-9]|7\d)|221\.133\.(?:4[89]|5\d|6[0-3]))\.\d{1,3} /
  4632. describe KPIN_KR [KR]INet Technologies Co., Ltd.
  4633. score KPIN_KR 1.5
  4634.  
  4635. header AES_KR X-Spam-Relays-Untrusted =~ /^\[ ip=58\.87\.(?:3[2-9]|[45]\d|6[0-3])\.\d{1,3} /
  4636. describe AES_KR [KR]AutoEverSystems Corp.
  4637. score AES_KR 1.5
  4638.  
  4639. header YAHOO_KR X-Spam-Relays-Untrusted =~ /^\[ ip=111\.67\.2(?:2[4-9]|[345]\d)\.\d{1,3} /
  4640. describe YAHOO_KR [KR]Yahoo! Korea, Corp.
  4641. score YAHOO_KR 1.5
  4642.  
  4643. header GINAMHANVITNET_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:117\.123(?:\.\d{1,3}){2}|211\.116\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])\.\d{1,3}) /
  4644. describe GINAMHANVITNET_KR [KR]Tbroad Ginam Broadcating Co., Ltd.
  4645. score GINAMHANVITNET_KR 1.5
  4646.  
  4647. header KREONET_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:202\.30\.(?:\d|[12]\d|3[01])|210\.110\.(?:12[89]|1[3-9]\d|2\d\d))\.\d{1,3} /
  4648. describe KREONET_KR [KR]KISTI
  4649. score KREONET_KR 1.5
  4650.  
  4651. header ILINKKOREA_KR X-Spam-Relays-Untrusted =~ /^\[ ip=61\.251\.1(?:7[6-9]|8\d|9[01])\.\d{1,3} /
  4652. describe ILINKKOREA_KR [KR]613ho, Seoul Donggyo-dong Mapo-gu LG Palace Bldg.
  4653. score ILINKKOREA_KR 1.5
  4654.  
  4655. header NETROPY_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:211\.174\.(?:9[6-9]|1[01]\d|12[0-7])|211\.233\.(?:12[89]|1[3-9]\d|2\d\d))\.\d{1,3} /
  4656. describe NETROPY_KR [KR]NETROPY CO.,Ltd
  4657. score NETROPY_KR 1.5
  4658.  
  4659. header IP4NET_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:119\.30\.1(?:2[89]|1[3-8]\d|9[01])|202\.68\.2(?:2[4-9]|[345]\d))\.\d{1,3} /
  4660. describe IP4NET_KR [KR]P4Networks Inc 2F Modern Bldg 680-77 Jayang 2-dong Gwangjin-gu descr: SEOUL, 151-050
  4661. score IP4NET_KR 1.5
  4662.  
  4663. header KDTIDC_KR X-Spam-Relays-Untrusted =~ /^\[ ip=101\.55\.(?:\d|\d\d|1[01]\d|12[0-7])\.\d{1,3} /
  4664. describe KDTIDC_KR [KR]8F, Sindorim technomart Guro 5(o)-dong Guro-gu Seoul
  4665. score KDTIDC_KR 1.5
  4666.  
  4667. header DSUNET_KR X-Spam-Relays-Untrusted =~ /^\[ ip=203\.241\.1(?:7[6-9]|8\d|9[01]\d)\.\d{1,3} /
  4668. describe DSUNET_KR [KR]Dongseo University
  4669. score DSUNET_KR 1.5
  4670.  
  4671. header CMBI_NETDJ_KR X-Spam-Relays-Untrusted =~ /^\[ ip=110\.35\.(?:\d|[1-5]\d|6[0-3])\.\d{1,3} /
  4672. describe CMBI_NETDJ_KR [KR]CMB Daejeon Broadcasting Co,.Ltd 95-3, CMB Building, Seonhwa-dong Jung-gu Daejeon-si
  4673. score CMBI_NETDJ_KR 1.5
  4674.  
  4675. header SAERONET_KR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:113\.59\.1(?:2[89]|[3-8]\d|9[01])|119\.56\.(?:12[89]|[3-9]\d|2\d\d))\.\d{1,3} /
  4676. describe SAERONET_KR [KR]Saero Network Service LTD 274-9, Gumi-si, Songjeong-dong, Gyeongsangbuk-do
  4677. score SAERONET_KR 1.5
  4678.  
  4679. header NAMDONGNET_KR X-Spam-Relays-Untrusted =~ /^\[ ip=124\.28\.1(?:2[89]|[3-8]\d|9[01])\.\d{1,3} /
  4680. describe NAMDONGNET_KR [KR]Inchon cable TV namdong broadcasting 1124, Guwol-dong namdong-gu, Inchon, 405-220
  4681. score NAMDONGNET_KR 1.5
  4682.  
  4683.  
  4684.  
  4685. # 203.67.0.0 - 203.67.255.255
  4686. # 210.64.0.0 - 210.64.255.255
  4687. # 210.66.0.0 - 210.66.255.255
  4688. # 210.68.0.0 - 210.68.255.255
  4689. # 203.70.0.0 - 203.70.255.255
  4690. # 210.243.127.0 - 210.243.255.255
  4691. # 139.175.0.0 - 139.175.255.255
  4692.  
  4693. # 203.73.0.0 - 203.73.255.255
  4694. # 211.74.0.0 - 211.74.255.255
  4695. # 210.244.0.0 - 210.244.127.255
  4696. # header SEEDNET Received =~ /from .+(203\.67|210\.6[468])(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2,2}/
  4697. # header SEEDNET X-Spam-Relays-Untrusted =~ /ip=((59\.10[45]|139\.175|203\.(67|7[03])|210\.6[468]|211\.74)(\.\d{1,3}){2}|(210\.243\.(12[7-9]|1[3-9]\d|2\d\d)|210\.244\.(\d|\d\d|1[01]\d|12[0-7]))\.\d{1,3}) [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  4698. header SEEDNET X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:59\.10[45]|112\.10[45]|123\.20[45]|139\.175|203\.(?:67|7[03])|210\.6[468]|211\.74)(?:\.\d{1,3}){2}|(?:210\.243\.(?:12[7-9]|1[3-9]\d|2\d\d)|210\.244\.(?:\d|\d\d|1[01]\d|12[0-7]))\.\d{1,3}) /
  4699. describe SEEDNET [TW]Digital United Inc.
  4700. score SEEDNET 1.0
  4701.  
  4702. # 210.200.0.0 - 210.201.255.255
  4703. # 210.202.0.0 - 210.202.255.255
  4704. # 210.203.0.0 - 210.203.127.255
  4705. # 218.187.0.0 - 218.187.255.255
  4706.  
  4707. # header APOL Received =~ /from .+(21(0\.20[0-2]|8\.187)(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2,2}|210\.203\.([0-9]|[1-9][0-9]|1[01][0-9]|12[0-7])\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]))/
  4708. # header APOL X-Spam-Relays-Untrusted =~ /ip=(21(0\.20[0-2]|8\.187)(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2,2}|210\.203\.([0-9]|[1-9][0-9]|1[01][0-9]|12[0-7])\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])) rdns=.+(vdsl\.static|dialup\.dynamic)\.apol\.com\.tw .+ident= envfrom= intl=0 .+auth= /
  4709.  
  4710. # header APOL X-Spam-Relays-Untrusted =~ /ip=((210\.20[0-2]|218\.187)(\.[0-9]{1,3}){2,2}|210\.203\.([0-9]|[1-9][0-9]|1[01][0-9]|12[0-7])\.[0-9]{1,3}) rdns=.+(vdsl\.static|dialup\.dynamic)\.apol\.com\.tw .+ident= envfrom= intl=0 .+auth= /
  4711. # header APOL X-Spam-Relays-Untrusted =~ /(ip=((210\.20[0-2]|218\.187)(\.[0-9]{1,3}){2,2}|210\.203\.([0-9]|[1-9][0-9]|1[01][0-9]|12[0-7])\.[0-9]{1,3})|rdns=.+(vdsl\.static|dialup\.dynamic)\.apol\.com\.tw) .+ident= envfrom= intl=0 .+auth= /
  4712. # 222.156.0.0 - 222.157.255.255
  4713. # 219.91.0.0 - 219.91.127.255
  4714. # header APOL X-Spam-Relays-Untrusted =~ /^\[ (ip=((124\.218|210\.20[0-2]|218\.(3[45]|187)|222\.15[67])(\.\d{1,3}){2}|(210\.203|219\.91)\.(\d|[1-9]\d|1[01]\d|12[0-7])\.\d{1,3})|rdns=.+(vdsl\.static|(cm|dialup)\.dynamic)\.apol\.com\.tw) /
  4715. header APOL X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:60\.244|124\.218|210\.20[0-2]|218\.(?:3[45]|187)|222\.15[67])(?:\.\d{1,3}){2}|(?:124\.219|210\.203|219\.91)\.(?:\d|[1-9]\d|1[01]\d|12[0-7])\.\d{1,3}|\d{2,3}(?:\.\d{1,3}){3} rdns=.+(?:vdsl\.static|(?:cm|dialup)\.dynamic)\.apol\.com\.tw) /
  4716. describe APOL [TW]Asia Pacific On-line Services Inc.
  4717. score APOL 1.5
  4718.  
  4719. # 220.228.0.0 - 220.229.255.255
  4720. # 218.210.0.0 - 218.211.255.255
  4721.  
  4722. # header NCICNET Received =~ /from .+220\.22[89](\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2,2}/
  4723. # 122.146.0.0 - 122.147.255.255
  4724. header NCICNET X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:113\.196|122\.14[67]|218\.21[01]|220\.22[89])(?:\.\d{1,3}){2}|211\.78\.1(?:[678]\d|9[01])\.\d{1,3}) /
  4725. describe NCICNET [TW]New Centry InfoComm Tech. Co., Ltd.
  4726. score NCICNET 1.5
  4727.  
  4728. # 61.56.0.0 - 61.56.15.255
  4729. # header NCREE_GSN_NET
  4730. # describe NCREE_GSN_NET [TW]
  4731.  
  4732. # 61.56.80.0 - 61.56.95.255
  4733. # 61.56.64.0 - 61.56.79.255
  4734. # header DYXNET
  4735. # describe DYXNET [TW]Diyixian.com(TW)Ltd.
  4736.  
  4737. # TW: 61.56.0.0 - 61.71.255.255
  4738. # header TW_61_56_71 Received =~ /from .+61\.(5[6-9]|6[0-9]|7[01])(\.[0-9]{1,3}){2,2}[\)\] ]/
  4739. header TW_61_56_71 X-Spam-Relays-Untrusted =~ /ip=61\.(5[6-9]|6[0-9]|7[01])(\.[0-9]{1,3}){2,2} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  4740. describe TW_61_56_71 [TW]61.56.0.0 - 61.71.255.255
  4741. score TW_61_56_71 1.0
  4742.  
  4743. # 203.207.0.0 - 203.207.15.255
  4744. header ASIAINFRA X-Spam-Relays-Untrusted =~ /ip=203\.207\.([0-9]|1[0-5])\.[0-9]{1,3} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  4745. describe ASIAINFRA [TW]AsiaInfra International Ltd.
  4746. score ASIAINFRA 1.0
  4747.  
  4748. # 218.160.0.0 - 218.175.255.255
  4749. # 220.128.0.0 - 220.143.255.255
  4750. # 59.112.0.0 - 59.127.255.255
  4751. # 61.228.0.0 - 61.231.255.255
  4752. # 60.248.0.0 - 60.251.255.255
  4753. # 125.232.0.0 - 125.233.255.255
  4754. # 211.20.0.0 - 211.23.255.255
  4755. # 125.224.0.0 - 125.231.255.255
  4756. # header HINET_TW X-Spam-Relays-Untrusted =~ /ip=(59\.1(1[2-9]|2[0-7])|60\.2(4[89]|5[01])|61\.2(2[89]|3[01])|125\.(22[4-9]|23[0-3])|211\.2[0-3]|218\.1(6\d|7[0-5])|220\.1(2[89]|3\d|4[0-3]))(\.\d{1,3}){2} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  4757. # 61.220.0.0 - 61.227.255.255
  4758. # 61.216.0.0 - 61.219.255.255
  4759. # 122.120.0.0 - 122.127.255.255
  4760. # 125.224.0.0 - 125.231.255.255
  4761. # header HINET_TW X-Spam-Relays-Untrusted =~ /(ip=(59\.1(1[2-9]|2[0-7])|60\.2(4[89]|5[01])|61\.2(1[6-9]|2\d|3[01])|122\.12[0-7]|125\.2(2[4-9]|3[0-3])|211\.75|218\.1(6\d|7[0-5])|220\.1(2[89]|3\d|4[0-3]))(\.\d{1,3}){2}|rdns=\d{2,3}(\-\d{1,3}){3}\.dynamic\.hinet\.net) [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  4762. # header HINET_TW X-Spam-Relays-Untrusted =~ /^\[ ip=(?:59\.1(?:1[2-9]|2[0-7])|60\.2(?:4[89]|5[01])|61\.2(?:1[6-9]|2\d|3[01])|114\.(?:3[2-9]|4[0-7])|118\.1(?:6[89]|7[01])|122\.1(?:1[67]|2[0-7])|125\.2(?:2[4-9]|3[0-3])|203\.66|210\.242|211\.(?:20|7[25])|218\.1(?:6\d|7[0-5])|220\.1(?:2[89]|3\d|4[0-3]))(?:\.\d{1,3}){2} /
  4763. header HINET_TW X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:1\.1(?:6\d|7[0-5])|36\.2(?:2[4-9]|3\d)|59\.1(?:1[2-9]|2[0-7])|60\.2(?:4[89]|5[01])|61\.2(?:1[6-9]|2\d|3[01])|111\.2[45]\d|114\.(?:2[4-7]|3[2-9]|4[0-7])|118\.1(?:6[89]|7[01])|122\.1(?:1[67]|2[0-7])|125\.2(?:2[4-9]|3[0-3])|168\.95|203\.(?:6[69]|75)|210\.242|211\.(?:2[012]|7[25])|218\.1(?:6\d|7[0-5])|220\.1(?:2[89]|3\d|4[0-3]))(?:\.\d{1,3}){2}|(?:202\.39|210\.71)\.(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3}) /
  4764. describe HINET_TW [TW]CHTD, Chunghwa Telecom Co.,Ltd.
  4765. score HINET_TW 1.5
  4766.  
  4767. # 222.250.0.0 - 222.251.127.255
  4768. # 210.85.0.0 - 210.85.255.255
  4769. # 202.178.128.0 - 202.178.191.255
  4770. header ETWEBS_TW X-Spam-Relays-Untrusted =~ /ip=((210\.85|222\.250)(?:\.\d{1,3}){2}|202\.178\.1(2[89]|[3-8]\d|9[01])\.\d{1,3}|222\.251\.(\d|[1-9]\d|1[01]\d|12[0-7])\.\d{1,3}) [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  4771. describe ETWEBS_TW [TW]ETWebs Taiwan Co. Ltd.
  4772. score ETWEBS_TW 1.5
  4773.  
  4774. # 61.30.0.0 - 61.31.255.255
  4775. # 124.8.0.0 - 124.12.255.255
  4776. # 219.80.0.0 - 219.81.255.255
  4777. # 219.86.0.0 - 219.87.255.255
  4778. # header TFN_NET_TW X-Spam-Relays-Untrusted =~ /ip=(61\.3[01]|124\.([89]|1[012])|219\.8[0167])(\.\d{1,3}){2} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  4779. # TFN MEDIA CO., LTD. UBBNET-NET TFN-TW-NET GCNet (Reach & Range Inc.)
  4780. header TFN_NET_TW X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:61\.3[01]|124\.(?:[89]|1[012])|219\.8[0167])(?:\.\d{1,3}){2}|(?:203\.77\.(?:\d|\d\d|1[01]\d|12[0-7])|211\.79\.(?:\d|[12]\d|3[01]))\.\d{1,3}) /
  4781. describe TFN_NET_TW [TW]Taiwan Fixed Network CO.,LTD.
  4782. score TFN_NET_TW 1.5
  4783.  
  4784. # 202.165.128.0 - 202.165.159.255
  4785. header SINGTEL_TW X-Spam-Relays-Untrusted =~ /ip=202\.165\.1(2[89]|[345]\d)\.\d{1,3} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  4786. describe SINGTEL_TW [TW]Singtel Taiwan Limited
  4787. score SINGTEL_TW 1.5
  4788.  
  4789.  
  4790. # 219.84.0.0 - 219.85.255.255
  4791. header SONET_TW X-Spam-Relays-Untrusted =~ /ip=219\.8[45](?:\.\d{1,3}){2} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  4792. describe SONET_TW [TW]Sony Network Taiwan Limited
  4793. score SONET_TW 1.5
  4794.  
  4795. # 123.192.0.0 - 123.195.255.255
  4796. # 118.232.0.0 - 118.233.255.255
  4797. # header TUNGHO_NET_TW X-Spam-Relays-Untrusted =~ /ip=(118\.23[23]|123\.19[2-5])(\.\d{1,3}){2} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  4798. header TUNGHO_NET_TW X-Spam-Relays-Untrusted =~ /^\[ ip=(?:118\.23[23]|123\.19[2-5])(\.\d{1,3}){2} /
  4799. describe TUNGHO_NET_TW [TW]TUNG HO MULTIMEDIA CO. Ltd.
  4800. score TUNGHO_NET_TW 1.5
  4801.  
  4802. # 219.68.0.0 - 219.69.255.255
  4803. header GIGAMEDIA_TW X-Spam-Relays-Untrusted =~ /ip=219\.6[89](?:\.\d{1,3}){2} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  4804. describe GIGAMEDIA_TW [TW]Hoshin Gigamedia Center Inc.
  4805. score GIGAMEDIA_TW 1.5
  4806.  
  4807. # 202.132.0.0 - 202.132.255.255
  4808. # 210.192.0.0 - 210.192.63.255
  4809. # 210.192.128.0 - 210.192.255.255
  4810. header TTN_TW X-Spam-Relays-Untrusted =~ /ip=(202\.132(?:\.\d{1,3}){2}|210\.192\.(\d|[1-5]\d|6[0-3]|12[89]|1[3-9]\d|2\d\d)\.\d{1,3}) [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  4811. describe TTN_TW [TW]Taiwan Telecommunication Network Services Co.,LTD.
  4812. score TTN_TW 1.5
  4813.  
  4814. # 123.240.0.0 - 123.241.255.255
  4815. header TBCOM_NET_TW X-Spam-Relays-Untrusted =~ /^\[ ip=123\.(?:110|24[01])(?:\.\d{1,3}){2} /
  4816. describe TBCOM_NET_TW [TW]TBC
  4817. score TBCOM_NET_TW 1.5
  4818.  
  4819. # 123.252.0.0 - 123.252.127.255
  4820. # 124.155.128.0 - 124.155.159.255
  4821. # 122.99.0.0 - 122.99.63.255
  4822. header KE_ING_NET_TW X-Spam-Relays-Untrusted =~ /^\[ ip=(?:122\.99\.(\d|[1-5]\d|6[0-3])|123\.252\.(\d|\d\d|1[01]\d|12[0-7])|124\.155\.1(2[89]|[345]\d))\.\d{1,3} /
  4823. describe KE_ING_NET_TW [TW]KE-ing Co , Ltd
  4824. score KE_ING_NET_TW 1.5
  4825.  
  4826.  
  4827. # 211.78.32.0 - 211.78.63.255
  4828. header KGT_TW X-Spam-Relays-Untrusted =~ /^\[ ip=211\.78\.(3[2-9]|[45]\d|6[0-3])\.\d{1,3} /
  4829. describe KGT_TW [TW]KGEx.com
  4830. score KGT_TW 1.5
  4831.  
  4832. header TAIWANMOBILE_NET_TW X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:101\.(?:[89]|1[0-5])|115\.8[0-3]|117\.19|180\.20[4-7])(?:\.\d{1,3}){2}|123\.99\.(?:\d|[1-5]\d|6[0-3])\.\d{1,3}) /
  4833. describe TAIWANMOBILE_NET_TW [TW]taiwanmobile-net
  4834. score TAIWANMOBILE_NET_TW 1.5
  4835.  
  4836. header FETNET_TW X-Spam-Relays-Untrusted =~ /^\[ ip=(?:61\.20|110\.(?:2[4-9]|3[01])|118\.231)(?:\.\d{1,3}){2} /
  4837. describe FETNET_TW [TW]Far EasTone Telecommunication Co., Ltd.
  4838. score FETNET_TW 1.5
  4839.  
  4840. header GMO_TW X-Spam-Relays-Untrusted =~ /^\[ ip=122\.255\.81\.\d{1,3} /
  4841. describe GMO_TW [TW]GMO Hosting&Security, Inc Sinhuya-ku. Tokyo, 150-8512 Taiwan
  4842. score GMO_TW 1.5
  4843.  
  4844. header UNIGATENET_TW X-Spam-Relays-Untrusted =~ /^\[ ip=(?:202\.(?:55|133)\.2(?:2[4-9]|[345]\d)|202\.153\.(?:1[6-9]\d|20[0-7]))\.\d{1,3} /
  4845. describe UNIGATENET_TW [TW]Network topology of Unigate Telecom Inc.
  4846. score UNIGATENET_TW 1.5
  4847.  
  4848. header TWGATE_TW X-Spam-Relays-Untrusted =~ /^\[ ip=(?:175\.111\.(?:19[2-9]|2\d\d)|203\.78\.1(?:7[6-9]|8\d|9[01]))\.\d{1,3} /
  4849. describe TWGATE_TW [TW]Taiwan Internet Gateway Chunghwa Telecom - International Business Group (CHTI)
  4850. score TWGATE_TW 1.5
  4851.  
  4852. header TANET_TW X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:120\.(?:9[6-9]|1[01]\d|12[0-7])|140\.1(?:09|[12]\d|3[0-8])|163\.(?:1[3-9]|2\d|3[012])|192\.192|203\.(?:6[48]|7[12])|210\.(?:60|70))(?:\.\d{1,3}){2}|210\.62\.(?:6[4-9]|[78]\d|9[0-5])\.\d{1,3}|210\.71\.(?:\d|\d\d|1[01]\d|12[0-7])\.\d{1,3}) /
  4853. describe TANET_TW [TW]Ministry of Education Computer Center
  4854. score TANET_TW 1.5
  4855.  
  4856. header UBBNET_TW X-Spam-Relays-Untrusted =~ /^\[ ip=(?:119\.77\.(?:12[89]|1[3-9]\d|2\d\d)|122\.100\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])|122\.254\.(?:\d|[1-5]\d|6[0-3]))\.\d{1,3} /
  4857. describe UBBNET_TW [TW]UNION BROADBAND NETWORK
  4858. score UBBNET_TW 1.5
  4859.  
  4860. header HOSHIN_TW X-Spam-Relays-Untrusted =~ /^\[ ip=(?:58\.11[45]|219\.7[01])(?:\.\d{1,3}){2} /
  4861. describe HOSHIN_TW [TW]Hoshin Multimedia Center Inc
  4862. score HOSHIN_TW 1.5
  4863.  
  4864. header TWNAP_TW X-Spam-Relays-Untrusted =~ /^\[ ip=(?:210\.208(?:\.\d{1,3}){2}|210\.209\.(?:\d|[1-5]\d|6[0-3])\.\d{1,3}) /
  4865. describe TWNAP_TW [TW]Taiwan Network Access Point Taipei
  4866. score TWNAP_TW 1.5
  4867.  
  4868. header NCICNET_TW X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:113\.196|218\.32)\.\d{1,3}|211\.78\.1(?:[678]\d|9[01]))\.\d{1,3} /
  4869. describe NCICNET_TW [TW]New Centry InfoComm Tech. Co., Ltd. 12F, No. 468, Rueguang Rd. Taipei Taiwan 114
  4870. score NCICNET_TW 1.5
  4871.  
  4872. header EMOME_NET_TW X-Spam-Relays-Untrusted =~ /^\[ ip=(?:42\.(?:6[4-9]|7\d)|111\.8[0-3]|114\.13[67])(?:\.\d{1,3}){2} /
  4873. describe EMOME_NET_TW [TW]Mobile Business Group, Chunghwa Telecom Co., Ltd. No.35, Aiguo E. Rd. Taipei, Taiwan 106 EMOME Network
  4874. score EMOME_NET_TW 1.5
  4875.  
  4876.  
  4877.  
  4878. # CSLOXINFO || CNCGROUPNP ||
  4879. # WASU_HZDTV_COM_CN || CMNET
  4880.  
  4881.  
  4882. meta ___KOREATAIWANCHINA CNCGROUP || KOREATELECOM || HANAROTELECOM || ELIMNET || DREAMX || SHINBIRO || SEEDNET || SKNETWORKS || BORANET || HANVITINB || APOL || NCICNET || CRTC || CHINATELECOM || CHINANET || UNICOM || SEEHULINE || KDD_HK || NWTNET || HGC_HK || TW_61_56_71 || XDSLSTREAMYX || CN_211_136_167 || ASIAINFRA || CNM_COMM || DXTNET || CPCNET_HK || THRUNET || HKCABLE_HK || CN_202_127 || DEFENSNET || LOXINFO_TH || BTV_BEIJING || SINNET_CN || BAYANTELDSL_AP || ISP_TH || TACHYNET || GLOBAL_CN || DQTNET_CN || BSNLNET_IN || VSNL_IN || EXATTNET_IN || HINET_TW || HTXX_CN || TOPWAY_NET_CN || CERNET_CN || BHARTI_IN || NGNNET_CN || ETWEBS_TW || SINGNET_SG || SKYCABLENET_PH || RELIANCE_IN || IQARANET_IN || CMNET_CN || TFN_NET_TW || GWBN_CN || BEELINK_CN || THAINET_TH || VIETEL_VNNIC_VN || CNNIC_CN || SKYINET_PH || CHINACOMM_CN || SINGTEL_TW || CHEONANVITSSEN_KR || TELKOMNET_ZA || CABLELINE_KR || SIAMIDC_TH || ICNDIGITAL_KR || TBROAD_KR || SILNET_IN || KNCTV_KR || HFCCABLE_AU || KHUNET_KR || WORLDCALL_PK || BGCTVNET_CN || KRNIC_KR || CNNIC_CN || SCSNET_KR || VNPT_VNNIC_VN || IPG_PH || NBIP_CN || CHUNGNAM_KR || YONSEI_NET_KR || SGCABLEVISION_SG || XPEED_KR || CHONNAM_NET_KR || PLDTDSL_PH || INDONET_ID || INFOCOM_PH || DOTNAME_KR || LKTELECOM_LK || WASU_CN || TELKOMNET_ID || BBNET_CN || SIFYNET_IN || CJWXNET_CN || HRXT_CN || GLOBET_PH || COLNET_CN || TM_IDC_MY || DONGDAEMUN_KR || QRIXNET_KR || COMNETTH || PI_PH || KITINET_KR || ASIANET_ID || STPI_IN || CONS_PH || INET_CO_TH || HCMPT_NET_VN || TRIDEL_TECH_PH || STN_CN || SONET_TW || HAIONNET_KR || TUNGHO_NET_TW || GIGAMEDIA_TW || TIG_NZ || KREN_KR || TTN_TW || AIMS_MY || TOT_IP_NET_TH || EXTREME_MY || TBCOM_NET_TW || HATHWAY_NET_IN || PI_IN || INFOVISION_PH || NLSS_CN || FOUNDERBN_CN || BJJSNET_CN || ETPI_PH || AORONG_CN || THBA_CN || DRCSCNET_CN || HCN_KR || RINGLINK_CN || GDJS_CN || YOUTELE_IN || KE_ING_NET_TW || TOPNEWNET_CN || TYNET_CN || TUNET_CN || IOLNET_IN || HUARUI_CN || KGT_TW || WM_CNCGROUP_CN || SGATHER_CN || TAIWANMOBILE_NET_TW || BM_ID || OPTUSINTERNET_AU || YYNET_CN || FETNET_TW || DCL_BD || ORTELCOMM_IN || INDOSAT_ID || CHINANETCENTER_CN || JARDIKNAS_ID || PTCL_PK || CTTNET_CN || BEAMCABLE_IN || HKCIX_HK || ETC_VNNIC_VN || GPRS_IN || HKNET_HK || CTINET_HK || PRIMANET_ID || PACENET_IN || HLJ_CN || GENESIS_HK || SINGTEL_HK || LINKDOTNET_PK || ISATNET_ID || FNCL_HK || GLOBALSPEED_PH || FPT_NET_VN || NEXTWEB_PH || WOTONE_CN || CYBERNET_PK || MULTINETBROADBAND_PK || SUNINFO_MDC_CN || FHGROUP_CN || WM_VAAN_KR || VAAN_KR || INTERISLANDNET_PH || BUDDYB_TH || HCLC_KR || CDKNET_CN || CAT_TH || GDSYS_KR || FASTNET_ID || TATACOMM_IN || NOVA_CN || GMO_TW || P4NETWORKS_IN || BOLU_TELECOM_KR || SDHT_NET_CN || PACNET_HK || JNDINFO_KR || HAOWEIGAOKE_CN || DITIZONE_KR || COMCLARK_PH || MOBILEONE_SG || CNI_ID || CAPITALNETWORK_CN || UNIGATENET_TW || APACSERVER_HK || QALA_SG || TRUENET_TH || PRIMETELECOM_CN || TELSTRAINTERNET_AU || TWGATE_TW || NETVIGATOR_HK || MTNLISP_IN || HKDNET_CN || SEJONGNET_KR || SNW_HK || TANET_TW || SIMCENT_HK || KINXINC_KR || SAMSUNGSDS_KR || RAYNET_KR || DURUAN_KR || HINETWORKS_KR || OK_NET_KR || NTCPKNET_PK || ADI_HK || SCTV_VN || BTTB_BD || RWTS_AU || BITNET_CN || DIGITELONE_PH || KTNET_KR || EHOSTIDC_KR || GYEONG_NET_KR || SMILESERV_KR || UBBNET_TW || PIRADIUS_MY || PETINET_KR || PROENNET_TH || GTPL_IN || IPC_NEWTT_HK || SKYDIO_SG || EQUINIXAP_NET_SG || GEMNET_MN || NEWMEDIAEXPRESS_SG || CDNETWORKS_KR || MAXISNET_MY || AIS_TH || KAIST_KR || ONE_NET_SG || JASNITA_ID || TRUEMOVE_TH || BB_BROADBAND_TH || DTAC_TH || KOINS_KR || KONKUKNET_KR || DIGI_MY || TPNET_SG || HONGKONG_NET_HK || PUTIAN_CN || INFOMOVE_HK || CABLENET_KR || HOSHIN_TW || PIRANHA_KR || WEEK5_CN || LBNI_PH || TTT_TH || DCTECH_PH || LDCC_KR || TELECOMPLUS_MU || CST21_KR || CALLPLUS_NZ || GUANGZHOUHONGXUNWANGDING_CN || FTTH_TH || PANGNET_HK || P1NETWORKS_MY || ABITCOOL_CN || CTM_MO || VIETTEL_CAMBODIA_KH || BESTINFONET_CN || TPG_AU || JARING_MY || MOBILE8_ID || HASINDONET_ID || DAEWOO_KR || NHN_KR || DIGINET_ID || ESONET_KR || JCNIDC_KR || VASAICABLEPVTLTD_IN || DNET_ID || JIGUNET_KR || LINKTOM_CN || WATEEN_PK || BELLTELECOM_PH || CSTNET_CN || WORLDPHONE_IN || CJ_CABLENET_KR || TWNAP_TW || HANINTERNET_KR || DISHNET_IN || CCCNET_CN || SMARTBRO_PH || PACIFICONENET_HK || XUNTONG_CN || NET263_CN || DVOIS_IN || YOURWEBSTREAM_PH || YOKOZUNANET_MN || PDSN_IN || MONGOLNET_MN || ISERVICES_HK || RITELE_CN || WEBVISIONS_SG || KPIN_KR || ICL_NET_IN || HRWIRE2008_PH || CAMSHIN_KH || MCSCOM_MN || VAINAVIINDUSTRIESLTD_IN || SPT_VN || MTT_LK || NET_SYS_HK || SPECTRANET_IN || AES_KR || YAHOO_KR || NETZAP_ID || CITINET_MN || PIONEER_IN || DODO_AU || ANKHNET_IN || OFFRATEL_NC || NETNAM_VN || WLIN_HK || FIPD_XTRA_NZ || EXCELLMEDIA_IN || GINAMHANVITNET_KR || MARBELNETWORKS_PH || THREE_ID || CYBERPLUS_ID || VZPACIFICA_MP || WICAM_KH || MOBINET_MN || RAILTEL_IN || TELSTRACLEAR_NZ || USONYX_NET_SG || TIMETELEKOM_MY || LAOTELECOM_LA || XLNET_ID || ALLIANCEBROADBAND_IN || KREONET_KR || FREENET_MY || TRIPLETNET_TH || REACH2NET_IN || MLS_NC || CNXNET_MY || MOBITEL_LK || WISHNET_IN || SYSCON_IN || SINGTEL_SG || NCICNET_TW || NEOCOM_KH || ULUSNET_MN || AGNISYS_BD || I4HKLIMITED_CN || WITRIBE_PK || XRNET_CN || SANXIN_CN || NEXLINX_PK || CABLE51_PH || BTTELECOM_BT || DAKARA_ID || CELCOMNET_MY || BELLNET_LK || ORCONNET_NZ || CAPTURE_IN || H3GHK_HK || GRAMEENPHONEIT_BD || SPIDIGO_IN || TIKONANET_IN || HUTCHVAS_IN || IINET_AU || DAFFODILNET_BD || RIT_TH || LINTASARTA_ID || CALLPLUS_NZ || ILINKKOREA_KR || DESTINYNOC_PH || SMARTONE_HK || ERNET_IN || BJSKIDC_CN || VODAFONE_AU || M2TELECOMMUNICATIONS_AU || NAPINFO_ID || NTS_ID || SBS_IN || HTXX_CN || HNS_IN || DIGILAND_CN || NETROPY_KR || GERRYSNET_PK || BBTEC_HK || ZSPNET_CN || IP4NET_KR || YTLCOMMS_MY || KIRZ_TH || KDTIDC_KR || DSUNET_KR || TULIP_IN || CMBI_NETDJ_KR || BIZNET_ID || GITN_MY || DIGITALWAYS_CN || SAERONET_KR || NAMDONGNET_KR || RSMANI_NKN_IN || TIMOR_TELECOM_TL || NEUVIZ_ID || ALAPCOM_BD || FOCUSINFOCOM_MV || GIANT_CN || HKT_HK || ETISALATLKNET_LK || CEPATNET_ID || PEMDA_NAD_ID || EMOME_NET_TW || HICHINA_CN || PUNET_CN || SLT_LK || NSTPL_IN || CERGISNETWORKS_ID || WNET_IN || UNITEL_LA || BB_BROADBAND_TH || ERDEMNET_MN || MICT_NET_TH || BLAZENET_IN || DTVSTAR_KH || TIANLIANHUTONG_NET_CN || VIVIDWIRELESS_AU || VPLS_TH || TELEMAX_MN || ICONPLN_ID || AIRTEL_LK || AIRCEL_IN || FIBERLINK_PK || NTCISP_PK || SKYCC_MN || RAILCOM_MN || DIGICOM_MN || HYPERNET_ID || CABLELITE_IN || ALISOFT_CN || INSTA_AF || KEWIKONET_MN || BDCOM_BD || MMS_ID || MUL_MINDING_CN || WIRELESSNET_ID || EDONGNET_CN || HUT_VN || ECLTELECOM_IN || WSNET_CN || SUNTEL_LK || CONNECT_PK || LINK3_BD || GTEL_VN || BBTECNETWORKS_HK || TWA_PK || DAXA_ID || VODAFONE_NZ || MELSANET_ID || NORTHSTAR_CN || HUTCHISON_HK || ACME_HK || EXCELCO_LTD_BD || YAHOO_SG || FOREST_ETERNAL_CN || XSERVER_UA || QUICKWEB_NZ || NIPPAGROUP_PK || CALRISSIANLIMITED_HK || REGENTCOM_IN || NTCINTERNET_NP || SKYNET_IN || CHINAMOBILE_HK || UNICOM_HK || GREATTANG_HK
  4883.  
  4884.  
  4885.  
  4886. meta JPSUBJTWKRCN ___KOREATAIWANCHINA && SUBJ_ILLEGAL_CHARS && ISO2022JP_BODY
  4887. describe JPSUBJTWKRCN JaPan and SUBJ_illegal_chars and TaiWan KoRea ChiNa
  4888. score JPSUBJTWKRCN 2.0
  4889.  
  4890. # modified 2009.07.26 by [yoh]
  4891. # because, SA's Bayes is not reliable.
  4892. # meta DCNTWKRCN ___KOREATAIWANCHINA && ___DCN && (BAYES_99 || BAYES_95)
  4893. meta DCNTWKRCN ___KOREATAIWANCHINA && ___DCN
  4894. describe DCNTWKRCN Distributed Collaborative Network and TaiWan KoRea ChiNa
  4895. # score DCNTWKRCN 6.5
  4896. score DCNTWKRCN 3.5
  4897.  
  4898. # 218.24.0.0 - 218.25.255.255
  4899.  
  4900. # thrown away 2008.07.26 by [yoh]
  4901. # header CNCGROUPNP Received =~ /(from .*218\.2[45](\.([0-9]|[1-9][0-9]{1,2}|2[0-4][0-9]|25[0-5])){2})/
  4902. # describe CNCGROUPNP [CN]All IPs are "cncln.online.ln.cn"
  4903. # score CNCGROUPNP 4.0
  4904. #
  4905. # meta CNCNPJP CNCGROUPNP && (ISO2022JP_BODY || SJIS_BODY)
  4906. # describe CNCNPJP CNCGROUPNP && (ISO2022JP_BODY || SJIS_BODY)
  4907. # score CNCNPJP 10.0
  4908.  
  4909. #
  4910. # ToDo: Merge CNCGROUP and CHINATELECOM IP addresses.
  4911. # CNCGROUP and CHINATELECOM are same ISP.
  4912. # 2006.04.17 by [yoh]
  4913. #
  4914. # done.
  4915. # 2008.07.26 by [yoh]
  4916.  
  4917.  
  4918. # 58.16.0.0-58.23.255.255 (524288)
  4919. # 58.32.0.0-58.63.255.255 (2097152)
  4920. # 58.208.0.0-58.223.255.255 (1048576)
  4921. # 58.240.0.0-58.255.255.255 (1048576)
  4922. #
  4923. # 58\.(1[6-9]|2[0-3]|3[2-9]|[45]\d|6[0-3]|2(0[89]|1\d|2[0-3]|[45]\d))
  4924. #
  4925. # 59.32.0.0-59.63.255.255 (2097152)
  4926. #
  4927. # 59\.(3[2-9]|[45]\d|6[0-3])
  4928. #
  4929. # 60.0.0.0-60.31.255.255 (2097152)
  4930. # 60.160.0.0-60.191.255.255 (2097152)
  4931. # 60.208.0.0-60.223.255.255 (1048576)
  4932. #
  4933. # 60\.(\d|[12]\d|3[01]|1([678]\d|9[01])|2(0[89]|1\d|2[0-3]))
  4934. #
  4935. # 61.48.0.0-61.55.255.255 (524288)
  4936. # 61.128.0.0-61.191.255.255 (4194304)
  4937. #
  4938. # 61\.(4[89]|5[0-5]|1(2[89]|[3-8]\d|9[01]))
  4939. #
  4940. # 116.1.0.0-116.1.255.255 (65536)
  4941. # 116.2.0.0-116.3.255.255 (131072)
  4942. # 116.4.0.0-116.7.255.255 (262144)
  4943. # 116.8.0.0-116.11.255.255 (262144)
  4944. # 116.16.0.0-116.31.255.255 (1048576)
  4945. # 116.224.0.0-116.239.255.255 (1048576)
  4946. #
  4947. # 116\.([1-9]|1[016-9]|2\d|3[01]|2(2[4-9]|3\d))
  4948. #
  4949. #
  4950. # 119.112.0.0-119.119.255.255 (524288)
  4951. #
  4952. # 119\.11[2-9]
  4953. #
  4954. # 121.8.0.0-121.15.255.255 (524288)
  4955. # 121.16.0.0-121.31.255.255 (1048576)
  4956. # 121.32.0.0-121.35.255.255 (262144)
  4957. #
  4958. # 121\.([89]|[12]\d|3[0-5])
  4959. #
  4960. # 122.4.0.0-122.7.255.255 (262144)
  4961. # 122.136.0.0-122.143.255.255 (524288)
  4962. # 122.156.0.0-122.159.255.255 (262144)
  4963. # 122.224.0.0-122.239.255.255 (1048576)
  4964. #
  4965. # 122\.([4-7]|1([35][6-9]|4[0-3])|2(2[4-9]|3\d))
  4966. #
  4967. # 123.4.0.0-123.7.255.255 (262144)
  4968. # 123.8.0.0-123.15.255.255 (524288)
  4969. # 123.144.0.0-123.151.255.255 (524288)
  4970. # 123.152.0.0-123.155.255.255 (262144)
  4971. # 123.156.0.0-123.156.255.255 (65536)
  4972. # 123.170.0.0-123.171.255.255 (131072)
  4973. # 123.172.0.0-123.175.255.255 (262144)
  4974. # 123.177.0.0-123.177.255.255 (65536)
  4975. # 123.178.0.0-123.179.255.255 (131072)
  4976. # 123.180.0.0-123.183.255.255 (262144)
  4977. # 123.184.0.0-123.191.255.255 (524288)
  4978. #
  4979. # 123\.([4-9]|1[0-5]|1(4[4-9]|5[0-6]|7[0-5789]|8\d|9[01]))
  4980. #
  4981. # 124.64.0.0-124.67.255.255 (262144)
  4982. # 124.72.0.0-124.79.255.255 (524288)
  4983. # 124.88.0.0-124.95.255.255 (524288)
  4984. # 124.114.0.0-124.115.255.255 (131072)
  4985. # 124.128.0.0-124.135.255.255 (524288)
  4986. # 124.160.0.0-124.161.255.255 (131072)
  4987. # 124.164.0.0-124.167.255.255 (262144)
  4988. # 124.226.0.0-124.227.255.255 (131072)
  4989. # 124.234.0.0-124.235.255.255 (131072)
  4990. #
  4991. # 124\.(6[4-7]|7[2-9]|8[89]|9[0-5]|1(1[45]|2[89]|3[0-5]|6[014-7]|)|2(2[67]|3[45]))
  4992. #
  4993. # 125.40.0.0-125.47.255.255 (524288)
  4994. # 125.64.0.0-125.95.255.255 (2097152)
  4995. # 125.104.0.0-125.111.255.255 (524288)
  4996. # 125.112.0.0-125.127.255.255 (1048576)
  4997. # 125.211.0.0-125.211.255.255 (65536)
  4998. #
  4999. # 125\.(4[0-7]|6[4-9]|[78]\d|9[0-5]|1(0[4-9]|1\d|2[0-7])|211)
  5000. #
  5001. # 129.128.0.0-129.135.255.255 (524288)
  5002. # 129.136.0.0-129.137.255.255 (131072)
  5003. # 129.141.0.0-129.141.255.255 (65536)
  5004. # 129.142.0.0-129.143.255.255 (131072)
  5005. # 129.144.0.0-129.151.255.255 (524288)
  5006. # 129.152.0.0-129.153.255.255 (131072)
  5007. #
  5008. # 129\.1(2[89]|3[0-7]|4[1-9]|5[0-3])
  5009. #
  5010. #
  5011. # 202.96.0.0-202.111.255.255 (1048576)
  5012. #
  5013. # 202\.(9[6-9]|10\d|11[01])
  5014. #
  5015. # 210.12.0.0-210.13.255.255 (131072)
  5016. #
  5017. # 210.14.160.0-210.14.191.255 (8192)
  5018. # 210.14.192.0-210.14.255.255 (16384)
  5019. # 210.15.0.0-210.15.127.255 (32768)
  5020. # 210.15.128.0-210.15.191.255 (16384)
  5021. #
  5022. # 210.21.0.0-210.21.255.255 (65536)
  5023. # 210.22.0.0-210.22.255.255 (65536)
  5024. # 210.51.0.0-210.51.255.255 (65536)
  5025. # 210.52.0.0-210.53.255.255 (131072)
  5026. #
  5027. # 210.74.96.0-210.74.127.255 (8192)
  5028. # 210.74.128.0-210.74.159.255 (8192)
  5029. #
  5030. # 210.78.0.0-210.78.31.255 (8192)
  5031. #
  5032. # 210.82.0.0-210.83.255.255 (131072)
  5033. #
  5034. # 210\.(1[23]|2[12]|5[123]|8[23])
  5035. #
  5036. # 210\.14\.(1[6-9]\d|2\d\d)
  5037. # 210\.15\.(\d|\d\d|1[0-8]\d|19[01])
  5038. # 210\.74\.(9[6-9]|1[0-5]\d)
  5039. # 210\.78\.(\d|[12]\d|3[01])
  5040. #
  5041. # 218.0.0.0-218.31.255.255 (2097152)
  5042. # 218.56.0.0-218.63.255.255 (524288)
  5043. # 218.64.0.0-218.95.255.255 (2097152)
  5044. # 218.96.0.0-218.97.255.255 (131072)
  5045. # 218.104.0.0-218.107.255.255 (262144)
  5046. #
  5047. # 218\.(\d|[12]\d|3[01]|5[6-9]|[678]\d|9[0-7]|10[4-7])
  5048. #
  5049. #
  5050. # 219.128.0.0-219.159.255.255 (2097152)
  5051. # 219.232.0.0-219.233.255.255 (131072)
  5052. # 219.234.0.0-219.234.255.255 (65536)
  5053. #
  5054. # 219\.(12[89]|1[345]\d|23[234])
  5055. #
  5056. # 220.160.0.0-220.191.255.255 (2097152)
  5057. # 220.248.0.0-220.251.255.255 (262144)
  5058. #
  5059. # 220\.(1[678]\d|19[01]|24[89]|25\d)
  5060. #
  5061. # 221.0.0.0-221.15.255.255 (1048576)
  5062. # 221.192.0.0-221.223.255.255 (2097152)
  5063. # 221.224.0.0-221.239.255.255 (1048576)
  5064. #
  5065. # 221\.(\d|1[0-5]|19[2-9]|2[0-3]\d)
  5066. #
  5067. # 222.64.0.0-222.95.255.255 (2097152)
  5068. # 222.128.0.0-222.159.255.255 (2097152)
  5069. # 222.160.0.0-222.163.255.255 (262144)
  5070. # 222.168.0.0-222.175.255.255 (524288)
  5071. # 222.176.0.0-222.191.255.255 (1048576)
  5072. # 222.208.0.0-222.223.255.255 (1048576)
  5073. # 222.240.0.0-222.247.255.255 (524288)
  5074. #
  5075. # 222\.(6[4-9]|[78]\d|9[0-5]|12[89]|1[34578]\d|16[0-8]|19[01]|20[89]|21\d|22[0-3]|24[0-7])
  5076. # 202.75.208.0-202.75.223.255
  5077.  
  5078. replace_tag CNCGROUP_IPS (?:(?:1\.(?:2[4-9]|3[01]|5[6-9]|6[0-3]|8[0-7]|18[89]|19\d|20[4-7])|14\.(?:1(?:0[4-9]|1\d|2[0-7]|3[45]|4[4-9]|5\d|9[67])|2(?:0[4-9]|1\d|2[0-3]))|27\.(?:[89]|[12]\d|3[016-9]|4[0-7]|14[89]|15[01]|18[4-9]|19\d|2[01]\d|22[0-7])|36\.(?:[4-7]|4[0-7])|42\.(?:4[89]|8[01]|22[4-9]|23\d)|49\.(?:6[4-9]|[78]\d|9[0-5]|11[2-9])|58\.(?:1[6-9]|2[0-5]|3[2-9]|[45]\d|6[0-3]|11[6-9]|12[89]|13[0-5]|2(?:0[89]|1\d|2[0-3]|[45]\d))|59\.(?:3[2-9]|[45]\d|6[0-3]|17[2-5])|60\.(?:\d|[12]\d|3[01]|1(?:[678]\d|9[01])|2(?:0[89]|1\d|2[0-3]|35))|61\.(?:4[89]|5[0-5]|1(?:2[89]|[3-8]\d|9[01]))|101\.(?:1[6-9]|2\d|3[01]|6[4-9]|7[01]|8\d|9[0-5])|106\.1(?:1[2-9]|2[0-7])|110\.(?:[67]|1[6-9]|5[23]|8\d|9[01]|15[2-5]|16[67]|17[789]|18[1-9]|19[01]|22[89]|23[01]|2[45]\d)|111\.(?:7[2-9]|85|1(?:2[0-4]|6[0-7]|7[2-9]|[89]\d)|20[0-7]|22[4-8])|112\.(?:6[4-7]|8[0-7]|9[89]|10[0-3]|11[1-7]|12[23]|132|19[2-5]|2(?:2[4-9]|[345]\d))|113\.(?:\d|1[2-8]|2[4-7]|31|5[67]|6[4-9]|[789]\d|10\d|1[12]\d|13[2-9]|14[0-3]|19[45]|20[4-7]|22\d|2[34]\d|25[01])|114\.(?:5[45]|[89]\d|10[0-7]|13[589]|2(?:1[6-9]|[2-5]\d))|115\.(?:4[689]|5\d|6[0-3]|1(?:0[0-3]|4[89]|5\d|6[0-389]|7[01]|9[2-9])|2[0-3]\d)|116\.(?:[1-9]|1[016-9]|2\d|3[01]|5[2-5]|6[0-3]|95|1(?:1[2-7]|9[2456])|2(?:0[789]|1[01]|2[4-9]|3\d|4[67]|5[23]))|117\.(?:[89]|1[0-5]|2[1-9]|3\d|4[0-5]|6[4-9]|[78]\d|9[0-5]|11[2-9])|118\.(?:7[2-9]|8[01]|11[2-9]|12[0-6]|13[2-5]|14[4-7]|18\d|19[0-5]|21[23]|22[4-7]|239|24[4-9]|25\d)|119\.(?:[014-7]|3[2-9]|4[014589]|5[0-5]|6[02]|8[4-7]|9[6-9]|1(?:0[0-389]|1[2-9]|[23]\d|4[0-7]|7[6-9]|8\d|9[01])|2(?:4[89]|5\d))|120\.(?:\d|1[0-5]|3[2-9]|4[0-3]|6[5689]|7[01]|8[0-7])|121\.(?:[89]|[12]\d|3[0-5]|5[67]|6[0-3]|20[4-7]|22[4-9]|23\d)|122\.(?:[4-7]|9[67]|1(?:[35][6-9]|4[0-3]|5[6-9]|9[2-5])|2(?:2[4-9]|3\d|4[0-7]))|123\.(?:[4-9]|1[0-5]|5[2-5]|62|9[67]|1(?:1[2-9]|[23]\d|4[4-9]|[56]\d|7[0-5789]|8\d|9[0167])|24[4-9]|25\d)|124\.(?:31|42|6[4-7]|7[2-9]|8[89]|9[0-5]|1(?:1[2-9]|2[89]|3[0-5]|6[0-7]|)|2(?:2[4-9]|3\d))|125\.(?:3[2-9]|4[0-7]|6[4-9]|[78]\d|9[0-5]|1(?:0[4-9]|1\d|2[0-7])|211)|129\.1(?:2[89]|3[0-7]|4[1-9]|5[0-3])|140\.243|163\.1(?:25|79)|171\.(?:[89]|1[0-5]|3[6-9]|12[0-7])|175\.(?:\d|1\d|2[0-3]|4[234]|14[6-9]|15[0-5]|16\d|17[0-5])|180\.(?:9[6-9]|1[016]\d|12[0-7]|13[06-9]|14[0-3]|15[2-9]|17[0-5]|21[23])|182\.(?:3[2-9]|4[0-7]|8[89]|9[016-9]|10\d|1[123]\d|14[0-3]|24[0-7])|183\.(?:\d|[1-6]\d|7[01]|9[2-5]|12[89]|1[345]\d|16[0-7]|18[4-9]|19[01])|202\.(?:9[6-9]|10\d|11[01])|203\.93|210\.(?:1[23]|2[12]|5[123]|8[23])|218\.(?:\d|[12]\d|3[01]|5[6-9]|[678]\d|9[0-7]|10[4-7])|219\.(?:12[89]|1[345]\d|23[234])|220\.(?:1[678]\d|19[01]|24[2389]|25\d)|221\.(?:\d|1[0-5]|19[2-9]|2[0-3]\d)|222\.(?:6[4-9]|[78]\d|9[0-5]|12[89]|13\d|14[0-3]|16[0-8]|19[01]|20[89]|21\d|22[0-3]|24[0-7])|223\.(?:16[67]|19[89]|21[45]|24[0-7]))(?:\.\d{1,3}){2}|(?:(?:27\.106|116\.254)\.1(?:2[89]|[3-8]\d|9[01])|(?:27\.50|116\.255|119\.59|180\.(?:95|129)|220\.152)\.(?:12[89]|1[3-9]\d|2\d\d)|27\.54\.(?:19[2-9]|2\d\d)|45\.113\.25[2-5]|103\.3\.(?:9[6-9]|1[01]\d|12[0-7])|110\.232\.(?:3[2-9]|[45]\d|6[0-3])|118\.88\.(?:3[2-9]|[4-9]\d|[12]\d\d)|119\.148\.1(?:6\d|7[0-5])|120\.88\.(?:[89]|1[0-5])|(?:27\.115|121\.58)\.(?:\d|\d\d|1[01]\d|12[0-7])|122\.102\.(?:6[4-9]|[78]\d|9[0-5])|124\.14\.(?:19[2-9]|2[01]\d|22[0-3])|202\.75\.2(?:0[89]|1\d|2[0-3])|(?:27\.98|202\.91)\.2(?:2[4-9]|[345]\d)|210\.(?:14\.(?:1[6-9]\d|2\d\d)|15\.(?:\d|\d\d|1[0-8]\d|19[01])|74\.(?:9[6-9]|1[0-5]\d)|76\.1(?:[678]\d|9[01])|78\.(?:\d|[12]\d|3[01]))|211\.102\.1(?:2[89]|[3-8]\d|9[01])|(?:219\.235|220\.231)\.(?:\d|[1-5]\d|6[0-3]))\.\d{1,3})
  5079.  
  5080. header CNCGROUP X-Spam-Relays-Untrusted =~ /^\[ ip=<CNCGROUP_IPS> /
  5081. describe CNCGROUP [CN]Japanese spammer's footstool: CNCGROUP
  5082. score CNCGROUP 1.5
  5083.  
  5084. meta CNCJP CNCGROUP && (ISO2022JP_BODY || SJIS_BODY)
  5085. describe CNCJP CNCGROUP && (ISO2022JP_BODY || SJIS_BODY)
  5086. score CNCJP 1.5
  5087.  
  5088. # for catching webmail ips.
  5089. # 2008.07.26 by [yoh]
  5090. header ___GOOMAIL_CNCGROUP X-Original-IP =~ /\[<CNCGROUP_IPS>\]/
  5091. # added 2011.11.21 by [yoh]
  5092. header ___HOTMAIL_CNCGROUP X-Originating-IP =~ /\[<CNCGROUP_IPS>\]/
  5093. header ___INFOSEEK_WEBMAIL_CNCGROUP X-OriginalIP =~ /<CNCGROUP_IPS>/
  5094.  
  5095. meta WM_CNCGROUP_CN ___GOOMAIL_CNCGROUP || ___INFOSEEK_WEBMAIL_CNCGROUP || ___HOTMAIL_CNCGROUP
  5096. describe WM_CNCGROUP_CN [CN]webmail from CNCGROUP
  5097. score WM_CNCGROUP_CN 1.5
  5098.  
  5099.  
  5100.  
  5101.  
  5102. # 61.232.0.0 - 61.237.255.255
  5103. # 222.32.0.0 - 222.63.255.255
  5104.  
  5105. header CRTC X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:61\.23[2-7]|122\.(?:6[4-9]|[78]\d|9[0-5])|221\.17[2-5]|222\.(?:3[2-9]|[45]\d|6[0-3]))(?:\.\d{1,3}){2}|58\.83\.1(?:1[2-9]|2[0-7])\.\d{1,3}) /
  5106. describe CRTC [CN]CHINA RAILWAY TELECOMMUNICATIONS CENTER
  5107. score CRTC 1.5
  5108.  
  5109. # 219.147.128.0 - 219.147.255.255
  5110. # 222.170.0.0 - 222.172.127.255
  5111. # 222.168.0.0 - 222.169.255.255
  5112.  
  5113. # 222.76.0.0 - 222.79.255.255
  5114. # 219.234.0.0 - 219.234.31.255
  5115. # 222.173.0.0 - 222.175.255.255
  5116. # 221.224.0.0 - 221.231.255.255
  5117.  
  5118. # 218.22.0.0 - 218.23.255.255
  5119. # 222.64.0.0 - 222.73.255.255
  5120. # 59.32.0.0 - 59.63.255.255
  5121. # 60.160.0.0 - 60.161.255.255
  5122. # 60.162.0.0 - 60.165.255.255
  5123. # 60.166.0.0 - 60.175.255.255
  5124. # 60.176.0.0 - 60.191.255.255
  5125. # 218.70.0.0 - 218.95.255.255
  5126. # 222.64.0.0 - 222.95.255.255
  5127. # 222.168.0.0 - 222.191.255.255
  5128. # 222.208.0.0 - 222.223.255.255
  5129.  
  5130. # 220.160.0.0 - 220.191.255.255
  5131.  
  5132. # 61.169.0.0 - 61.175.255.255
  5133. # 124.72.0.0 - 124.79.255.255
  5134. # 121.32.0.0 - 121.35.255.255
  5135. header CHINATELECOM X-Spam-Relays-Untrusted =~ /ip=((61\.18[09]\.(\d|[1-9]\d|1[01]\d|12[0-8])|61\.159\.(?:12[89]|1[3-9]\d|2[0-4]\d|25[0-5])|219\.147\.(?:12[89]|1[3-9]\d|2[0-4]\d|25[0-5])|219\.234\.(\d|[12]\d|3[01])|222\.172\.(\d|[1-9]\d|1[01]\d|12[0-7]))\.\d{1,3}|(58\.(3[2-9]|[45]\d|6[0-3])|59\.(3[2-9]|[45]\d|6[0-3])|60\.(?:1[678]\d|19[01])|61\.(?:14[0-6]|15[457]|16[04-69]|17[0-578]|18[3-8]|19[01])|121\.3[2-5]|124\.(7[2-9]|11[45])|202\.103|218\.([0-6]|1[3-9]|2[023]|[678]\d|9[0-5])|219\.1(2[89]|3[0-7]|4[1-9]|5[0-3])|220\.1([678]\d|9[01])|221\.(22[4-9]|23\d)|222\.(6[4-9]|[78]\d|9[0-5]|17[01345]|16[89]|1[78]\d|19[01]|20[89]|21\d|22[0-3]))(?:\.\d{1,3}){2}) [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  5136. describe CHINATELECOM [CN]China Telecom
  5137. score CHINATELECOM 1.5
  5138.  
  5139. header HAERBINTELECOM X-Spam-Relays-Untrusted =~ /ip=222\.171\.([0-9]|[1-9][0-9]|1[01][0-9]|12[0-7])\.[0-9]{1,3} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  5140. describe HAERBINTELECOM [CN]HAERBIN TELECOM
  5141. score HAERBINTELECOM 1.5
  5142.  
  5143.  
  5144. # 218.65.128.0 - 218.65.255.255
  5145. # 218.66.0.0 - 218.67.127.255
  5146.  
  5147. #-218.1.0.0 - 218.1.255.255
  5148. #-218.6.128.0 - 218.6.255.255
  5149. #-218.13.0.0 - 218.18.255.255
  5150.  
  5151. # 218.19.0.0 - 218.20.255.255
  5152. #-218.21.0.0 - 218.21.47.255
  5153. #-218.21.48.0 - 218.21.63.255
  5154. #-218.21.64.0 - 218.21.127.255
  5155. ##218.21.0.0 - 218.21.127.255
  5156. # (CNCGROUP)
  5157. # 218.22.0.0 - 218.23.255.255
  5158. #-218.31.0.0 - 218.31.255.255
  5159.  
  5160. ##218.0.0.0 - 218.31.255.255
  5161.  
  5162. #-218.56.0.0 - 218.59.255.255(CNCGROUP)
  5163. # 218.64.0.0 - 218.65.127.255
  5164. #-218.66.0.0 - 218.67.127.255
  5165. # (CNCGROUP)
  5166. #-218.70.0.0 - 218.70.255.255
  5167. #-218.71.0.0 - 218.71.127.255
  5168. #-218.71.128.0 - 218.71.135.255
  5169. #-218.71.136.0 - 218.71.143.255
  5170. #-218.71.144.0 - 218.71.159.255
  5171. #-218.71.160.0 - 218.71.191.255
  5172. # 218.71.192.0 - 218.71.255.255
  5173. # 218.78.0.0 - 218.83.255.255
  5174. # 218.85.0.0 - 218.86.127.255
  5175. # 218.95.0.0 - 218.95.127.255
  5176. #-218.95.224.0 - 218.95.255.255
  5177.  
  5178. ##218.56.0.0 - 218.95.255.255
  5179.  
  5180. # 219.128.0.0 - 219.137.255.255
  5181. #-219.159.64.0 - 219.159.255.255
  5182.  
  5183. ##219.128.0.0 - 219.159.255.255
  5184. # (includes CHINATELECOM, CNCGROUP)
  5185.  
  5186. #-220.160.0.0 - 220.162.255.255
  5187. # 220.175.0.0 - 220.177.255.255
  5188. # 220.189.96.0 - 220.189.111.255
  5189. # 220.191.0.0 - 220.191.127.255
  5190. #-220.191.252.0 - 220.191.255.255
  5191.  
  5192. ##220.160.0.0 - 220.191.255.255
  5193.  
  5194. # 222.64.220.0 - 222.64.223.255
  5195. # 222.65.60.0 - 222.65.63.255
  5196.  
  5197. # 222.64.0.0 - 222.73.255.255
  5198. # 222.76.0.0 - 222.79.255.255
  5199. #-222.92.0.0 - 222.95.255.255
  5200.  
  5201. ##222.64.0.0 - 222.95.255.255
  5202.  
  5203. #-222.128.0.0 - 222.131.255.255(CNCGROUP)
  5204. #-222.136.0.0 - 222.143.255.255(CNCGROUP)
  5205.  
  5206. ##222.128.0.0 - 222.143.255.255
  5207.  
  5208. # 58.33.180.0 - 58.33.183.255
  5209. #-58.32.0.0 - 58.41.255.255
  5210. #-58.60.0.0 - 58.63.255.255
  5211.  
  5212. ##58.32.0.0 - 58.63.255.255
  5213.  
  5214. # 59.32.0.0 - 59.42.255.255
  5215. # 59.62.0.0 - 59.63.255.255
  5216.  
  5217. ##59.32.0.0 - 58.63.255.255
  5218.  
  5219. #-60.160.0.0 - 60.161.255.255
  5220. #-60.166.0.0 - 60.175.255.255
  5221. # 60.177.0.0 - 60.177.255.255
  5222. #-60.176.0.0 - 60.191.255.255
  5223.  
  5224. ##60.160.0.0 - 60.191.255.255
  5225.  
  5226. #-61.128.0.0 - 61.128.31.255
  5227. # 61.140.0.0 - 61.146.255.255
  5228. # 61.172.0.0 - 61.173.255.255
  5229. # 61.180.0.0 - 61.180.127.255
  5230. # 61.190.0.0 - 61.190.255.255
  5231. #-61.191.0.0 - 61.191.255.255
  5232.  
  5233. ##61.128.0.0 - 61.191.255.255
  5234.  
  5235. # 202.96.0.0 - 202.111.255.255
  5236.  
  5237. # 125.112.0.0 - 125.127.255.255
  5238. # 58.208.0.0 - 58.223.255.255
  5239. # 124.234.0.0 - 124.235.255.255
  5240. # 122.4.0.0 - 122.7.255.255
  5241. # header CHINANET X-Spam-Relays-Untrusted =~ /ip=(5[89]\.(3[2-9]|[45]\d|6[0-3])|58\.2(0[89]|1\d|2[0-3])|60\.1([6-8]\d|9[01])|61\.1(2[89]|[3-8]\d|9[01])|122\.[4-7]|124\.23[45]|125\.(6[4-9]|[78]\d|9[0-5]|10[4-9]|11\d|12[0-7])|202\.(9[6-9]|10\d|11[01])|218\.(\d|[12]\d|3[01]|5[6-9]|[678]\d|9[0-7])|219\.1(2[89]|[345]\d)|220\.1([678]\d|9[01])|221\.(\d|1[0-5]|19[2-9]|2[0-3]\d)|222\.(6[4-9]|[78]\d|9[0-5]|1(2[89]|3\d|4[0-3]|6[0-3])|24[0-7]))(?:\.\d{1,3}){2} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  5242. header CHINANET X-Spam-Relays-Untrusted =~ /ip=(?:1\.50|36\.(?:26|5[6-9]|6[0-3]|9[6-9]|1[01][0-9]|12[0-7])|42\.(?:8[89]|9[0-5]|18[45])|5[89]\.(?:3[2-9]|[45]\d|6[0-3])|58\.2(?:0[89]|1\d|2[0-3])|60\.1(?:[6-8]\d|9[01])|61\.1(?:2[89]|[3-8]\d|9[01])|106\.(?:45|1(?:0[89]|1[01]))|110\.15[67]|117\.6[0-3]|122\.[4-7]|124\.23[45]|125\.(?:6[4-9]|[78]\d|9[0-5]|10[4-9]|11\d|12[0-7])|140\.250|144\.(?:52|255)|182\.20[0-7]|202\.(?:9[6-9]|10\d|11[01])|218\.(?:\d|[12]\d|3[01]|5[6-9]|[678]\d|9[0-7])|219\.1(?:2[89]|[345]\d)|220\.1(?:[678]\d|9[01])|221\.(?:\d|1[0-5]|19[2-9]|2[0-3]\d)|222\.(?:6[4-9]|[78]\d|9[0-5]|1(?:2[89]|3\d|4[0-3]|6[0-3])|24[0-7]))(?:\.\d{1,3}){2} /
  5243. describe CHINANET [CN]Chinanet - large provider in China
  5244. score CHINANET 1.0
  5245.  
  5246. # 211.90.0.0 - 211.97.255.255
  5247. # 220.192.0.0 - 220.207.255.255
  5248. # (\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2,2}
  5249. # (\.[0-9]{1,3}){2,2}
  5250. # 61.240.0.0 - 61.243.255.255
  5251. # header UNICOM Received =~ /from .+(211\.9[0-7]|220\.(19[2-9]|20[0-7]))(\.[0-9]{1,3}){2,2}[\)\] ]/
  5252. # header UNICOM X-Spam-Relays-Untrusted =~ /ip=(61\.24[0-3]|119\.16[4-7]|211\.9[0-7]|220\.(19[2-9]|20[0-7]))(\.[0-9]{1,3}){2,2} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  5253. header UNICOM X-Spam-Relays-Untrusted =~ /^\[ ip=(?:36\.2(?:4[89]|5[01])|61\.24[0-3]|112\.(?:8[3-9]|9[0-5])|119\.16[2-7]|120\.(?:\d|1[0-5])|123\.23[2-5]|211\.9[0-7]|220\.(?:19[2-9]|20[0-7]))(?:\.\d{1,3}){2} /
  5254. describe UNICOM [CN]China United Telecommunications Corporation
  5255. score UNICOM 1.0
  5256.  
  5257. # 59.191.0.0 - 59.191.127.255
  5258.  
  5259. # header SEEHULINE Received =~ /from .+59\.191\.([0-9]|[1-9][0-9]|1([01][0-9]|2[0-7]))\.[0-9]{1,3}[\)\] ]/
  5260. header SEEHULINE X-Spam-Relays-Untrusted =~ /ip=59\.191\.([0-9]|[1-9][0-9]|1([01][0-9]|2[0-7]))\.[0-9]{1,3} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  5261. describe SEEHULINE [CN]SeeHuline-New dream
  5262. score SEEHULINE 1.5
  5263.  
  5264. # 211.136.0.0 - 211.167.255.255
  5265. header CN_211_136_167 X-Spam-Relays-Untrusted =~ /ip=211\.1(3[6-9]|[45][0-9]|6[0-7])(\.[0-9]{1,3}){2,2} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  5266. describe CN_211_136_167 [CN]211.136.0.0 - 211.167.255.255
  5267. score CN_211_136_167 1.0
  5268.  
  5269. # 211.155.245.0 - 211.155.245.255
  5270. header BTV_BEIJING X-Spam-Relays-Untrusted =~ /ip=211\.155\.245\.\d{1,3} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  5271. describe BTV_BEIJING [CN]BEIJING DIAN-SHI-TAI CO.LTD
  5272. score BTV_BEIJING 1.5
  5273.  
  5274.  
  5275. # 219.238.0.0 - 219.239.255.255
  5276. # 60.194.0.0 - 60.195.255.255
  5277. # 218.247.0.0 - 218.247.31.255
  5278. # 218.249.0.0 - 218.249.255.255
  5279. # 124.200.0.0 - 124.207.255.255
  5280. # header DXTNET X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:60\.(?:19[45]|207)|124\.(?:19[23]|20[0-7])|218\.249|219\.23[89])(?:\.\d{1,3}){2,2}|218\.247\.(?:\d|[12]\d|3[01])\.\d{1,3}) /
  5281. header DXTNET X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:60\.(?:19[45]|207)|124\.(?:19[23]|20[0-7])|218\.249|219\.23[89])(?:\.\d{1,3}){2}|(?:211\.100\.2(?:2[4-9]|[345]\d)|218\.247\.(?:\d|[12]\d|3[01]))\.\d{1,3}) /
  5282. describe DXTNET [CN]Beijing Teletron Telecom Engineering Co., Ltd.
  5283. score DXTNET 1.5
  5284.  
  5285. # 202.127.0.0 - 202.127.255.255
  5286. header CN_202_127 X-Spam-Relays-Untrusted =~ /ip=202\.127(\.[0-9]{1,3}){2,2} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  5287. describe CN_202_127 [CN]202.127.0.0 - 202.127.255.255
  5288. score CN_202_127 1.0
  5289.  
  5290.  
  5291. # 124.42.0.0 - 124.42.127.255
  5292. header SINNET_CN X-Spam-Relays-Untrusted =~ /^\[ ip=124\.42\.(?:\d|\d\d|1([01]\d|12[0-7]))\.\d{1,3} /
  5293. describe SINNET_CN [CN]Beijing Guanghuan Xinwang Digital Technology co.Ltd
  5294. score SINNET_CN 1.5
  5295.  
  5296. # 203.156.192.0 - 203.156.255.255
  5297. header GLOBAL_CN X-Spam-Relays-Untrusted =~ /^\[ ip=203\.156\.(?:19[2-9]|2\d\d)\.\d{1,3} /
  5298. describe GLOBAL_CN [CN]ShangHai Global Network Co.Ltd
  5299. score GLOBAL_CN 1.5
  5300.  
  5301. # 203.90.128.0 - 203.90.223.255
  5302. # 61.47.128.0 - 61.47.191.255
  5303. # 125.58.128.0 - 125.58.255.255
  5304. # 219.235.64.0 - 219.235.127.255
  5305. # header DQTNET_CN X-Spam-Relays-Untrusted =~ /ip=(203\.90\.(12[89]|1[3-9]\d|2[01]\d|22[0-3])\.\d{1,3}|61\.47\.(12[89]|1[3-8]\d|19[01])\.\d{1,3}) [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  5306. # header DQTNET_CN X-Spam-Relays-Untrusted =~ /ip=(?:61\.47\.(?:12[89]|1[3-8]\d|19[01])|125\.58\.(?:12[89]|1[3-9]\d|2\d\d)|203\.90\.(?:12[89]|1[3-9]\d|2[01]\d|22[0-3])|219\.235\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7]))\.\d{1,3} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  5307. header DQTNET_CN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:61\.252\.\d{1,3}|61\.47\.(?:12[89]|1[3-8]\d|19[01])|125\.58\.(?:12[89]|1[3-9]\d|2\d\d)|203\.90\.(?:12[89]|1[3-9]\d|2[01]\d|22[0-3])|219\.235\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7]))\.\d{1,3} /
  5308. describe DQTNET_CN [CN]Daqing Zhongji Petroleum Communication Construction Co.,Ltd.
  5309. score DQTNET_CN 1.5
  5310.  
  5311. # 202.8.128.0 - 202.8.159.255
  5312. header HTXX_CN X-Spam-Relays-Untrusted =~ /^\[ ip=202\.8\.(?:12[89]|1[345]\d)\.\d{1,3} /
  5313. describe HTXX_CN [CN]Huabei Petroleum Huatong
  5314. score HTXX_CN 1.5
  5315.  
  5316. # 222.248.0.0 - 222.248.255.255
  5317. # 219.234.96.0 - 219.234.127.255
  5318. # 222.125.0.0 - 222.125.255.255
  5319. header TOPWAY_NET_CN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:219\.234\.(?:9[6-9]|1[01]\d|12[0-7])\.\d{1,3}|(?:111\.222|222\.(?:125|248))(?:\.\d{1,3}){2}) /
  5320. describe TOPWAY_NET_CN [CN]Topway-Net
  5321. score TOPWAY_NET_CN 1.5
  5322.  
  5323.  
  5324. # 58.66.0.0 - 58.67.255.255
  5325. # 59.107.0.0 - 59.107.255.255
  5326. # 124.172.0.0 - 124.175.255.255
  5327. # header NGNNET_CN X-Spam-Relays-Untrusted =~ /ip=(58\.6[67]|59\.107)(\.\d{1,3}){2} [^\[\]]+ident= envfrom= intl=0 /
  5328. header NGNNET_CN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(58\.6[67]|59\.107|124\.17[2-5])(?:\.\d{1,3}){2}|203\.88\.(?:19[2-9]|2[01]\d|22[0-3])\.\d{1,3}) /
  5329. describe NGNNET_CN [CN]World Crossing Telecom(GuangZhou) Ltd.
  5330. score NGNNET_CN 1.5
  5331.  
  5332. # 218.108.0.0 - 218.109.255.255
  5333. #
  5334. # see http://www.hzdtv.com/
  5335. # 2006.04.23 by [yoh]
  5336. #
  5337. # 219.82.0.0 - 219.82.255.255
  5338. # header WASU_HZDTV_COM_CN X-Spam-Relays-Untrusted =~ /ip=(218\.10[89]|219\.82)(?:\.\d{1,3}){2} [^\[\]]+ident= envfrom= intl=0 /
  5339. # describe WASU_HZDTV_COM_CN [CN]WASU TV & Communication Holding Co.,Ltd.
  5340. # score WASU_HZDTV_COM_CN 2.0
  5341.  
  5342. # 202.112.0.0 - 202.121.255.255
  5343. # 202.192.0.0 - 202.207.255.255
  5344. # 219.216.0.0 - 219.231.255.255
  5345. # 222.16.0.0 - 222.31.255.255
  5346. # 222.206.0.0 - 222.207.255.255
  5347. # 58.200.0.0 - 58.207.255.255
  5348. # 210.25.0.0 - 210.47.255.255
  5349. # 58.192.0.0 - 58.207.255.255
  5350. # 218.192.0.0 - 218.199.255.255
  5351. # 222.192.0.0 - 222.207.255.255
  5352. header CERNET_CN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:58\.(?:19[2-9]|20[0-7])|59\.7\d|114\.213|118\.2(?:2[89]|30)|125\.219|202\.(?:11[2-9]|12[01]|19[2-9]|20[0-7])|210\.(?:2[5-9]|3\d|4[0-7])|211\.8[0-7]|218\.19[2-9]|219\.2(?:1[6-9]|2\d|3[01]|4[2-7])|222\.(?:1[6-9]|2\d|3[01]|19[2-9]|20[0-7]))(?:\.\d{1,3}){2} /
  5353. describe CERNET_CN [CN]China Education and Research Network
  5354. score CERNET_CN 1.5
  5355.  
  5356.  
  5357. # 218.200.0.0 - 218.207.255.255
  5358. # 221.176.0.0 - 221.183.255.255
  5359. # 221.130.0.0 - 221.131.255.255
  5360. # header CMNET_CN X-Spam-Relays-Untrusted =~ /ip=(218\.20[0-7]|221\.1(3[01]|7[6-9]|8[0-3]))(\.\d{1,3}){2} [^\[\]]+ident= envfrom= intl=0 /
  5361. header CMNET_CN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:3[69]\.1(?:2[89]|[3-8]\d|9[01])|11[12]\.(?:\d|[1-5]\d|6[0-3])|117\.1(?:2[89]|[3-8]\d|9[01])|1(?:20|83)\.(?:19[2-9]|2\d\d)|121\.37|218\.20[0-7]|221\.1(?:3[01]|7[6-9]|8[0-3])|223\.(?:6[4-9]|[789]\d|[12]\d\d))(?:\.\d{1,3}){2}|203\.86\.(?:\d|[12]\d|3[01])\.\d{1,3}|211\.103\.(?:\d|\d\d|1[01]\d|12[0-7])\.\d{1,3}|220\.231\.(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3}) /
  5362. describe CMNET_CN [CN]China Mobile Communications Corporation
  5363. score CMNET_CN 1.5
  5364.  
  5365. # 220.112.0.0 - 220.115.255.255
  5366. header GWBN_CN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:115\.17[2-5]|175\.1(?:8[89]|9[01])|220\.11[2-5])(?:\.\d{1,3}){2} /
  5367. describe GWBN_CN [CN]FOR GREAT WALL BROADBAND NETWORK SERVICE ACCESS
  5368. score GWBN_CN 1.5
  5369.  
  5370. # 59.80.0.0 - 59.83.255.255
  5371. header BEELINK_CN X-Spam-Relays-Untrusted =~ /^\[ ip=59\.8[0-3](?:\.\d{1,3}){2} /
  5372. describe BEELINK_CN [CN]Beelink Information Science & Technology Co.,Ltd.
  5373. score BEELINK_CN 1.5
  5374.  
  5375. # 218.96.0.0 - 218.99.255.255
  5376. header CNNIC_CN X-Spam-Relays-Untrusted =~ /^\[ ip=218\.9[6-9](?:\.\d{1,3}){2} /
  5377. describe CNNIC_CN [CN]China Network Information Center
  5378. score CNNIC_CN 1.5
  5379.  
  5380. # 221.122.0.0 - 221.123.255.255
  5381. # 124.68.0.0 - 124.71.255.255
  5382. header CHINACOMM_CN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:124\.(?:6[89]|7[01])|221\.12[23])(?:\.\d{1,3}){2} /
  5383. describe CHINACOMM_CN [CN]CETC-CHINACOMM COMMUNICATIONS Co.,Ltd.
  5384. score CHINACOMM_CN 1.5
  5385.  
  5386. # 219.236.0.0 - 219.237.255.255
  5387. header BGCTVNET_CN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:116\.21[6-9]|219\.23[67])(?:\.\d{1,3}){2} /
  5388. describe BGCTVNET_CN [CN]BEIJING GEHUA CATV NETWORK CO., LTD.
  5389. score BGCTVNET_CN 1.5
  5390.  
  5391. # 218.240.0.0 - 218.245.255.255
  5392. # 218.246.0.0 - 218.247.255.255
  5393. header CNNIC_CN X-Spam-Relays-Untrusted =~ /^\[ ip=218\.24[0-7](?:\.\d{1,3}){2} /
  5394. describe CNNIC_CN [CN]China Network Information Center
  5395. score CNNIC_CN 1.5
  5396.  
  5397. # 221.136.0.0 - 221.136.255.255
  5398. header NBIP_CN X-Spam-Relays-Untrusted =~ /^\[ ip=221\.136(?:\.\d{1,3}){2} /
  5399. describe NBIP_CN [CN]NBIP CNC(Ningbo)info-Port co.,Ltd
  5400. score NBIP_CN 1.5
  5401.  
  5402. # 58.100.0.0 - 58.101.255.255
  5403. # header WASU_CN X-Spam-Relays-Untrusted =~ /^\[ ip=58\.10[01](?:\.\d{1,3}){2} /
  5404. header WASU_CN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:58\.10[01]|125\.210|218\.10[89]|219\.82)(?:\.\d{1,3}){2} /
  5405. describe WASU_CN [CN]WASU TV & Communication Holding Co.,Ltd. 6/F, Jian Gong Building, NO.20 Wen San Road, Hangzhou Zhejiang province, P.R.China 310012
  5406. score WASU_CN 1.5
  5407.  
  5408.  
  5409. # 121.68.0.0 - 121.71.255.255
  5410. header BBNET_CN X-Spam-Relays-Untrusted =~ /^\[ ip=121\.(6[89]|7[01])(?:\.\d{1,3}){2} /
  5411. describe BBNET_CN [CN]BeiJing Kuandaitong Telecom Technology Co.,Ltd
  5412. score BBNET_CN 1.5
  5413.  
  5414. # 124.20.0.0 - 124.20.255.255
  5415. header CJWXNET_CN X-Spam-Relays-Untrusted =~ /^\[ ip=124\.2[01](?:\.\d{1,3}){2} /
  5416. describe CJWXNET_CN [CN]Ningbo CJWX Communication Technology Ltd
  5417. score CJWXNET_CN 1.5
  5418.  
  5419. # 124.248.0.0 - 124.248.127.255
  5420. header HRXT_CN X-Spam-Relays-Untrusted =~ /^\[ ip=124\.248\.(?:\d|[1-9]\d|1[01]\d|12[0-7]).\d{1,3} /
  5421. describe HRXT_CN [CN]Beijing HongRuiXunTong science & technology
  5422. score HRXT_CN 1.5
  5423.  
  5424. # 220.234.0.0 - 220.234.255.255
  5425. # 60.63.0.0 - 60.63.255.255
  5426. # 58.24.0.0 - 58.25.255.255
  5427. header COLNET_CN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:58\.2[45]|60\.63|111\.21[2-5]|220\.234)(?:\.\d{1,3}){2} /
  5428. describe COLNET_CN [CN]Oriental Cable Network Co., Ltd.
  5429. score COLNET_CN 1.5
  5430.  
  5431. # 122.0.128.0 - 122.0.255.255
  5432. # header STN_CN X-Spam-Relays-Untrusted =~ /ip=122\.0\.(12[89]|1[3-9]\d|2\d\d)\.\d{1,3} [^\[\]]+ident= envfrom= intl=0 /
  5433. header STN_CN X-Spam-Relays-Untrusted =~ /^\[ ip=122\.0\.(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3} /
  5434. describe STN_CN [CN]Science & Technology Network Communication Co., Ltd.
  5435. score STN_CN 1.5
  5436.  
  5437. # 116.90.184.0 - 116.90.191.255
  5438. # header NLSS_CN X-Spam-Relays-Untrusted =~ /^\[ ip=116\.90\.1(8[4-9]|9[01])\.\d{1,3} rdns=[^ \[\]]* helo=[^ \[\]]+ by=[^ \[\]]+ ident= envfrom= intl=0 id=[^\[\] ]* auth= \]/
  5439. header NLSS_CN X-Spam-Relays-Untrusted =~ /^\[ ip=116\.90\.1(?:8[4-9]|9[01])\.\d{1,3} /
  5440. describe NLSS_CN [CN]Beijing North Latitude Starlit Sky Network Co.,Ltd
  5441. score NLSS_CN 1.5
  5442.  
  5443. # 59.108.0.0 - 59.109.255.255
  5444. # header FOUNDERBN_CN X-Spam-Relays-Untrusted =~ /^\[ ip=59\.10[89](\.\d{1,3}){2} rdns=[^ \[\]]* helo=[^ \[\]]+ by=[^ \[\]]+ ident= envfrom= intl=0 id=[^\[\] ]* auth= \]/
  5445. header FOUNDERBN_CN X-Spam-Relays-Untrusted =~ /^\[ ip=59\.10[89](?:\.\d{1,3}){2} /
  5446. describe FOUNDERBN_CN [CN]Beijing Founder Broadband Network Technology Co.,Ltd
  5447. score FOUNDERBN_CN 1.5
  5448.  
  5449. # 122.8.0.0 - 122.9.255.255
  5450. # header BJJSNET_CN X-Spam-Relays-Untrusted =~ /^\[ ip=122\.[89](\.\d{1,3}){2} rdns=[^ \[\]]* helo=[^ \[\]]+ by=[^ \[\]]+ ident= envfrom= intl=0 id=[^\[\] ]* auth= \]/
  5451. header BJJSNET_CN X-Spam-Relays-Untrusted =~ /^\[ ip=122\.[89](?:\.\d{1,3}){2} /
  5452. describe BJJSNET_CN [CN]Beijing Jiasheng Lianhua technical Co. Ltd
  5453. score BJJSNET_CN 1.5
  5454.  
  5455. # 59.155.0.0 - 59.155.255.255
  5456. header AORONG_CN X-Spam-Relays-Untrusted =~ /^\[ ip=59\.155(?:\.\d{1,3}){2} /
  5457. describe AORONG_CN [CN]Shanghai AORONG Info & Tech Service Co.Ltd
  5458. score AORONG_CN 1.5
  5459.  
  5460. # 124.254.0.0 - 124.254.63.255
  5461. header THBA_CN X-Spam-Relays-Untrusted =~ /^\[ ip=124\.254\.(?:\d|[1-5]\d|6[0-3])\.\d{1,3} /
  5462. describe THBA_CN [CN]Beijing THBA Technology Co,.Ltd.
  5463. score THBA_CN 1.5
  5464.  
  5465. # 220.101.192.0 - 220.101.255.255
  5466. header DRCSCNET_CN X-Spam-Relays-Untrusted =~ /^\[ ip=220\.101\.(?:19[2-9]|2\d\d)\.\d{1,3} /
  5467. describe DRCSCNET_CN [CN]Development & Research Center of State Council Net.
  5468. score DRCSCNET_CN 1.5
  5469.  
  5470. header RINGLINK_CN X-Spam-Relays-Untrusted =~ /^\[ ip=59\.11[01](?:\.\d{1,3}){2} /
  5471. describe RINGLINK_CN [CN]RingLink telecom Ltd.
  5472. score RINGLINK_CN 1.5
  5473.  
  5474. header GDJS_CN X-Spam-Relays-Untrusted =~ /^\[ ip=123\.242\.(?:\d|\d\d|1[01]\d|12[0-7])\.\d{1,3} /
  5475. describe GDJS_CN [CN]Guangdong Jinsheng Investment Development Co.,Ltd
  5476. score GDJS_CN 1.5
  5477.  
  5478. header TOPNEWNET_CN X-Spam-Relays-Untrusted =~ /^\[ ip=121\.52\.2(?:0[89]|1\d|2[0-3])\.\d{1,3} /
  5479. describe TOPNEWNET_CN [CN]Beijing Topnew Info&Tech co,.LTD.
  5480. score TOPNEWNET_CN 1.5
  5481.  
  5482. header TYNET_CN X-Spam-Relays-Untrusted =~ /^\[ ip=119\.19(?:\.\d{1,3}){2} /
  5483. describe TYNET_CN [CN]Tianying Information and Technology Co. Ltd.
  5484. score TYNET_CN 1.5
  5485.  
  5486. header TUNET_CN X-Spam-Relays-Untrusted =~ /^\[ ip=166\.111(?:\.\d{1,3}){2} /
  5487. describe TUNET_CN [CN]Tsinghua University
  5488. score TUNET_CN 1.5
  5489.  
  5490. header HUARUI_CN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:118\.102\.(?:1[6-9]|2\d|3[01])|119\.25[45]\.\d{1,3})\.\d{1,3} /
  5491. describe HUARUI_CN [CN]Langfang Development Area Huarui Xintong Network Technology Co., Ltd.
  5492. score HUARUI_CN 1.5
  5493.  
  5494. header SGATHER_CN X-Spam-Relays-Untrusted =~ /^\[ ip=122\.200\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])\.\d{1,3} /
  5495. describe SGATHER_CN [CN]Beijing HeJu ShuZi Telecom Engineering Co.Ltd.
  5496. score SGATHER_CN 1.5
  5497.  
  5498. header YYNET_CN X-Spam-Relays-Untrusted =~ /^\[ ip=116\.24[45](?:\.\d{1,3}){2} /
  5499. describe YYNET_CN [CN]Beijing Yiliyou Date Co.,Ltd
  5500. score YYNET_CN 1.5
  5501.  
  5502. header CHINANETCENTER_CN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:123\.103\.(?:\d|\d\d|1[01]\d|12[0-7])\.\d{1,3}|203\.130\.(?:3[2-9]|[45]\d|6[0-3])\.\d{1,3}) /
  5503. describe CHINANETCENTER_CN [CN]ChinaNetCenter Ltd.
  5504. score CHINANETCENTER_CN 1.5
  5505.  
  5506. header CTTNET_CN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:110\.(?:19[2-9]|2[01]\d|22[0-3])|12[23]\.(?:6[4-9]|[78]\d|9[0-5]))(?:\.\d{1,3}){2} /
  5507. describe CTTNET_CN [CN]China TieTong Telecommunications Corporation
  5508. score CTTNET_CN 1.5
  5509.  
  5510. header HLJ_CN X-Spam-Relays-Untrusted =~ /^\[ ip=210\.76\.(?:3[2-9]|[45]\d|6[0-3])\.\d{1,3} /
  5511. describe HLJ_CN [CN]Heilongjiang Province
  5512. score HLJ_CN 1.5
  5513.  
  5514. header WOTONE_CN X-Spam-Relays-Untrusted =~ /^\[ ip=116\.20[45](?:\.\d{1,3}){2} /
  5515. describe WOTONE_CN [CN]Wotone Network Ltd.
  5516. score WOTONE_CN 1.5
  5517.  
  5518. header SUNINFO_MDC_CN X-Spam-Relays-Untrusted =~ /^\[ ip=121\.101\.2(?:0[89]|1\d|2[0-3])\.\d{1,3} /
  5519. describe SUNINFO_MDC_CN [CN]Beijing Sun Rise Technology CO.LTD
  5520. score SUNINFO_MDC_CN 1.5
  5521.  
  5522. header FHGROUP_CN X-Spam-Relays-Untrusted =~ /^\[ ip=124\.40\.1(?:1[2-9]|2[0-7])\.\d{1,3} /
  5523. describe FHGROUP_CN [CN]BeiJing FeiHuaLingHang Technology Development Co.,Ltd
  5524. score FHGROUP_CN 1.5
  5525.  
  5526. header CDKNET_CN X-Spam-Relays-Untrusted =~ /^\[ ip=60\.247(?:\.\d{1,3}){2} /
  5527. describe CDKNET_CN [CN]China Digital Kingdom Technology Co.,Ltd.
  5528. score CDKNET_CN 1.5
  5529.  
  5530. # It seems to be very doubtful. 2011.11.12 by [yoh]
  5531. header NOVA_CN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:210\.75\.(?:[5-9]|1\d|2[012])|219\.235\.2(?:2[4-9]|[345]\d))\.\d{1,3} /
  5532. describe NOVA_CN [CN]Shenzhen Nova Technology Development Co., Ltd.
  5533. score NOVA_CN 1.5
  5534.  
  5535. header SDHT_NET_CN X-Spam-Relays-Untrusted =~ /^\[ ip=180\.18[67](?:\.\d{1,3}){2} /
  5536. describe SDHT_NET_CN [CN]Beijing Telvison Telecom Engineering Corporation Limited
  5537. score SDHT_NET_CN 1.5
  5538.  
  5539. header HAOWEIGAOKE_CN X-Spam-Relays-Untrusted =~ /^\[ ip=114\.114(?:\.\d{1,3}){2} /
  5540. describe HAOWEIGAOKE_CN [CN]FHAOWEIGAOKE TECHOLOGIES CO.,LTD
  5541. score HAOWEIGAOKE_CN 1.5
  5542.  
  5543. header CAPITALNETWORK_CN X-Spam-Relays-Untrusted =~ /^\[ ip=211\.102(?:\d|\d\d|1[01]\d|12[0-7])\.\d{1,3} /
  5544. describe CAPITALNETWORK_CN [CN]Capital network, LTD
  5545. score CAPITALNETWORK_CN 1.5
  5546.  
  5547. # (?:1[3-9]\d|20[0-8])
  5548. header PRIMETELECOM_CN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:58\.3[01]|203\.20[0-8])(?:\.\d{1,3}){2}|125\.208\.(?:\d|[12]\d|3[01])\.\d{1,3}) /
  5549. describe PRIMETELECOM_CN [CN]Beijing Primezone Technologies Inc.
  5550. score PRIMETELECOM_CN 1.5
  5551.  
  5552. header HKDNET_CN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:183\.182\.(?:\d|[12]\d|3[01])|202\.131\.(?:4[89]|5\d|6[0-3]))\.\d{1,3} /
  5553. describe HKDNET_CN [CN]HongKong Dragon-NET InternaTional Co., Ltd.
  5554. score HKDNET_CN 1.5
  5555.  
  5556. header BITNET_CN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:115\.18[123](?:\.\d{1,3}){2}|211\.103\.(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3}) /
  5557. describe BITNET_CN [CN]Beijing Bitone United Networks Technology Service Co.,Ltd
  5558. score BITNET_CN 1.5
  5559.  
  5560. # ZHENGZHOUZITIAN NETWORKS TECHNOLOGY CO.,LTD
  5561. # SUNINFO-MDC
  5562. header PUTIAN_CN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:114\.11[2-5]|119\.57)(?:\.\d{1,3}){2}|122\.102\.(?:\d|1[0-5])\.\d{1,3}) /
  5563. describe PUTIAN_CN [CN]22D, No.1 building, International Pioneering Park No2. Xinxi Road, Shangdi, Haidian district, Beijingg
  5564. score PUTIAN_CN 1.5
  5565.  
  5566. header WEEK5_CN X-Spam-Relays-Untrusted =~ /^\[ ip=111\.67\.(?:19[2-9]|20[0-7])\.\d{1,3} /
  5567. describe WEEK5_CN [CN]Beijing Lingse Feidian Network Science&Technology Co Ltd No. 2 Unit 3 Tiantongyuan East, Beijing ,China
  5568. score WEEK5_CN 1.5
  5569.  
  5570. header GUANGZHOUHONGXUNWANGDING_CN X-Spam-Relays-Untrusted =~ /^\[ ip=211\.102\.(?:8\d|9[0-5])\.\d{1,3} /
  5571. describe GUANGZHOUHONGXUNWANGDING_CN [CN]2308 Yinlaige, #22 Jinsui Road, Guangzhou Guangdong Provice P.R.China
  5572. score GUANGZHOUHONGXUNWANGDING_CN 1.5
  5573.  
  5574. header ABITCOOL_CN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:59\.151\.(?:\d|\d\d|1[01]\d|12[0-7])|120\.132\.(?:12[89]|1[3-9]\d|2\d\d))\.\d{1,3} /
  5575. describe ABITCOOL_CN [CN]Abitcool(China) Inc. Beijing, China
  5576. score ABITCOOL_CN 1.5
  5577.  
  5578. header BESTINFONET_CN X-Spam-Relays-Untrusted =~ /^\[ ip=210\.76\.(?:9[6-9]|10\d|11[0-5])\.\d{1,3} /
  5579. describe BESTINFONET_CN [CN]Beijing Software Industry Productivity Center F12, Baiyan Building, NO.238, Beisihuanzhong Road, Haidian District, Beijing, P.R. China
  5580. score BESTINFONET_CN 1.5
  5581.  
  5582. header LINKTOM_CN X-Spam-Relays-Untrusted =~ /^\[ ip=61\.4\.8[0-3]\.\d{1,3} /
  5583. describe LINKTOM_CN [CN]Beijing Linktom Network Technology Co.,Ltd. No.132,Zhichun Road,Haidian District,Beijing,China
  5584. score LINKTOM_CN 1.5
  5585.  
  5586. header CSTNET_CN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:116\.213\.(?:6[4-9]|[789]\d|[12]\d\d)|118\.26\.1(?:8[4-9]|9[01])|(?:124\.1[67]|159\.226)\.\d{1,3}|202\.170\.2(?:1[6-9]|2[0-3]))\.\d{1,3} /
  5587. describe CSTNET_CN [CN]China Science & Technology Network No.4,4th South Street, Zhong Guan Cun, Haidian District, P.O.Box 349,Beijing 100080
  5588. score CSTNET_CN 1.5
  5589.  
  5590. header CCCNET_CN X-Spam-Relays-Untrusted =~ /^\[ ip=202\.165\.1(?:7[6-9]|8\d|9[01])\.\d{1,3} /
  5591. describe CCCNET_CN [CN]China Communication Co., Ltd Tower F.12# Yumin Road, Chaoyang District, descr: P.R.China
  5592. score CCCNET_CN 1.5
  5593.  
  5594. header XUNTONG_CN X-Spam-Relays-Untrusted =~ /^\[ ip=120\.72\.(?:3[2-9]|[45]\d|6[0-3])\.\d{1,3} /
  5595. describe XUNTONG_CN [CN]Beijing zhonglian xuntong co.,ltd No.1 xichengqu sanlihe Beijing
  5596. score XUNTONG_CN 1.5
  5597.  
  5598. header NET263_CN X-Spam-Relays-Untrusted =~ /^\[ ip=211\.99\.2(?:2[4-9]|[345]\d)\.\d{1,3} /
  5599. describe NET263_CN [CN]NET263 Group in China. 16th floor,JianDa Buliding ,14 East Tucheng Road,Heping Li Chaoyang Distric,Beijing , P.R.CHINA
  5600. score NET263_CN 1.5
  5601.  
  5602. header RITELE_CN X-Spam-Relays-Untrusted =~ /^\[ ip=124\.12[67](?:\.\d{1,3}){2} /
  5603. describe RITELE_CN [CN]Research Institution of Telecom No.1 Gaojiayuan,Xicheng District,Beijing,China
  5604. score RITELE_CN 1.5
  5605.  
  5606. header I4HKLIMITED_CN X-Spam-Relays-Untrusted =~ /^\[ ip=223\.252\.1(?:[678]\d|9[01])\.\d{1,3} /
  5607. describe I4HKLIMITED_CN [CN]Rm A19, 2/F, Wofoo Building, 204-210 Texaco Road. Tsuen Wan. NT. HK
  5608. score I4HKLIMITED_CN 1.5
  5609.  
  5610. header XRNET_CN X-Spam-Relays-Untrusted =~ /^\[ ip=115\.47(?:\.\d{1,3}){2} /
  5611. describe XRNET_CN [CN]Beijing XiRang Media Cultural Co., Ltd. Build A6-1702,Fenghuahaojing,No.6 Guanganmennei Road Xuanwu, Beijing, China, 100053
  5612. score XRNET_CN 1.5
  5613.  
  5614. header SANXIN_CN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:60\.206|123\.62)(?:\.\d{1,3}){2}|110\.232\.(?:3[2-9]|[45]\d|6[0-3])\.\d{1,3}) /
  5615. describe SANXIN_CN [CN]Beijing Sanxin Shidai Co. Ltd 1513 Xinjishu building Beijing link west road, Haidian District, Beijing, PRC
  5616. score SANXIN_CN 1.5
  5617.  
  5618. header BJSKIDC_CN X-Spam-Relays-Untrusted =~ /^\[ ip=119\.161\.(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3} /
  5619. describe BJSKIDC_CN [CN]Beijing Capital Telecom Co.,LTD No.B2-2809 Phoenix Town No.5 ShuguangLi. Chaoyang District. Beijing
  5620. score BJSKIDC_CN 1.5
  5621.  
  5622. header HTXX_CN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:122\.0\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])|202\.180\.1(?:2[89]|[345]\d))\.\d{1,3} /
  5623. describe HTXX_CN [CN]HuaBei Oil Communication CO. Information Center huizhan street, Renqiu city, Hebei
  5624. score HTXX_CN 1.5
  5625.  
  5626.  
  5627. header DIGILAND_CN X-Spam-Relays-Untrusted =~ /^\[ ip=113\.11\.(?:19[2-9]|2[01]\d|22[0-3])\.\d{1,3} /
  5628. describe DIGILAND_CN [CN]Beijing Digiland media technology Co. Ltd Apt2 No5 Jinyuanzhuang AVE shijingshan district Beijing
  5629. score DIGILAND_CN 1.5
  5630.  
  5631. header ZSPNET_CN X-Spam-Relays-Untrusted =~ /^\[ ip=202\.85\.2(?:0[89]|1\d|2[0-3])\.\d{1,3} /
  5632. describe ZSPNET_CN [CN]BEIJING ZHONGGUANCUN SOFTWARE PARK DEVELOPMENT CO.,Ltd. P.O.Box 5118,Zhongguancun Software Park, Haidian District, Beijing P.R.C.
  5633. score ZSPNET_CN 1.5
  5634.  
  5635. header DIGITALWAYS_CN X-Spam-Relays-Untrusted =~ /^\[ ip=124\.14\.(?:\d|[1-5]\d|6[0-3])\.\d{1,3} /
  5636. describe DIGITALWAYS_CN [CN]FOR BEIJING Digitalways ACCESS IN SHANGHAI
  5637. score DIGITALWAYS_CN 1.5
  5638.  
  5639. header GIANT_CN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:116\.255\.(?:12[89]|1[3-9]\d|2\d\d)|203\.171\.2(?:2[4-9]|3\d))\.\d{1,3} /
  5640. describe GIANT_CN [CN]ZhengZhou GIANT Computer Network Technology Co., Ltd Room 701 Information Building NO.144 Garden Road, Zhenzhou Henan, P.R.China
  5641. score GIANT_CN 1.5
  5642.  
  5643. header HICHINA_CN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:112\.12[4-7]|114\.215|121\.19[6-9]|223\.[4-7])(?:\.\d{1,3}){2} /
  5644. describe HICHINA_CN [CN]HiChina Web Solutions (Beijing) Limited No.27 Gulouwai Avenue,Dongcheng District, Beijing 100011,China
  5645. score HICHINA_CN 1.5
  5646.  
  5647. header PUNET_CN X-Spam-Relays-Untrusted =~ /^\[ ip=162\.105(?:\.\d{1,3}){2} /
  5648. describe PUNET_CN [CN]imported inetnum object for PEKING
  5649. score PUNET_CN 1.5
  5650.  
  5651. header TIANLIANHUTONG_NET_CN X-Spam-Relays-Untrusted =~ /^\[ ip=122\.11\.4[0-7]\.\d{1,3} /
  5652. describe TIANLIANHUTONG_NET_CN [CN]BEIJING TIANLIANHUTONG TECHNOLOGY DEVELOPMET CO., LTD 2302 ZhongYu Plaza No.Jia-6 GongTiBeiRoad ChaoYang District BeiJing
  5653. score TIANLIANHUTONG_NET_CN 1.5
  5654.  
  5655. header ALISOFT_CN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:42\.12[01]\.\d{1,3}|110\.75\.1(?:[678]\d|9[01]))\.\d{1,3} /
  5656. describe ALISOFT_CN [CN]Aliyun Computing Co., LTD 5F, Builing D, the West Lake International Plaza of S&T No.391 Wen'er Road, Hangzhou, Zhejiang, China, 310099
  5657. score ALISOFT_CN 1.5
  5658.  
  5659. header MUL_MINDING_CN X-Spam-Relays-Untrusted =~ /^\[ ip=211\.106\.(?:9[6-9]|10[0-3])\.\d{1,3} /
  5660. describe MUL_MINDING_CN [CN]Mul-minding Net Technology Com. Ltd. Rm.902,North Real Estate Building, Build. No.3, #81Yuan , ZiZhuyuan Rd, Haidian Dist., Beijing
  5661. score MUL_MINDING_CN 1.5
  5662.  
  5663. header EDONGNET_CN X-Spam-Relays-Untrusted =~ /^\[ ip=203\.191\.1(?:4[4-9]|5\d)\.\d{1,3} /
  5664. describe EDONGNET_CN [CN]Edong Network
  5665. score EDONGNET_CN 1.5
  5666.  
  5667. header WSNET_CN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:14|123)\.19[67](?:\.\d{1,3}){2} /
  5668. describe WSNET_CN [CN]Beijing Weishichuangjie Technical Development Co.,Ltd.
  5669. score WSNET_CN 1.5
  5670.  
  5671. header NORTHSTAR_CN X-Spam-Relays-Untrusted =~ /^\[ ip=111\.1(?:2[89]|[345]\d)(?:\.\d{1,3}){2} /
  5672. describe NORTHSTAR_CN [CN]North Star Information Hi.tech Ltd. Co. No.18, Beifengwo Road, Haidian District, Beijing, China, 100038
  5673. score NORTHSTAR_CN 1.5
  5674.  
  5675. header FOREST_ETERNAL_CN X-Spam-Relays-Untrusted =~ /^\[ ip=118\.26\.(?:19[2-9]|2\d\d)\.\d{1,3} /
  5676. describe FOREST_ETERNAL_CN [CN]Forest Eternal Communication Tech. co.ltd Rm.902,North Real Estate Building, Build. No.3 #81Yuan,Haidian District,Beijing
  5677. score FOREST_ETERNAL_CN 1.5
  5678.  
  5679.  
  5680. # 60.48.0.0 - 60.54.255.255
  5681. # 202.75.32.0 - 202.75.63.255
  5682. # 218.208.128.0 - 218.208.255.255
  5683. # 219.92.0.0 - 219.93.255.255
  5684. # 219.94.0.0 - 219.94.127.255
  5685. # 202.71.96.0 - 202.71.111.255
  5686. # header XDSLSTREAMYX X-Spam-Relays-Untrusted =~ /ip=(60\.(4[89]|5[0-4])(\.\d{1,3}){2}|(202\.75\.(3[2-9]|[45]\d|6[0-3])|218\.208\.(12[89]|1[3-9]\d|2[0-4]\d|25[0-5]))\.\d{1,3}) .+ident= envfrom= intl=0 /
  5687. # 218.111.0.0 - 218.111.255.255
  5688. # 219.95.0.0 - 219.95.255.255
  5689. # 218.208.0.0 - 218.208.255.255
  5690. # 118.100.0.0 - 118.101.255.255
  5691. # 124.13.0.0 - 124.13.255.255
  5692. header XDSLSTREAMYX X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:60\.(?:4[89]|5[0-4])|118\.10[01]|124\.(?:13|82)|175\.1(?:3[6-9]|4[0-3])|218\.(?:111|208)|219\.9[235])(?:\.\d{1,3}){2}|(?:202\.71\.(?:9[6-9]|10\d|11[01])|202\.75\.(?:3[2-9]|[45]\d|6[0-3])|218\.208\.(?:12[89]|1[3-9]\d|2\d\d)|219\.94\.(?:\d|\d\d|1[01]\d|12[0-7]))\.\d{1,3}) /
  5693. describe XDSLSTREAMYX [MY]Telekom Malaysia Berhad
  5694. score XDSLSTREAMYX 1.5
  5695.  
  5696. # 210.48.144.0 - 210.48.159.255
  5697. # TMNET
  5698. header TM_IDC_MY X-Spam-Relays-Untrusted =~ /^\[ ip=(?:58\.26\.\d{1,3}|58\.27\.(?:\d|\d\d|1[01]\d|12[0-7])|119\.110\.(?:9[6-9]|10\d|11[01])|210\.48\.1(?:4[4-9]|5\d))\.\d{1,3} /
  5699. describe TM_IDC_MY [MY]TM NET SDN BHD
  5700. score TM_IDC_MY 1.5
  5701.  
  5702. # 116.0.96.0 - 116.0.127.255
  5703. header AIMS_MY X-Spam-Relays-Untrusted =~ /ip=116\.0\.(9[6-9]|1[01]\d|12[0-7])\.\d{1,3} [^\[\]]+ident= envfrom= intl=0 /
  5704. describe AIMS_MY [MY]Applied Information Management Services Kuala Lumper Malaysia
  5705. score AIMS_MY 1.5
  5706.  
  5707. # 203.188.232.0 - 203.188.239.255
  5708. header EXTREME_MY X-Spam-Relays-Untrusted =~ /ip=203\.188\.23[2-9]\.\d{1,3} [^\[\]]+ident= envfrom= intl=0 /
  5709. describe EXTREME_MY [MY]Extreme Broadband Sdn. Bhd.
  5710. score EXTREME_MY 1.5
  5711.  
  5712. header PIRADIUS_MY X-Spam-Relays-Untrusted =~ /^\[ ip=(?:111\.90\.1(?:2[89]|[345]\d)|124\.217\.2(?:2[4-9]|[345]\d))\.\d{1,3} /
  5713. describe PIRADIUS_MY [MY]PIRADIUS NET Unit 21-3A, Level 21 Plaza DNP 59, Jalan Abdullah Tahir Taman Century Garden 80300 Johor Bahru, Johor Malaysia
  5714. score PIRADIUS_MY 1.5
  5715.  
  5716. header MAXISNET_MY X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:113\.21[01]|121\.12[0-3])\.\d{1,3}|202\.75\.1(?:2[89]|[345]\d)|202\.151\.(?:19[2-9]|2\d\d))\.\d{1,3} /
  5717. describe MAXISNET_MY [MY]Maxis Broadband Sdn Bhd Jalan Delima 1/1 Subang Hi-Tech Industrial Park 40000 Shah Alam, Selangor, Malaysia
  5718. score MAXISNET_MY 1.5
  5719.  
  5720. header DIGI_MY X-Spam-Relays-Untrusted =~ /^\[ ip=(?:115\.164|116\.197|182\.6[23])(?:\.\d{1,3}){2} /
  5721. describe DIGI_MY [MY]DiGi Telecommunications Sdn Bhd
  5722. score DIGI_MY 1.5
  5723.  
  5724. header P1NETWORKS_MY X-Spam-Relays-Untrusted =~ /^\[ ip=(?:120\.1(?:39|4[01])|180\.7[2-5])(?:\.\d{1,3}){2} /
  5725. describe P1NETWORKS_MY [MY]Packet One Networks (M) Sdn Internet Service Provider Kuala Lumpur, Malaysia
  5726. score P1NETWORKS_MY 1.5
  5727.  
  5728. header JARING_MY X-Spam-Relays-Untrusted =~ /^\[ ip=202\.1(?:8[4-7]|90)(?:\.\d{1,3}){2} /
  5729. describe JARING_MY [MY]JARING Communications Sdn Bhd Technology Park Malaysia 57000 Kuala Lumpur
  5730. score JARING_MY 1.5
  5731.  
  5732. header TIMETELEKOM_MY X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:210\.19|211\.2[45])(?:\.\d{1,3}){2}|203\.121\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])\.\d{1,3}) /
  5733. describe TIMETELEKOM_MY [MY]TIME Telecommunications Sdn Bhd Kuala Lumpur
  5734. score TIMETELEKOM_MY 1.5
  5735.  
  5736. header FREENET_MY X-Spam-Relays-Untrusted =~ /^\[ ip=209\.9\.(?:9[6-9]|10\d|11[01])\.\d{1,3} /
  5737. describe FREENET_MY [MY]Free Net Business Solutions Sdn Bhd ISP Network Cyberjaya, Malaysia
  5738. score FREENET_MY 1.5
  5739.  
  5740. header CNXNET_MY X-Spam-Relays-Untrusted =~ /^\[ ip=(?:202\.46\.1(?:1[2-9]|2[0-7])|203\.142\.(?:3[2-9]|[45]\d|6[0-3]))\.\d{1,3} /
  5741. describe CNXNET_MY [MY]Wireless Broadband Service Provider, Malaysia
  5742. score CNXNET_MY 1.5
  5743.  
  5744. header CELCOMNET_MY X-Spam-Relays-Untrusted =~ /^\[ ip=203\.82\.(?:6[4-9]|[78]\d|9[0-5])\.\d{1,3} /
  5745. describe CELCOMNET_MY [MY]Celcom Internet Service Provider
  5746. score CELCOMNET_MY 1.5
  5747.  
  5748. header YTLCOMMS_MY X-Spam-Relays-Untrusted =~ /^\[ ip=183\.78\.(?:\d|\d\d|1[01]\d|12[0-7])\.\d{1,3} /
  5749. describe YTLCOMMS_MY [MY]YTL COMMUNICATIONS SDN BHD
  5750. score YTLCOMMS_MY 1.5
  5751.  
  5752. header GITN_MY X-Spam-Relays-Untrusted =~ /^\[ ip=(?:202\.60\.5[6-9]|203\.127\.17[6-9])\.\d{1,3} /
  5753. describe GITN_MY [MY]Gitn-schoolnet-my Internet Service Provider GITN Sdn. Bhd. 31st Floor Menara TM, Jln Pantai Baharu, 50672 Kuala Lumpur
  5754. score GITN_MY 1.5
  5755.  
  5756.  
  5757.  
  5758. # 203.113.128.0 - 203.113.191.255
  5759. # header VIETEL_VNNIC_VN X-Spam-Relays-Untrusted =~ /ip=203\.113\.1(2[89]|[3-8]\d|9[01])\.\d{1,3} [^\[\]]+ident= envfrom= intl=0 /
  5760. header VIETEL_VNNIC_VN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:27\.(?:6[4-9]|7\d)|115\.7[2-9]|117\.[0-7]|125\.23[45]|171\.2(?:2[4-9]|[345]\d))(?:\.\d{1,3}){2}|(?:203\.113\.1(?:2[89]|[3-8]\d|9[01])|210\.211\.(?:9[6-9]|1[01]\d|12[0-7]))\.\d{1,3}) /
  5761. describe VIETEL_VNNIC_VN [VN]Vietel Corporation - Internet service/exchange provider
  5762. score VIETEL_VNNIC_VN 1.5
  5763.  
  5764. # 222.252.0.0 - 222.255.255.255
  5765. # 203.210.128.0 - 203.210.255.255
  5766. # header VNPT_VNNIC_VN X-Spam-Relays-Untrusted =~ /ip=(203\.210\.(12[89]|1[3-9]\d|2[0-4]\d|25[0-5])\.\d{1,3}|222\.25[2-5](\.\d{1,3}){2}) [^\[\]]+ident= envfrom= intl=0 /
  5767. header VNPT_VNNIC_VN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:203\.210\.(?:12[89]|1[3-9]\d|2\d\d)|221\.132\.(?:\d|[1-5]\d|6[0-3]))\.\d{1,3}|(?:(?:14|113)\.1(?:[678]\d|9[01])|14\.2(?:2[4-9]|[345]\d)|123\.(?:1[6-9]|2\d|3[01])|222\.25[2-5])(?:\.\d{1,3}){2}) /
  5768. describe VNPT_VNNIC_VN [VN]Vietnam Posts and Telecommunications Corp (VNPT)
  5769. score VNPT_VNNIC_VN 1.5
  5770.  
  5771. # 222.253.32.0 - 222.253.175.255
  5772. header HCMPT_NET_VN X-Spam-Relays-Untrusted =~ /ip=222\.253\.(3[2-9]|[4-9]\d|1[0-6]\d|17[0-5])\.\d{1,3} [^\[\]]+ident= envfrom= intl=0 /
  5773. describe HCMPT_NET_VN [VN]Ho Chi Minh City Post and Telecom Company
  5774. score HCMPT_NET_VN 1.5
  5775.  
  5776. header ETC_VNNIC_VN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:116\.(?:9[6-9]|10\d|11[01])(?:\.\d{1,3}){2}|125\.214\.(?:\d|[1-5]\d|6[0-3])\.\d{1,3}) /
  5777. describe ETC_VNNIC_VN [VN]Electric Telecommunication Company
  5778. score ETC_VNNIC_VN 1.5
  5779.  
  5780. # header FPT_NET_VN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:58\.18[67]|118\.(?:6[89]|7[01]))(?:\.\d{1,3}){2} /
  5781. header FPT_NET_VN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:1\.5[2-5]|42\.11[2-9]|58\.18[67]|113\.22|118\.(?:6[89]|7[01])|183\.80)(?:\.\d{1,3}){2}|(?:(?:113\.23|183\.81)\.(?:\d|\d\d|1[01]\d|12[0-7])|210\.245\.8[0-7])\.\d{1,3}) /
  5782. describe FPT_NET_VN [VN]FPT Broadband Service
  5783. score FPT_NET_VN 1.5
  5784.  
  5785. header SCTV_VN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:27\.[23]|112\.197)(?:\.\d{1,3}){2} /
  5786. describe SCTV_VN [VN]SaiGon Tourist Cable Television
  5787. score SCTV_VN 1.5
  5788.  
  5789. # ADSL-NET
  5790. header SPT_VN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:116\.118\.(?:\d|\d\d|1[01]\d|12[0-7])|180\.93\.\d{1,3}|221\.133\.2[4-7])\.\d{1,3} /
  5791. describe SPT_VN [VN]ADSL service
  5792. score SPT_VN 1.5
  5793.  
  5794. # 119.15.160.0 - 119.15.184.255
  5795. # 210.86.224.0 - 210.86.239.255
  5796. # FTTX-NET
  5797. header NETNAM_VN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:119\.15\.1(?:[67]\d|8[0-4])|183\.91\.\d|210\.86\.2(?:2[4-9]|3\d))\.\d{1,3} /
  5798. describe NETNAM_VN [VN]NetNam Corporation Internet service provider
  5799. score NETNAM_VN 1.5
  5800.  
  5801. header HUT_VN X-Spam-Relays-Untrusted =~ /^\[ ip=202\.191\.5[6-9]\.\d{1,3} /
  5802. describe HUT_VN [VN]Hanoi Universsity of Technology Number 1, Dai Co Viet str, Hai Ba Trung Dist, Ha Noi
  5803. score HUT_VN 1.5
  5804.  
  5805. # GTEL-NET
  5806. header GTEL_VN X-Spam-Relays-Untrusted =~ /^\[ ip=183\.91\.1(?:[678]\d|9[01])\.\d{1,3} /
  5807. describe GTEL_VN [VN]Global Telecom Corp 20 Phan Boi Chau str, Hoan Kiem Dist
  5808. score GTEL_VN 1.5
  5809.  
  5810.  
  5811.  
  5812.  
  5813. # 202.159.0.0 - 202.159.127.255
  5814. header INDONET_ID X-Spam-Relays-Untrusted =~ /ip=202\.159\.(\d|[1-9]\d|1[01]\d|12[0-7])\.\d{1,3} [^\[\]]+ident= envfrom= intl=0 /
  5815. describe INDONET_ID [ID]PT. IndoInternet
  5816. score INDONET_ID 1.5
  5817.  
  5818. # 222.124.0.0 - 222.124.255.255
  5819. # 203.130.192.0 - 203.130.255.255
  5820. # 202.3.208.0 - 202.3.223.255
  5821. # header TELKOMNET_ID X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:114\.12[0-7]|118\.9[67]|125\.16[0-7]|182\.(?:\d|1[0-5])|222\.124)(?:\.\d{1,3}){2}|110\.138\.(?:\d|[012]\d|3[01])\.\d{1,3}|125\.163\.1(?:2[89]|[3-8]\d|9[01])\.\d{1,3}|202\.3\.2(?:0[89]|1\d|2[0-3])\.\d{1,3}|203\.130\.(?:19[2-9]|2\d\d)\.\d{1,3}) /
  5822. # header TELKOMNET_ID X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:61\.94|110\.13[6-9]|114\.12[0-7]|118\.9[67]|125\.16[0-7]|180\.2(?:4\d|5[0-4])|182\.(?:\d|1[0-5])|222\.124)(?:\.\d{1,3}){2}|110\.136\.1(?:1[2-9]|[23]\d|4[0-3])\.\d{1,3}|110\.138\.(?:\d|[012]\d|3[01])\.\d{1,3}|110\.139\.(?:4[89]|[5-8]\d|9[0-5])\.\d{1,3}|118\.98\.(?:\d|\d\d|1[01]\d|12[0-7])\.\d{1,3}|125\.163\.1(?:2[89]|[3-8]\d|9[01])\.\d{1,3}|202\.3\.2(?:0[89]|1\d|2[0-3])\.\d{1,3}|203\.130\.(?:19[2-9]|2\d\d)\.\d{1,3}) /
  5823. # mnt-by: MAINT-TELKOMNET
  5824. # mnt-irt: IRT-IDTELKOM-ID
  5825. # PT. TELKOM INDONESIA
  5826. header TELKOMNET_ID X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:39\.(?:19[2-9]|2\d\d)|61\.94|110\.13[6-9]|114\.12[0-7]|118\.9[67]|125\.16[0-7]|180\.2(?:4\d|5[0-4])|182\.(?:\d|1[0-5])|222\.124)(?:\.\d{1,3}){2}|(?:36\.74\.2(?:2[4-9]|3\d])|36\.75\.(?:4[89]|5\d]|6[0-3])|110\.136\.1(?:1[2-9]|[23]\d|4[0-3])|110\.138\.(?:\d|[012]\d|3[01])|110\.139\.(?:4[89]|[5-8]\d|9[0-5])|(?:61\.5|118\.98)\.(?:\d|\d\d|1[01]\d|12[0-7])|125\.163\.1(?:2[89]|[3-8]\d|9[01])|202\.3\.2(?:0[89]|1\d|2[0-3])|203\.130\.(?:19[2-9]|2\d\d))\.\d{1,3}) /
  5827. describe TELKOMNET_ID [ID]PT. TELEKOMUNIKASI INDONESIA
  5828. score TELKOMNET_ID 1.5
  5829.  
  5830. # 202.150.224.0 - 202.150.255.255
  5831. header ASIANET_ID X-Spam-Relays-Untrusted =~ /ip=202\.150\.2(2[4-9]|[345]\d)\.\d{1,3} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  5832. describe ASIANET_ID [ID]PT.Medialintas Antar Buana
  5833. score ASIANET_ID 1.5
  5834.  
  5835. header BM_ID X-Spam-Relays-Untrusted =~ /^\[ ip=(?:61\.247\.(?:[\d|[1-5]\d|6[0-3])\.\d{1,3}|(?:118\.13[67]|139\.(?:19[2-5]|255))(?:\.\d{1,3}){2}) /
  5836. describe BM_ID [ID]PT. Broadband Multimedia, Tbk
  5837. score BM_ID 1.5
  5838.  
  5839. # 219.83.0.0 - 219.83.127.255
  5840. # 114.56.0.0 - 114.59.255.255
  5841. header INDOSAT_ID X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:114\.5[6-9]|120\.1(?:[678]\d|9[01])|124\.81|182\.30)(?:\.\d{1,3}){2}|202\.93\.(?:3[2-9]|4[0-7])\.\d{1,3}|202\.152\.1(?:6\d|7[0-5])\.\d{1,3}|202\.155\.(?:9[6-9]|1[01]\d|12[0-7])\.\d{1,3}|(?:124\.195|219\.83)\.(?:\d|\d\d|1[01]\d|12[0-7])\.\d{1,3}) /
  5842. describe INDOSAT_ID [ID]Indosat Internet Service Provider
  5843. score INDOSAT_ID 1.5
  5844.  
  5845. header JARDIKNAS_ID X-Spam-Relays-Untrusted =~ /^\[ ip=118\.98\.(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3} /
  5846. describe JARDIKNAS_ID [ID]Departemen Pendidikan Nasional Tim Data Center Jardiknas
  5847. score JARDIKNAS_ID 1.5
  5848.  
  5849. # 202.57.0.0 - 202.57.15.255
  5850. header PRIMANET_ID X-Spam-Relays-Untrusted =~ /^\[ ip=202\.57\.(?:\d|1[0-5])\.\d{1,3} /
  5851. describe PRIMANET_ID [ID]PRIMANET - ISP
  5852. score PRIMANET_ID 1.5
  5853.  
  5854. header ISATNET_ID X-Spam-Relays-Untrusted =~ /^\[ ip=58\.65\.24[0-7]\.\d{1,3} /
  5855. describe ISATNET_ID [ID]PT Insan Sarana Telematika
  5856. score ISATNET_ID 1.5
  5857.  
  5858. header FASTNET_ID X-Spam-Relays-Untrusted =~ /^\[ ip=(?:111\.9[45]|118\.13[67])(?:\.\d{1,3}){2} /
  5859. describe FASTNET_ID [ID]PT. First Media, Tbk. ISP Jakarta - 12950
  5860. score FASTNET_ID 1.5
  5861.  
  5862. header CNI_ID X-Spam-Relays-Untrusted =~ /^\[ ip=116\.66\.20[0-7]\.\d{1,3} /
  5863. describe CNI_ID [ID]PT Cyber Network Indonesia
  5864. score CNI_ID 1.5
  5865.  
  5866. header JASNITA_ID X-Spam-Relays-Untrusted =~ /^\[ ip=202\.146\.1(?:2[89]|[345]\d)\.\d{1,3} /
  5867. describe JASNITA_ID [ID]PT. Jasnita Telekomindo
  5868. score JASNITA_ID 1.5
  5869.  
  5870. header MOBILE8_ID X-Spam-Relays-Untrusted =~ /^\[ ip=203\.128\.2(?:4[89]|5[01])\.\d{1,3} /
  5871. describe MOBILE8_ID [ID]Jl. Kuningan Barat No 8 Jakarta 12710
  5872. score MOBILE8_ID 1.5
  5873.  
  5874. header HASINDONET_ID X-Spam-Relays-Untrusted =~ /^\[ ip=116\.0\.[0-7]\.\d{1,3} /
  5875. describe HASINDONET_ID [ID]PT Hasindo Net Ruko Mega Sunter B/6 lt.3 Jl. Danau Sunter Selatan Jakarta
  5876. score HASINDONET_ID 1.5
  5877.  
  5878. header DIGINET_ID X-Spam-Relays-Untrusted =~ /^\[ ip=122\.200\.(?:4[89]|5[0-5])\.\d{1,3} /
  5879. describe DIGINET_ID [ID]PT Digital Wireless Indonesia ISP Gedung Cyber 7th Floor Jl. Kuningan Barat No 8, Jakarta 12710
  5880. score DIGINET_ID 1.5
  5881.  
  5882. header DNET_ID X-Spam-Relays-Untrusted =~ /^\[ ip=202\.148\.(?:\d|[12]\d|3[01])\.\d{1,3} /
  5883. describe DNET_ID [ID]Dnet Surabaya Promenade Arcade, Hyatt Regency Hotel Jl. Basuki Rachmat 106-128 Surabaya 60271 - INDONESIA
  5884. score DNET_ID 1.5
  5885.  
  5886. header NETZAP_ID X-Spam-Relays-Untrusted =~ /^\[ ip=114\.199\.(?:9[6-9]|1[01]\d|12[0-7])\.\d{1,3} /
  5887. describe NETZAP_ID [ID]netZAP Wireless Broadband Provider
  5888. score NETZAP_ID 1.5
  5889.  
  5890. header THREE_ID X-Spam-Relays-Untrusted =~ /^\[ ip=(?:180\.214\.23[2-5]|223\.255\.2(?:2[4-9]|3[01]))\.\d{1,3} /
  5891. describe THREE_ID [ID]PT Hutchison CP Telecommunications Corporate / Direct Member IDNIC 10/F Menara Mulia Jl. Jend. Gatot Subroto Kav 9-11 Jakarta Selatan 12930 DKI Jakarta
  5892. score THREE_ID 1.5
  5893.  
  5894. header CYBERPLUS_ID X-Spam-Relays-Untrusted =~ /^\[ ip=114\.141\.(?:4[89]|5[0-5])\.\d{1,3} /
  5895. describe CYBERPLUS_ID [ID]PT Cyberplus Media Pratama Jl. Delta Barat XII Blok C / 137 Delta Pekayon Jaya Bekasi - Jawa Barat
  5896. score CYBERPLUS_ID 1.5
  5897.  
  5898. header XLNET_ID X-Spam-Relays-Untrusted =~ /^\[ ip=(?:112\.215\.\d{1,3}|121\.52\.(?:\d|\d\d|1[01]\d|12[0-7])|202\.152\.2(?:2[4-9]|[345]\d))\.\d{1,3} /
  5899. describe XLNET_ID [ID]Excelcomindo Pratama, PT. Cellular, GPRS and Internet Service Provider
  5900. score XLNET_ID 1.5
  5901.  
  5902. header DAKARA_ID X-Spam-Relays-Untrusted =~ /^\[ ip=203\.160\.(?:5[6-9]|6[0-3])\.\d{1,3} /
  5903. describe DAKARA_ID [ID]Infrastruktur Dakara Jl. Gatot Subroto Kav. 58 Kuningan Timur Setiabudi Jakarta Selatan, DKI Jakarta
  5904. score DAKARA_ID 1.5
  5905.  
  5906. header LINTASARTA_ID X-Spam-Relays-Untrusted =~ /^\[ ip=(?:182\.23\.(?:\d|\d\d|1[01]\d|12[0-7])|183\.91\.(?:6[4-9]|[78]\d|9[0-5])|202\.152\.(?:\d|[12]\d|3[01]))\.\d{1,3} /
  5907. describe LINTASARTA_ID [ID]PT Aplikanusa Lintasarta MH Thamrin Kav 3 Menara Thamrin Bulding 12th Floor Jakarta 10250
  5908. score LINTASARTA_ID 1.5
  5909.  
  5910. header NAPINFO_ID X-Spam-Relays-Untrusted =~ /^\[ ip=110\.35\.8[0-7]\.\d{1,3} /
  5911. describe NAPINFO_ID [ID]NAP Info Lintas Nusa Jakarta, Indonesia
  5912. score NAPINFO_ID 1.5
  5913.  
  5914. header NTS_ID X-Spam-Relays-Untrusted =~ /^\[ ip=(?:110\.35\.8[0-7]|203\.78\.1(?:1[2-9]|2[0-7]))\.\d{1,3} /
  5915. describe NTS_ID [ID]allocated for ip pool for mobile data subs
  5916. score NTS_ID 1.5
  5917.  
  5918. header BIZNET_ID X-Spam-Relays-Untrusted =~ /^\[ ip=(?:117\.102\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])|203\.142\.(?:6[4-9]|7\d|8[0-7]))\.\d{1,3} /
  5919. describe BIZNET_ID [ID]Biznet ISP Internet Service Provider Jakarta, Indonesia
  5920. score BIZNET_ID 1.5
  5921.  
  5922. header NEUVIZ_ID X-Spam-Relays-Untrusted =~ /^\[ ip=203\.128\.(?:6[4-9]|[78]\d|9[0-5])\.\d{1,3} /
  5923. describe NEUVIZ_ID [ID]Jl. Hayam Wuruk No.1 RST Jakarta Pusat 10120 DKI Jakarta
  5924. score NEUVIZ_ID 1.5
  5925.  
  5926. header CEPATNET_ID X-Spam-Relays-Untrusted =~ /^\[ ip=202\.43\.1(?:7[6-9]|8\d|9[01])\.\d{1,3} /
  5927. describe CEPATNET_ID [ID]CepatNet PT. Mora Telematika Indonesia Gedung Dana Pensiun Telkom lt. 4 Jl. Panataran No. 9 Jakarta 10320
  5928. score CEPATNET_ID 1.5
  5929.  
  5930. header PEMDA_NAD_ID X-Spam-Relays-Untrusted =~ /^\[ ip=123\.108\.(?:9[6-9]|10[0-3])\.\d{1,3} /
  5931. describe PEMDA_NAD_ID [ID]Dinas Perhubungan,komunikasi, informasi dan Telematika -NAD Goverment Jl.Mayjed T.Hamzah Bendahara no.52 Banda Aceh NAD
  5932. score PEMDA_NAD_ID 1.5
  5933.  
  5934. header CERGISNETWORKS_ID X-Spam-Relays-Untrusted =~ /^\[ ip=122\.129\.(?:9[6-9]|1[01]\d)\.\d{1,3} /
  5935. describe CERGISNETWORKS_ID [ID]Cergis Route Object
  5936. score CERGISNETWORKS_ID 1.5
  5937.  
  5938. header ICONPLN_ID X-Spam-Relays-Untrusted =~ /^\[ ip=(?:103\.3\.7[6-9]|119\.252\.1(?:6\d|7[0-5])|202\.162\.2(?:0[89]|1\d|2[0-3]))\.\d{1,3} /
  5939. describe ICONPLN_ID [ID]PT Indonesia Comnets Plus JL PLN EHV Gandul CInere Depok 16512
  5940. score ICONPLN_ID 1.5
  5941.  
  5942. header HYPERNET_ID X-Spam-Relays-Untrusted =~ /^\[ ip=(?:120\.29\.15[2-9]|180\.178\.(?:9[6-9]|10\d|11[01]))\.\d{1,3} /
  5943. describe HYPERNET_ID [ID]PT. Hipernet Indodata Internet Service Provider Jakarta
  5944. score HYPERNET_ID 1.5
  5945.  
  5946. header MMS_ID X-Spam-Relays-Untrusted =~ /^\[ ip=119\.110\.68\.\d{1,3} /
  5947. describe MMS_ID [ID]Infrastructure_MMS_Jakarta_5 Maxindo Mitra Solusi, PT. Internet Service Provider
  5948. score MMS_ID 1.5
  5949.  
  5950. header WIRELESSNET_ID X-Spam-Relays-Untrusted =~ /^\[ ip=114\.79\.(?:\d|[1-5]\d|6[0-3])\.\d{1,3} /
  5951. describe WIRELESSNET_ID [ID]PT WIRELESS INDONESIA (PT SMART TELECOM) Jl. H Agus Salim No.45, Menteng Jakarta Pusat 10340
  5952. score WIRELESSNET_ID 1.5
  5953.  
  5954. header DAXA_ID X-Spam-Relays-Untrusted =~ /^\[ ip=111\.221\.4[0-3]\.\d{1,3} /
  5955. describe DAXA_ID [ID]PT Daxa Network International Corporate / Direct Member IDNIC Gedung Cyber Lt.10 Jl. Kuningan Barat No. 8 Jakarta Selatan DKI - Jakarta, 12710
  5956. score DAXA_ID 1.5
  5957.  
  5958. header MELSANET_ID X-Spam-Relays-Untrusted =~ /^\[ ip=202\.138\.2(?:2[4-9]|[345]\d)\.\d{1,3} /
  5959. describe MELSANET_ID [ID]Melsa-i-net Internet Service Provider Jl. Ir. H. Juanda 43 A - Bandung
  5960. score MELSANET_ID 1.5
  5961.  
  5962.  
  5963.  
  5964. # 203.109.128.0 - 203.109.255.255
  5965. header TIG_NZ X-Spam-Relays-Untrusted =~ /^\[ ip=(?:118\.9[23]\.\d{1,3}|203\.109\.(?:12[89]|1[3-9]\d|2\d\d))\.\d{1,3} /
  5966. describe TIG_NZ [NZ]The Internet Group Ltd.
  5967. score TIG_NZ 1.5
  5968.  
  5969. header CALLPLUS_NZ X-Spam-Relays-Untrusted =~ /^\[ ip=119\.224\.(?:\d|\d\d|1[01]\d|12[0-7])\.\d{1,3} /
  5970. describe CALLPLUS_NZ [NZ]CallPlus Services Limited
  5971. score CALLPLUS_NZ 1.5
  5972.  
  5973. # NZTELECOM
  5974. header FIPD_XTRA_NZ X-Spam-Relays-Untrusted =~ /^\[ ip=(?:122\.57|125\.23[6-9]|219\.8[89]|222\.15[2-5])(?:\.\d{1,3}){2} /
  5975. describe FIPD_XTRA_NZ [NZ]Telecom Xtra Telecom Internet Registry Level 9, Mayoral Drive BLDG Private Bag 92028 Auckland
  5976. score FIPD_XTRA_NZ 1.5
  5977.  
  5978. header TELSTRACLEAR_NZ X-Spam-Relays-Untrusted =~ /^\[ ip=(?:121\.7[2-5](?:\.\d{1,3}){2}|218\.101\.(?:\d|\d\d|1[01]\d|12[0-7])\.\d{1,3}) /
  5979. describe TELSTRACLEAR_NZ [NZ]Telecommunications Company and Internet Service Provider
  5980. score TELSTRACLEAR_NZ 1.5
  5981.  
  5982. header ORCONNET_NZ X-Spam-Relays-Untrusted =~ /^\[ ip=(?:60\.234\.\d{1,3}|202\.150\.(?:9[6-9]|1[01]\d|12[0-7]))\.\d{1,3} /
  5983. describe ORCONNET_NZ [NZ]Orcon Internet Ltd PO Box 302-362 North Harbour Auckland
  5984. score ORCONNET_NZ 1.5
  5985.  
  5986. header CALLPLUS_NZ X-Spam-Relays-Untrusted =~ /^\[ ip=119\.224\.(?:\d|\d\d|1[0123]\d|14[0-3])\.\d{1,3} /
  5987. describe CALLPLUS_NZ [NZ]CallPlus Services Limited
  5988. score CALLPLUS_NZ 1.5
  5989.  
  5990. header VODAFONE_NZ X-Spam-Relays-Untrusted =~ /^\[ ip=(?:27\.252|49\.22[4-7]|118\.9[23])(?:\.\d{1,3}){2} /
  5991. describe VODAFONE_NZ [NZ]Vodafone New Zealand Private Bag 92161
  5992. score VODAFONE_NZ 1.5
  5993.  
  5994. header QUICKWEB_NZ X-Spam-Relays-Untrusted =~ /^\[ ip=(?:199\.83|199\.195)(?:\.\d{1,3}){2} /
  5995. describe QUICKWEB_NZ [NZ]Neodelphi Ltd DBA QuickWeb Hosting Solutions 530 West Sixth Street, Suite 502
  5996. score QUICKWEB_NZ 1.5
  5997.  
  5998.  
  5999. # 69.240.0.0 - 69.255.255.255
  6000. # header COMCAST Received =~ /from .+((c-[0-9]+.+|(pc|bg)p[0-9]+.+|rmhc[0-9]+)\.comcast\.net|69\.2(4[0-9]|5[0-5])(\.[0-9]{1,3}){2,2}[\)\] ])/
  6001. # header COMCAST X-Spam-Relays-Untrusted =~ /rdns=(c-[0-9]+.+|(pc|bg)p[0-9]+.+|rmhc[0-9]+)\.comcast\.net/
  6002. # header COMCAST X-Spam-Relays-Untrusted =~ /(ip=69\.2(4[0-9]|5[0-5])(\.[0-9]{1,3}){2,2}|rdns=(c-[0-9]+.+|(pc|bg)p[0-9]+.+|rmhc[0-9]+)\.comcast\.net) [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  6003. # header COMCAST X-Spam-Relays-Untrusted =~ /(ip=69\.2(4[0-9]|5[0-5])(\.[0-9]{1,3}){2,2}|rdns=c-\d{2,3}(-\d{1,3}){3}\.hsd1\.\w\w\.comcast\.net) [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  6004. # header COMCAST X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:69\.2[45]\d|71\.(?:19[2-9]|20[0-7])|98\.(?:19[2-9]|2[0-3]\d|24[0-7])|174\.58)(?:\.\d{1,3}){2}|\d{2,3}(?:\.\d{1,3}){3} rdns=c-\d{2,3}(-\d{1,3}){3}\.hsd1\.\w\w\.comcast\.net) /
  6005. header COMCAST X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:69\.2[45]\d|71\.(?:19[2-9]|20[0-7])|98\.(?:19[2-9]|2[0-3]\d|24[0-7])|107\.[0-5]|174\.(?:4[89]|5\d|6[0-3]))(?:\.\d{1,3}){2}|\d{2,3}(?:\.\d{1,3}){3} rdns=c-\d{2,3}(-\d{1,3}){3}\.hsd1\.\w\w\.comcast\.net) /
  6006. describe COMCAST [US]Comcast Cable Communications, Inc.
  6007. score COMCAST 1.0
  6008.  
  6009. # 24.151.0.0 - 24.151.255.255
  6010. # 24.159.0.0 - 24.159.255.255
  6011. # 24.176.0.0 - 24.183.255.255
  6012. # 68.112.0.0 - 68.119.255.255
  6013. # 68.184.0.0 - 68.191.255.255
  6014. # 71.80.0.0 - 71.95.255.255
  6015. # 75.128.0.0 - 75.143.255.255
  6016. # 97.80.0.0 - 97.95.255.255
  6017. header CHARTER_NET_US X-Spam-Relays-Untrusted =~ /^\[ ip=(?:24\.15[19]|24\.1(?:7[6-9]|8[0-3])|68\.11[2-9]|68\.1(?:8[4-9]|9[01])|71\.(?:8\d|9[0-5])|75\.1(?:2[89]|3\d|4[0-3])|96\.(?:3[2-9]|4[012])|97\.(?:8\d|9[0-5]))(?:\.[0-9]{1,3}){2,2} /
  6018. describe CHARTER_NET_US [US]Charter Communications
  6019. score CHARTER_NET_US 1.0
  6020.  
  6021. # 66.16.0.0 - 66.16.127.255
  6022. header CAVTEL_BLK X-Spam-Relays-Untrusted =~ /ip=66\.16\.([0-9]|[1-9][0-9]|1[01][0-9]|12[0-7])\.[0-9]{1,3} .+ ident= envfrom= intl=0 [^\[\]]+auth= /
  6023. describe CAVTEL_BLK [US]Cavalier Telephone
  6024. score CAVTEL_BLK 1.0
  6025.  
  6026. # header ROADRUNNER X-Spam-Relays-Untrusted =~ / rdns=.+\.res\.rr\.com .+ ident= envfrom= intl=0 .+ auth= /
  6027. header ROADRUNNER X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:70\.1(?:1[2-9]|2[0-7])|97\.(?:9[6-9]|10[0-6])|98\.14|107\.(?:[89]|1[0-5]))(?:\.\d{1,3}){2}|\d{2,3}(?:\.\d{1,3}){3} rdns=.+\.res\.rr\.com) /
  6028. describe ROADRUNNER [US]Road Runner
  6029. score ROADRUNNER 1.0
  6030.  
  6031. header WAVEB_US X-Spam-Relays-Untrusted =~ /^\[ ip=66\.119\.206\.(48|60) /
  6032. describe WAVEB_US [US]Wave Broadband, LLC
  6033. score WAVEB_US 1.5
  6034.  
  6035. # NetRange: 209.160.0.0 - 209.160.79.255
  6036. # CIDR: 209.160.0.0/18, 209.160.64.0/20
  6037. header HOPONE_US X-Spam-Relays-Untrusted =~ /^\[ ip=209\.160\.40\.176 /
  6038. describe HOPONE_US [US]HopOne Internet Corporation
  6039. score HOPONE_US 1.5
  6040.  
  6041. # 72.55.128.0 - 72.55.191.255
  6042. header IWEBGROUP_US X-Spam-Relays-Untrusted =~ /^\[ ip=72\.55\.165\.209 /
  6043. describe IWEBGROUP_US [US]Groupe iWeb Technologies inc.
  6044. score IWEBGROUP_US 1.5
  6045.  
  6046. # 68.24.0.0 - 68.31.255.255
  6047. # 70.0.0.0 - 70.14.255.255
  6048. header SPCS_US X-Spam-Relays-Untrusted =~ /^\[ ip=(?:68\.(?:2[4-9]|3[01]|24[0-7])|70\.(?:\d|1[0-4])|99\.20[0-7])(?:\.\d{1,3}){2} /
  6049. describe SPCS_US [US]Sprint PCS
  6050. score SPCS_US 1.5
  6051.  
  6052. header GNAXNET_US X-Spam-Relays-Untrusted =~ /^\[ ip=209\.51\.154\.66 /
  6053. describe GNAXNET_US [US]Global Net Access, LLC
  6054. score GNAXNET_US 1.5
  6055.  
  6056. # 38.0.0.0 - 38.255.255.255
  6057. header PSINET_US X-Spam-Relays-Untrusted =~ /^\[ ip=38\.(?:99\.86|110\.146|113\.205)\.\d{1,3} /
  6058. describe PSINET_US [US]PSINet, Inc.
  6059. score PSINET_US 1.5
  6060.  
  6061. header AKANOC_US X-Spam-Relays-Untrusted =~ /^\[ ip=208\.77\.4[0-7]\.\d{1,3} /
  6062. describe AKANOC_US [US]45535 Northport Loop East Fremont CA
  6063. score AKANOC_US 1.5
  6064.  
  6065. # header AMAZON_EC_US X-Spam-Relays-Untrusted =~ /^\[ ip=(?:50\.1[6-9]|52\.6[89]|54\.(?:65|78|155|17[08]|199|238|249)|107\.2[0-3])(?:\.\d{1,3}){2} /
  6066. # header AMAZON_EC_US X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:50\.1[6-9]|52\.6[89]|54\.(?:65|78|155|17[08]|199|238|249)|107\.2[0-3])(?:\.\d{1,3}){2}|54\.64\.(?!(?:26\.249|99\.253) )(?:\.\d{1,3}){2}) /
  6067. header AMAZON_EC_US X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:50\.1[6-9]|52\.69|54\.(?:65|78|155|17[08]|199|249)|107\.2[0-3])(?:\.\d{1,3}){2}|52\.68\.(?!67\.59 )(?:\.\d{1,3}){2}|52\.192\.(?!132\.175 )(?:\.\d{1,3}){2}|54\.64\.(?!(?:26\.249|99\.253) )(?:\.\d{1,3}){2}|54\.238\.(?!156\.173 )(?:\.\d{1,3}){2}) /
  6068. describe AMAZON_EC_US [US]Amazon Web Services, Elastic Compute Cloud, EC2 1200 12th Avenue South Seattle
  6069. score AMAZON_EC_US 1.5
  6070.  
  6071. header ALTAWAY_US X-Spam-Relays-Untrusted =~ /^\[ ip=64\.202\.(?:3[2-9]|4[0-7])\.\d{1,3} /
  6072. describe ALTAWAY_US [US]Altaway Technologies, Inc. 5190 Neil Road, Suite 430 Reno NV
  6073. score ALTAWAY_US 1.5
  6074.  
  6075. header GMO_US X-Spam-Relays-Untrusted =~ /^\[ ip=(?:192\.249\.77\.206|209\.54\.(?:62\.33|63\.139)) /
  6076. describe GMO_US [US]GMO CLOUD AMERICA INC.
  6077. score GMO_US 1.5
  6078.  
  6079. header DIGITALOCEAN_US X-Spam-Relays-Untrusted =~ /^\[ ip=(?:45\.55\.\d{1,3}|192\.241\.(?:12[89]|1[3-9]\d|2\d\d))\.\d{1,3} /
  6080. describe DIGITALOCEAN_US [US]Digital Ocean, Inc.
  6081. score DIGITALOCEAN_US 1.5
  6082.  
  6083.  
  6084. header ROOTLEVELTECH_US X-Spam-Relays-Untrusted =~ /^\[ ip=23\.239\.157\.\d{1,3} /
  6085. describe ROOTLEVELTECH_US [US]Root Level Technology 17230 Huffmeister Rd. Ste C Cypress
  6086. score ROOTLEVELTECH_US 1.5
  6087.  
  6088.  
  6089. header CORPCOLO_US X-Spam-Relays-Untrusted =~ /^\[ ip=(?:74\.124\.(?:19[2-9]|2\d\d)|205\.134\.2(?:2[4-9]|[345]\d))\.\d{1,3} /
  6090. describe CORPCOLO_US [US]Corporate Colocation Inc. 2109 MICHELTORENA STREET LOS ANGELES
  6091. score CORPCOLO_US 1.5
  6092.  
  6093.  
  6094. #NetRange: 207.29.224.0 - 207.29.255.255
  6095. #NetName: NTTECH-1
  6096. header NTTECH_US X-Spam-Relays-Untrusted =~ /^\[ ip=(?:204\.63\.(?:\d|1[0-5])|206\.223\.1(?:4[4-9]|5\d)|207\.29\.2(?:2[4-9]|[345]\d))\.\d{1,3} /
  6097. describe NTTECH_US [US]N.T. Technology, Inc. 9120 Double Diamond Parkway Suite 5901 Reno NV 89521
  6098. score NTTECH_US 1.5
  6099.  
  6100.  
  6101. #NetRange: 209.237.224.0 - 209.237.255.255
  6102. #NetName: UNITEDLAYER-1
  6103. header UNITEDLAYER_US X-Spam-Relays-Untrusted =~ /^\[ ip=209\.237\.2(?:2[4-9]|[345]\d)\.\d{1,3} /
  6104. describe UNITEDLAYER_US [US]EMW Partners, LLC. 454 Shotwell Street San Francisco CA 94110
  6105. score UNITEDLAYER_US 1.5
  6106.  
  6107.  
  6108. #NetRange: 107.158.0.0 - 107.158.255.255
  6109. #OrgName: Eonix Corporation
  6110. header EONIX_US X-Spam-Relays-Untrusted =~ /^\[ ip=107\.158\.172\.\d{1,3} /
  6111. describe EONIX_US [US]Eonix Corporation 2360 Corporate Circle Suite 400 Henderson NV 89074
  6112. score EONIX_US 1.5
  6113.  
  6114. header EONIXUSEXT X-Spam-Relays-Untrusted =~ /^\[ ip=107\.158\.172\.\d{1,3} .+helo=[a-z]{4,13}\.[a-z]{4,9}\.(?:space|info|site) /
  6115. score EONIXUSEXT 15
  6116.  
  6117.  
  6118. header WISHCOM_US X-Spam-Relays-Untrusted =~ /^\[ ip=144\.2\.1(?:4[4-9]|5\d)\.\d{1,3} /
  6119. describe WISHCOM_US [US]Contextlogic 1 Sansom St. 40th Floor
  6120. score WISHCOM_US 1.5
  6121.  
  6122.  
  6123.  
  6124. # 82.64.0.0 - 82.67.255.255
  6125. # header PROXAD Received =~ /from .+[a-z0-9-]+(-[0-9]{1,3}){4,4}\.(fbx|adsl)\.proxad\.net/
  6126. header PROXAD X-Spam-Relays-Untrusted =~ /rdns=[a-z0-9-]+(-[0-9]{1,3}){4,4}\.(fbx|adsl)\.proxad\.net [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  6127. describe PROXAD [FR]Proxad / Free SAS
  6128. score PROXAD 1.0
  6129.  
  6130. # 62.38.32.0 - 62.38.35.255
  6131. # header HOL_INFRA Received =~ /from .+62\.38\.3[2-5]\.[0-9]{1,3}[\)\] ]/
  6132. header HOL_INFRA X-Spam-Relays-Untrusted =~ /ip=62\.38\.3[2-5]\.[0-9]{1,3} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  6133. describe HOL_INFRA [GR]Hellas On Line S.A.
  6134. score HOL_INFRA 1.0
  6135.  
  6136. # 80.233.216.0 - 80.233.223.255
  6137. # header NEOLAINTELIALV Received =~ /from .+80\.233\.2(1[6-9]|2[0-3])\.[0-9]{1,3}[\)\] ]/
  6138. header NEOLAINTELIALV X-Spam-Relays-Untrusted =~ /ip=80\.233\.2(?:1[6-9]|2[0-3])\.[0-9]{1,3} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  6139. describe NEOLAINTELIALV [LV]Neolain Ltd. (Latvia)
  6140. score NEOLAINTELIALV 1.0
  6141.  
  6142. # 200.81.0.0-200.81.31.255
  6143. # header MILLICOMAR Received =~ /from .+200\.81\.([0-9]|[12][0-9]|3[01])\.[0-9]{1,3}[\)\] ]/
  6144. header MILLICOMAR X-Spam-Relays-Untrusted =~ /ip=200\.81\.([0-9]|[12][0-9]|3[01])\.[0-9]{1,3} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  6145. describe MILLICOMAR [AR]Millicom Argentina S.A.
  6146. score MILLICOMAR 1.0
  6147.  
  6148. # header RIMA_TDE_NET Received =~ /from .+[0-9]{1,3}\.Red(-[0-9]{1,3}){3,3}\.(dynamicIP|staticIP|pooles)\.rima-tde\.net/
  6149. header RIMA_TDE_NET X-Spam-Relays-Untrusted =~ /rdns=[0-9]{1,3}\.Red(-[0-9]{1,3}){3,3}\.(dynamicIP|staticIP|pooles)\.rima-tde\.net [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  6150. describe RIMA_TDE_NET [ES]RIMA (Red IP Multi Acceso)TELEFONICA DE ESPANA
  6151. score RIMA_TDE_NET 1.0
  6152.  
  6153.  
  6154. # .revip.asianet.co.th
  6155. # header ASIANET_TH Received =~ /from .+\.revip[2-9]{0,1}\.asianet\.co\.th/
  6156. # header ASIANET_TH X-Spam-Relays-Untrusted =~ /(ip=(58\.([89]|1[01])|124\.12[012])(\.\d{1,3}){2}|rdns=.+\.(revip[2-9]{0,1}|static)\.asianet\.co\.th) [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  6157. header ASIANET_TH X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:58\.(?:[89]|1[01])|61\.9[01]|124\.12[012])(?:\.\d{1,3}){2}|210\.86\.(?:19[2-9]|2[01]\d|22[0-3])\.\d{1,3}|\d{2,3}(?:\.\d{1,3}){3} rdns=.+\.(?:revip[2-9]{0,1}|static)\.asianet\.co\.th) /
  6158. describe ASIANET_TH [TH]Asianet Corperation
  6159. score ASIANET_TH 2.0
  6160.  
  6161. # Thai: 203.150.0.0 - 203.159.255.255
  6162. # 203.155.0.0 - 203.155.255.255
  6163. # 202.149.96.0 - 202.149.127.255
  6164. # header COMNETTH Received =~ /from .+203\.155(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2,2}[\)\] ]/
  6165. # header COMNETTH X-Spam-Relays-Untrusted =~ /ip=(202\.149\.(9[6-9]|1[01]\d|12[0-7])\.\d{1,3}|203\.155(\.\d{1,3}){2}|203\.188\.(\d|[1-5]\d|6[0-3]).\d{1,3}) [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  6166. header COMNETTH X-Spam-Relays-Untrusted =~ /^\[ ip=(?:58\.181\.(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3}|202\.149\.(?:9[6-9]|1[01]\d|12[0-7])\.\d{1,3}|203\.209\.(?:\d|\d\d|1[01]\d|12[0-7])\.\d{1,3}|203\.155(?:\.\d{1,3}){2}|203\.188\.(?:\d|[1-5]\d|6[0-3]).\d{1,3}) /
  6167. describe COMNETTH [TH]KSC Commercial Internet Co. Ltd.
  6168. score COMNETTH 1.5
  6169.  
  6170. #
  6171. # thrown away due to same provider 2007.01.04 by [yoh]
  6172. #
  6173. # header CSLOXINFO X-Spam-Relays-Untrusted =~ /(ip=58\.136(\.\d{1,3}){2}|rdns=p\d+-\w+\d+\.C\.csloxinfo\.net) [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  6174. # describe CSLOXINFO [TH]csloxinfo-th
  6175. # score CSLOXINFO 1.5
  6176.  
  6177. # 203.170.128.0 - 203.170.255.255
  6178. # header LOXINFO_TH X-Spam-Relays-Untrusted =~ /ip=(203\.170\.(12[89]|1[3-9]\d|2\d\d)\.\d{1,3}|(58\.13[67]|203\.146)(\.\d{1,3}){2}) [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  6179. header LOXINFO_TH X-Spam-Relays-Untrusted =~ /^\[ ip=(?:202\.183\.(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3}|203\.170\.(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3}|210\.1\.(?:\d|[1-5]\d|6[0-3])\.\d{1,3}|(?:58\.13[67]|203\.146)(?:\.\d{1,3}){2}) /
  6180. describe LOXINFO_TH [TH]Loxley Information Company Ltd.
  6181. score LOXINFO_TH 1.5
  6182.  
  6183. # 202.57.128.0 - 202.57.191.255
  6184. # 203.153.160.0 - 203.153.175.255
  6185. header ISP_TH X-Spam-Relays-Untrusted =~ /ip=(202\.57\.1(2[89]|[3-8][0-9]|9[01])|203\.153\.1(6\d|7[0-5]))\.\d{1,3} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  6186. describe ISP_TH [TH]Internet Service Provider Co., Ltd.
  6187. score ISP_TH 1.5
  6188.  
  6189. # 202.28.0.0 - 202.29.255.255
  6190. header THAINET_TH X-Spam-Relays-Untrusted =~ /ip=202\.2[89](?:\.\d{1,3}){2} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  6191. describe THAINET_TH [TH]UniNet(Inter-university network)
  6192. score THAINET_TH 1.5
  6193.  
  6194. # 202.151.176.0 - 202.151.191.255
  6195. header SIAMIDC_TH X-Spam-Relays-Untrusted =~ /ip=202\.151\.1(7[6-9]|8\d|9[01])\.\d{1,3} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  6196. describe SIAMIDC_TH [TH]SIAMIDC,Internet Datacenter , Bangkok, Thailand
  6197. score SIAMIDC_TH 1.5
  6198.  
  6199. # 203.151.0.0 - 203.151.255.255
  6200. header INET_CO_TH X-Spam-Relays-Untrusted =~ /ip=203\.151(?:\.\d{1,3}){2} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  6201. describe INET_CO_TH [TH]Internet Thailand Company Limited
  6202. score INET_CO_TH 1.5
  6203.  
  6204. # 125.24.0.0 - 125.24.255.255
  6205. # header TOT_IP_NET_TH X-Spam-Relays-Untrusted =~ /ip=125\.24(\.\d{1,3}){2} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  6206. header TOT_IP_NET_TH X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:101\.(?:51|108)|113\.53|118\.17[2-5]|125\.24|180\.180|182\.5[23])(?:\.\d{1,3}){2}|118\.210\.21[6-9]\.\d{1,3}|180\.210\.21[6-9]\.\d{1,3}|203\.113\.(?:\d|\d\d|1[01]\d|12[0-7])\.\d{1,3}|203\.114\.(?:9[6-9]|1[01]\d|12[0-7])\.\d{1,3}|221\.128\.(?:8[89]|9\d|1[01]\d)\.\d{1,3}) /
  6207. describe TOT_IP_NET_TH [TH]tot ip network ip address pool for adsl services
  6208. score TOT_IP_NET_TH 1.5
  6209.  
  6210. header BUDDYB_TH X-Spam-Relays-Untrusted =~ /^\[ ip=58\.64\.(?:\d|\d\d|1[01]\d|12[0-7])\.\d{1,3} /
  6211. describe BUDDYB_TH [TH]BuddyB Broadband service network, Advance Datanetwork Communications Co.,Ltd.
  6212. score BUDDYB_TH 1.5
  6213.  
  6214. header CAT_TH X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:61\.19|122\.154)(?:\.\d{1,3}){2}|(?:61\.7|110\.77)\.(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3}|119\.42\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])\.\d{1,3}|122\.155\.(?:\d|1[0-5])\.\d{1,3}|202\.129\.(?:\d|[1-5]\d|6[0-3])\.\d{1,3}) /
  6215. describe CAT_TH [TH]CAT Telecom public company Ltd
  6216. score CAT_TH 1.5
  6217.  
  6218. # header PACNET_TH X-Spam-Relays-Untrusted =~ /^\[ ip=(?:61\.47\.(?:\d|\d\d|1[01]\d|12[0-7])|202\.64\.\d{1,3}|203\.121\.1(?:2[89]|[3-8]\d|9[01])|203\.152\.(?:\d|[1-5]\d|6[0-3])|220\.232\.(?:12[89]|1[3-9]\d|2\d\d))\.\d{1,3} /
  6219. # describe PACNET_TH [TH]PACNET
  6220. # score PACNET_TH 1.5
  6221.  
  6222. # MAINT-AP-TRUEINTERNET
  6223. header TRUENET_TH X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:110\.16[89]|115\.87|119\.46|171\.(?:9[6-9]|100))\.\d{1,3}|171\.101\.(?:12[89]|1[3-9]\d|2\d\d)|202\.133\.1(?:2[89]|[3-8]\d|9[01])|210\.213\.(?:\d|[1-5]\d|6[0-3]))\.\d{1,3} /
  6224. describe TRUENET_TH [TH]True Internet Co., Ltd.
  6225. score TRUENET_TH 1.5
  6226.  
  6227. # CAT TELECOM
  6228. header PROENNET_TH X-Spam-Relays-Untrusted =~ /^\[ ip=(?:61\.[78]\.1(?:2[89]|[3-8]\d|9[01])|(?:110\.77|112\.121)\.1(?:2[89]|[345]\d)|111\.223\.(?:3[2-9]|4[0-8])|122\.125\.(?:\d|1[0-5])|202\.139\.(?:19[2-9]|2[01]\d|22[0-3]))\.\d{1,3} /
  6229. describe PROENNET_TH [TH]Proen Internet, Internet Service Provider, Bangkok, Thailand
  6230. score PROENNET_TH 1.5
  6231.  
  6232. # AISNET
  6233. header AIS_TH X-Spam-Relays-Untrusted =~ /^\[ ip=(?:110\.49\.\d{1,3}|119\.31\.(?:\d|\d\d|1[01]\d|12[0-7])|(?:49\.2(?:2[89]|3[01])|182\.232)\.\d{1,3})\.\d{1,3} /
  6234. describe AIS_TH [TH]Advanced Info Service Public Company Limited NMC, 1291/1 Phaholyothin Road, Phayathai, Bangkok 10400, THAILAND
  6235. score AIS_TH 1.5
  6236.  
  6237. header TRUEMOVE_TH X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:27\.55|49\.237|223\.24)(?:\.\d{1,3}){2}|180\.214\.(?:19[2-9]|2[01]\d|22[0-3])\.\d{1,3}) /
  6238. describe TRUEMOVE_TH [TH]18 True Tower, Ratchadaphisek Rd. Huai Khwang, Bangkok
  6239. score TRUEMOVE_TH 1.5
  6240.  
  6241. header BB_BROADBAND_TH X-Spam-Relays-Untrusted =~ /^\[ ip=115\.31\.1(?:2[89]|[3-8]\d|19[01])\.\d{1,3} /
  6242. describe BB_BROADBAND_TH [TH]INTERNET SERVICE PROVIDER BANGKOK,THAILAND
  6243. score BB_BROADBAND_TH 1.5
  6244.  
  6245. header DTAC_TH X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:1\.4[67]|111\.84|115\.67)(?:\.\d{1,3}){2}|103\.5\.2[4-7]\.\d{1,3}) /
  6246. describe DTAC_TH [TH]DTAC-GPRS-NET Total Access Communication PLC.
  6247. score DTAC_TH 1.5
  6248.  
  6249. #TTTNET
  6250. header TTT_TH X-Spam-Relays-Untrusted =~ /^\[ ip=(?:58\.147\.(?:\d|\d\d|1[01]\d|12[0-7])|124\.157\.(?:12[89]|1[3-9]\d|2\d\d)|203\.156\.1(?:2[89]|3[0-5]))\.\d{1,3} /
  6251. describe TTT_TH [TH]Maxnet ISP, Bangkok Thailand, for Dynamic IP pools of ADSL service.
  6252. score TTT_TH 1.5
  6253.  
  6254. header FTTH_TH X-Spam-Relays-Untrusted =~ /^\[ ip=119\.148\.(?:9[6-9]|10[0-3])\.\d{1,3} /
  6255. describe FTTH_TH [TH]FTTH Thailand Internet Service Provider/Content Provider Bangkok, Thailand
  6256. score FTTH_TH 1.5
  6257.  
  6258. header TRIPLETNET_TH X-Spam-Relays-Untrusted =~ /^\[ ip=(?:27\.130|49\.4[89]|110\.164|171\.[4-7]|180\.183|183\.8[89]|223\.20[4-7])(?:\.\d{1,3}){2} /
  6259. describe TRIPLETNET_TH [TH]3BB Broadband Internet service provider in Thailand
  6260. score TRIPLETNET_TH 1.5
  6261.  
  6262. header RIT_TH X-Spam-Relays-Untrusted =~ /^\[ ip=203\.158\.(?:9[6-9]|[12]\d\d)\.\d{1,3} /
  6263. describe RIT_TH [TH]Rajamangala Institute of Technology Institute of Information Technology RIT center, Pathum Thani
  6264. score RIT_TH 1.5
  6265.  
  6266. header KIRZ_TH X-Spam-Relays-Untrusted =~ /^\[ ip=27\.131\.1(?:2[89]|[3-8]\d|9[01])\.\d{1,3} /
  6267. describe KIRZ_TH [TH]KIRZ Company Limited 192 Soi Ladprao 107 Klongchan
  6268. score KIRZ_TH 1.5
  6269.  
  6270. header BB_BROADBAND_TH X-Spam-Relays-Untrusted =~ /^\[ ip=(?:115\.31\.1(?:2[89]|[3-8]\d|9[01])|119\.63\.(?:6[4-9]|[78]\d|9[0-5]))\.\d{1,3} /
  6271. describe BB_BROADBAND_TH [TH]BB BROADBAND CO. LTD. INTERNET SERVICE PROVIDER BANGKOK, THAILAND
  6272. score BB_BROADBAND_TH 1.5
  6273.  
  6274. header MICT_NET_TH X-Spam-Relays-Untrusted =~ /^\[ ip=123\.242\.1(?:2[89]|[3-8]\d|9[01])\.\d{1,3} /
  6275. describe MICT_NET_TH [TH]Ministry of Infomation Communication Technology Goverment network provider
  6276. score MICT_NET_TH 1.5
  6277.  
  6278. header VPLS_TH X-Spam-Relays-Untrusted =~ /^\[ ip=110\.34\.1(?:2[89]|[3-9]\d|2\d\d)\.\d{1,3} /
  6279. describe VPLS_TH [TH]740 W. Katella Ave.
  6280. score VPLS_TH 1.5
  6281.  
  6282.  
  6283. # 202.83.32.0 - 202.83.63.255
  6284. # 202.164.128.0 - 202.164.159.255
  6285. # header ASIANET_IN Received =~ /from .+202\.83\.(3[2-9]|[4-7][0-9]|8[0-3])\.[0-9]{1,3}[\)\] ]/
  6286. # header ASIANET_IN X-Spam-Relays-Untrusted =~ /ip=202\.83\.(3[2-9]|[4-7][0-9]|8[0-3])\.[0-9]{1,3} .+ident= envfrom= intl=0 .+auth= /
  6287. # header ASIANET_IN X-Spam-Relays-Untrusted =~ /ip=202\.(83\.(3[2-9]|[4-7][0-9]|8[0-3])|164\.1(2[89]|[345]\d))\.[0-9]{1,3} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  6288. header ASIANET_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:111\.92\.(?:\d|\d\d|1[01]\d|12[0-7])\.\d{1,3}|202\.(?:83\.(?:3[2-9]|[4-7]\d|8[0-3])|164\.1(?:2[89]|[345]\d))\.\d{1,3}) /
  6289. describe ASIANET_IN [IN]Asianet ISP providing broadband internet access through Cable Network
  6290. score ASIANET_IN 1.5
  6291.  
  6292.  
  6293. # 59.88.0.0 - 59.99.255.255
  6294. # 210.212.0.0 - 210.212.255.255
  6295. # 61.0.0.0 - 61.1.255.255
  6296. # 117.192.0.0 - 117.255.255.255
  6297. header BSNLNET_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:59\.(?:8[89]|9\d)|61\.[0-3]|117\.(?:19[2-9]|2\d\d)|210\.212|218\.248)(\.[\d]{1,3}){2} /
  6298. describe BSNLNET_IN [IN]NIB (National Internet Backbone)
  6299. score BSNLNET_IN 1.5
  6300.  
  6301. # 61.17.0.0 - 61.17.255.255
  6302. # 59.160.0.0 - 59.165.255.255
  6303. # 202.54.0.0 - 202.54.255.255
  6304. # 219.64.0.0 - 219.65.255.255
  6305. # 202.9.128.0 - 202.9.191.255
  6306. # 203.197.0.0 - 203.197.255.255
  6307. # 61.11.0.0 - 61.11.127.255
  6308. # 203.200.0.0 - 203.200.255.255
  6309. # 121.240.0.0 - 121.247.255.255
  6310. # 210.211.128.0 - 210.211.255.255
  6311. header VSNL_IN X-Spam-Relays-Untrusted =~ /(ip=((59\.16[0-5]|61\.17|121\.24[0-7]|202\.54|203\.(?:19[79]|200)|219\.6[45])(\.[\d]{1,3}){2}|(61\.11\.(\d|\d\d|1[01]\d|12[0-7])|202\.9\.1(2[89]|[3-8]\d|9[01])|210\.211\.(?:12[89]|1[3-9]\d|2\d\d))\.\d{1,3})|rdns=\d{2,3}(?:\.\d{1,3}){3}\.[A-Z-]+\.dialup\.vsnl\.net\.in) [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  6312. describe VSNL_IN [IN]Videsh Sanchar Nigam Ltd - India.
  6313. score VSNL_IN 1.5
  6314.  
  6315. # 221.128.128.0 - 221.128.255.255
  6316. header EXATTNET_IN X-Spam-Relays-Untrusted =~ /ip=221\.128\.(?:12[89]|1[3-9]\d|2[0-4]\d|25[0-5])\.[\d]{1,3} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  6317. describe EXATTNET_IN [IN]EXATTNET
  6318. score EXATTNET_IN 1.5
  6319.  
  6320. # 61.246.0.0 - 61.246.255.255
  6321. # 59.144.0.0 - 59.145.255.255
  6322. # 203.101.0.0 - 203.101.127.255
  6323. # 125.16.0.0 - 125.23.255.255
  6324. # 203.145.128.0 - 203.145.191.255
  6325. # BHARTI-AIRTEL-LTD-MOBILITY-SERVICES-IN
  6326. header BHARTI_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:27\.(?:5[6-9]|6[0-3])|59\.14[45]|61\.246|106\.(?:19[2-9]|2[01]\d|22[0-3])|110\.22[4-7]|117\.9[6-9]|122\.1(?:[67]\d|8[0-7])|125\.(?:1[6-9]|2[0-3])|182\.(?:6[4-9]|7\d)|223\.(?:17[6-9]|18\d|19[01]|22[4-9]|23\d))(?:\.\d{1,3}){2}|(?:117\.99|122\.183|203\.101)\.(?:\d|\d\d|1[01]\d|12[0-7])\.\d{1,3}|(?:122\.183|203\.145|223\.176)\.(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3}|182\.71\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])\.\d{1,3}|203\.192\.(?:19[2-9]|2\d\d)\.\d{1,3}) /
  6327. describe BHARTI_IN [IN]Bharti Broadband networks Limited
  6328. score BHARTI_IN 1.5
  6329.  
  6330. # 220.226.128.0 - 220.226.191.255
  6331. # 220.224.0.0 - 220.227.255.255
  6332. # 123.236.0.0 - 123.239.255.255
  6333. # 115.240.0.0 - 115.255.255.255
  6334. header RELIANCE_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:101\.(?:5[6-9]|6[0-3])|115\.(?:18[45]|2[45]\d)|123\.23[6-9]|124\.12[45]|220\.22[4-7])(?:\.\d{1,3}){2} /
  6335. describe RELIANCE_IN [IN]Reliance Infocom Ltd Internet Data Centre
  6336. score RELIANCE_IN 1.5
  6337.  
  6338. # 219.91.128.0 - 219.91.255.255
  6339. header IQARANET_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:123\.201(\.\d{1,3}){2}|219\.91\.(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3}) /
  6340. describe IQARANET_IN [IN]Iqara Telecom India Pvt Ltd Cable Internet Service Provider
  6341. score IQARANET_IN 1.5
  6342.  
  6343. # 210.214.0.0 - 210.214.255.255
  6344. # header SILNET_IN X-Spam-Relays-Untrusted =~ /ip=210\.214(\.\d{1,3}){2} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  6345. header SILNET_IN X-Spam-Relays-Untrusted =~ /^\[ ip=210\.214(?:\.\d{1,3}){2} /
  6346. describe SILNET_IN [IN]Satyam Infoway Pvt.Ltd. Value Added Network service provider in India.
  6347. score SILNET_IN 1.5
  6348.  
  6349. # 202.177.144.0 - 202.177.191.255
  6350. header SIFYNET_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:118\.95\.(?:5[6-9]|6\d)|202\.177\.1(?:4[4-9]|[5-8]\d|9[01])|210\.210\.(?:\d|\d\d|1[01]\d|12[0-7])|(?:119\.22[67]|124\.30|221\.13[45])\.\d{1,3})\.\d{1,3} /
  6351. describe SIFYNET_IN [IN]Satyam Infoway (P) Ltd. National Internet Service Provider
  6352. score SIFYNET_IN 1.5
  6353.  
  6354. # 203.129.192.0 - 203.129.255.255
  6355. header STPI_IN X-Spam-Relays-Untrusted =~ /^\[ ip=203\.129\.(?:19[2-9]|2\d\d)\.\d{1,3} /
  6356. describe STPI_IN [IN]Software Technology Parks of India
  6357. score STPI_IN 1.5
  6358.  
  6359. # 202.88.128.0 - 202.88.191.255
  6360. # 203.212.192.0 - 203.212.255.255
  6361. # 60.243.0.0 - 60.243.255.255
  6362. # 125.99.0.0 - 125.99.255.255
  6363. # 60.254.0.0 - 60.254.127.255
  6364. # 210.18.128.0 - 210.18.191.255
  6365. # 202.88.208.0 - 202.88.223.255
  6366. # 116.72.0.0 - 116.75.255.255
  6367. # header HATHWAY_NET_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:60\.243|115\.9[6-9]|116\.7[2-5]|125\.99)(?:\.\d{1,3}){2}|(?:60\.254\.(?:\d|\d\d|1[01]\d|12[0-7])|202\.88\.(?:1(?:2[89]|[3-8]\d|9[01])|20[2-9]|21\d|22[0-3])|203\.212\.(?:19[2-9]|2\d\d)|210\.18\.1(?:2[89]|[3-8]\d|9[01]))\.\d{1,3}) /
  6368. header HATHWAY_NET_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:27\.[4-7]|60\.243|115\.9[6-9]|116\.7[2-5]|125\.99)(?:\.\d{1,3}){2}|(?:60\.254\.(?:\d|\d\d|1[01]\d|12[0-7])|103\.6\.1(?:6[89]|7[01])|202\.88\.(?:1(?:2[89]|[3-8]\d|9[01])|20[2-9]|21\d|22[0-3])|203\.163\.2(?:2[4-9]|[345]\d)|203\.212\.(?:19[2-9]|2\d\d)|210\.18\.1(?:2[89]|[3-8]\d|9[01]))\.\d{1,3}) /
  6369. describe HATHWAY_NET_IN [IN]Hathway IP Over Cable Internet Access Service
  6370. score HATHWAY_NET_IN 1.5
  6371.  
  6372. # 203.123.128.0 - 203.123.191.255
  6373. header PI_IN X-Spam-Relays-Untrusted =~ /^\[ ip=203\.123\.1(2[89]|[3-8]\d|9[01])\.\d{1,3} /
  6374. describe PI_IN [IN]Pacific Internet Limited
  6375. score PI_IN 1.5
  6376.  
  6377. header YOUTELE_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:123.201(?:\.\d{1,3}){2}|203.109.(6[4-9]|[7-9]\d|1[01]\d|12[0-7])\.\d{1,3}|203\.187\.(?:19[2-9]|2\d\d)\.\d{1,3}|219.91.(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3}) /
  6378. describe YOUTELE_IN [IN]Iqara Telecom India Pvt Ltd
  6379. score YOUTELE_IN 1.5
  6380.  
  6381. # 202.70.192.0 - 202.70.207.255
  6382. header IOLNET_IN X-Spam-Relays-Untrusted =~ /^\[ ip=202\.(?:63\.1(?:[678]\d|9[01])\.\d{1,3}|70\.198\.133) /
  6383. describe IOLNET_IN [IN]India Online Network Ltd.
  6384. score IOLNET_IN 1.5
  6385.  
  6386. header ORTELCOMM_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:27\.4[89]|113\.19)(?:\.\d{1,3}){2}|122\.50\.(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3}|202\.137\.2(?:0[89]|1\d|2[0-3])\.\d{1,3}|203\.98\.(?:9[6-9]|1[01]\d|12[0-7])\.\d{1,3}) /
  6387. describe ORTELCOMM_IN [IN]ORTELCOMMUNICATIONS INTERNET SERVICE PROVIDER
  6388. score ORTELCOMM_IN 1.5
  6389.  
  6390. header BEAMCABLE_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:123\.176\.(?:3[2-9]|4[0-7])\.\d{1,3}|(?:124\.123|183\.8[23])(?:\.\d{1,3}){2}|202\.53\.(?:[89]|1[0-5])\.\d{1,3}) /
  6391. describe BEAMCABLE_IN [IN]Internet Telephony Service Provider
  6392. score BEAMCABLE_IN 1.5
  6393.  
  6394. header GPRS_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:110\.225(?:\.\d{1,3}){2}|112\.110(?:\.\d{1,3}){2}|117\.9[67](?:\.\d{1,3}){2}) /
  6395. describe GPRS_IN [IN]GPRS-Subscribers
  6396. score GPRS_IN 1.5
  6397.  
  6398. header PACENET_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:180\.188\.2(?:2[4-9]|[345]\d)|(?:101\.0|210\.89)\.(?:3[2-9]|[45]\d|6[0-3])|203\.76\.(?:17[6-9]|18\d|19[01])|203\.115\.(?:6[4-9]|[78]\d|9[0-5]))\.\d{1,3} /
  6399. describe PACENET_IN [IN]India's Premeir Broadband and IPTV services, Mumbai.
  6400. score PACENET_IN 1.5
  6401.  
  6402. # header TATACOMM_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:115\.1(?:0[89]|1\d)(?:\.\d{1,3}){2}|61\.12\.(?:\d|\d\d|1[01]\d|12[0-7])\.\d{1,3}|61\.16\.(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3}) /
  6403. header TATACOMM_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:14\.(?:9[6-9]|14[0-3]|19[45])|27\.107|49\.2(?:0[0-3]|4[89])|111\.93|114\.143|115\.1(?:0[89]|1\d)|121\.24[0-7]|182\.156)(?:\.\d{1,3}){2}|61\.12\.(?:\d|\d\d|1[01]\d|12[0-7])\.\d{1,3}|61\.16\.(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3}|210\.7\.(?:6[4-9]|[78]\d|9[0-5])\.\d{1,3}) /
  6404. describe TATACOMM_IN [IN]TATA Communications formerly VSNL is Leading ISP, Data and Voice Carrier in India
  6405. score TATACOMM_IN 1.5
  6406.  
  6407. header P4NETWORKS_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:183\.87(?:\.\d{1,3}){2}|111\.125\.(?:19[2-9]|2\d\d)\.\d{1,3}) /
  6408. describe P4NETWORKS_IN [IN]Parshwa Purushotam Parind Parekh Networks Limited
  6409. score P4NETWORKS_IN 1.5
  6410.  
  6411. header MTNLISP_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:59\.1(?:7[6-9]|8[0-5])|120\.(?:5[6-9]|6[0-3]))(?:\.\d{1,3}){2}|202\.159\.(?:19[2-9]|2\d\d)\.\d{1,3}) /
  6412. describe MTNLISP_IN [IN]MTNL CAT B ISP
  6413. score MTNLISP_IN 1.5
  6414.  
  6415. header GTPL_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:27\.10[0-3]|182\.237\.(?:[89]|1[0-5]))\.\d{1,3} /
  6416. describe GTPL_IN [IN]Gujarat Telelink Pvt Ltd.
  6417. score GTPL_IN 1.5
  6418.  
  6419. # 27.0.48.0 - 27.0.63.255
  6420. # 115.69.240.0 - 115.69.255.255
  6421. header VASAICABLEPVTLTD_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:27\.0\.(?:4[89]|5\d|6[0-3])|115\.69\.2[45]\d)\.\d{1,3} /
  6422. describe VASAICABLEPVTLTD_IN [IN]Vasai Cable Pvt Ltd
  6423. score VASAICABLEPVTLTD_IN 1.5
  6424.  
  6425. # WPISPL
  6426. # 202.89.79.0/24 202.89.64.0/24
  6427. header WORLDPHONE_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:14\.102\.(?:\d|\d\d|1[01]\d|12[0-7])|110\.172\.1(?:2[89]|[3-8]\d|9[01])|114\.69\.(?:22[4-9]|2[345]\d)|118\.91\.1(?:7[6-9]|8\d|9[01])|202\.89\.(?:6[4-9]|7\d))\.\d{1,3} /
  6428. describe WORLDPHONE_IN [IN]World Phone Internet Service Pvt. Ltd. C-153 , OKHLA PHASE I , New Delhi
  6429. score WORLDPHONE_IN 1.5
  6430.  
  6431. # DWL
  6432. header DISHNET_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:27\.2(?:4[89]|5[01])\.\d{1,3}|58\.68\.(?:\d|\d\d|1[01]\d|12[0-7])|118\.102\.(?:12[89]|1[3-9]\d|2\d\d))\.\d{1,3} /
  6433. describe DISHNET_IN [IN]Dishnet Wireless Ltd, India
  6434. score DISHNET_IN 1.5
  6435.  
  6436. header DVOIS_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:1\.186\.\d{1,3}|114\.79\.1(?:2[89]|[3-8]\d|9[01])|182\.48\.(?:19[2-9]|2\d\d))\.\d{1,3} /
  6437. describe DVOIS_IN [IN]Dvois Broadband Pvt Ltd
  6438. score DVOIS_IN 1.5
  6439.  
  6440. header PDSN_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:116\.20[23]\.\d{1,3}|180\.215\.(?:\d|\d\d|1[01]\d|12[0-7]))\.\d{1,3} /
  6441. describe PDSN_IN [IN]PDSN8-CHENNAI-MTS-INDIA-IN
  6442. score PDSN_IN 1.5
  6443.  
  6444. header ICL_NET_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:1\.187|27\.97|49\.1[45]|106\.(?:67|7[6-9])|112\.110)(?:\.\d{1,3}){2} /
  6445. describe ICL_NET_IN [IN]Idea Cellular Limited 5th Floor, Windsor Building Off: CST Road Kalina, Santacruz (East) Mumbai 400 098
  6446. score ICL_NET_IN 1.5
  6447.  
  6448. header VAINAVIINDUSTRIESLTD_IN X-Spam-Relays-Untrusted =~ /^\[ ip=119\.235\.(?:4[89]|5[0-5])\.\d{1,3} /
  6449. describe VAINAVIINDUSTRIESLTD_IN [IN]Vainavi Industries Ltd
  6450. score VAINAVIINDUSTRIESLTD_IN 1.5
  6451.  
  6452. header SPECTRANET_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:119\.82|125\.63)\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])|180\.151\.\d{1,3}|203\.92\.(?:3[2-9]|[45]\d|6[0-3]))\.\d{1,3} /
  6453. describe SPECTRANET_IN [IN]Broadband ISP, India
  6454. score SPECTRANET_IN 1.5
  6455.  
  6456. header PIONEER_IN X-Spam-Relays-Untrusted =~ /^\[ ip=202\.65\.1(?:2[89]|[345]\d)\.\d{1,3} /
  6457. describe PIONEER_IN [IN]Pioneer Elabs Ltd. Andhara Pradesh State of India
  6458. score PIONEER_IN 1.5
  6459.  
  6460. header ANKHNET_IN X-Spam-Relays-Untrusted =~ /^\[ ip=202\.179\.(?:6[4-9]|[78]\d|9[0-5])\.\d{1,3} /
  6461. describe ANKHNET_IN [IN]Ankhnet Informations Pvt. Ltd., Mumbai, India.
  6462. score ANKHNET_IN 1.5
  6463.  
  6464. header EXCELLMEDIA_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:202\.133\.(?:4[89]|5\d|6[0-3])|202\.153\.(?:3[2-9]|4[0-7]))\.\d{1,3} /
  6465. describe EXCELLMEDIA_IN [IN]Excell Media Pvt Ltd Cable ISP Hyderabad A.P, India
  6466. score EXCELLMEDIA_IN 1.5
  6467.  
  6468. # RAILNET-IN
  6469. # SELNET-IN
  6470. header RAILTEL_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:112\.133\.(?:19[2-9]|2\d\d)|122\.252\.2(?:2[4-9]|[345]\d))\.\d{1,3} /
  6471. describe RAILTEL_IN [IN]RailTel Corporation of India Ltd.
  6472. score RAILTEL_IN 1.5
  6473.  
  6474. # ABSPL
  6475. #inetnum: 45.249.72.0 - 45.249.75.255
  6476. #netname: BAISHAKHI-IN
  6477. #descr: ARCHANA BHATTACHARJEE t/a BAISHAKHI SPECIAL
  6478. #descr: 115 ACHARYA JAGADISH BOSE ROAD
  6479. #irt: IRT-BAISHAKHI-IN
  6480. #address: 115 ACHARYA JAGADISH BOSE ROAD, Kolkata West Bengal 700014
  6481. header ALLIANCEBROADBAND_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:45\.249\.7[2-5]|115\.187\.(?:3[2-9]|[45]\d|6[0-3])|116\.193\.1(?:2[89]|3\d|4[0-3])|202\.78\.23[2-9]|203\.171\.24[0-7])\.\d{1,3} /
  6482. describe ALLIANCEBROADBAND_IN [IN]Alliance Broadband Services Pvt. Ltd. P-89, C.I.T. Road,2nd Floor Kolkata Pin- 700 014 India
  6483. score ALLIANCEBROADBAND_IN 1.5
  6484.  
  6485. header REACH2NET_IN X-Spam-Relays-Untrusted =~ /^\[ ip=202\.90\.(?:9[6-9]|10\d|11[01])\.\d{1,3} /
  6486. describe REACH2NET_IN [IN]Descon Limited Internet SErvice Provider Block - EP, Sector V, Plot - X1,2 & 3 Salt Lake City Kolkata 700 091
  6487. score REACH2NET_IN 1.5
  6488.  
  6489. header WISHNET_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:27\.131\.2(?:0[89]|1[0-5])|113\.21\.(?:6[4-9]|7\d)|223\.223\.1(?:2[89]|[345]\d))\.\d{1,3} /
  6490. describe WISHNET_IN [IN]WISH NET PRIVATE LIMITED 86, GOLAGHATA ROAD JAMUNA APARTMENTS GROUND FLOOR
  6491. score WISHNET_IN 1.5
  6492.  
  6493. header SYSCON_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:27\.106\.(?:\d|\d\d|1[01]\d|12[0-7])|111\.119\.2(?:0[89]|1\d|2[0-3]))\.\d{1,3} /
  6494. describe SYSCON_IN [IN]Syscon Infoway Pvt. Ltd., Internet Service Provider, INDIA.
  6495. score SYSCON_IN 1.5
  6496.  
  6497. header CAPTURE_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:103\.2\.8[0-3]|116\.199\.1(?:6[89]|7[0-5]))\.\d{1,3} /
  6498. describe CAPTURE_IN [IN]B/217, Rolex Shopping Center, Station Road,
  6499. score CAPTURE_IN 1.5
  6500.  
  6501. header SPIDIGO_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:49\.213\.(?:3[2-9]|[45]\d|6[0-3])|110\.172\.(?:2[4-9]|3[01])|122\.102\.12[0-7])\.\d{1,3} /
  6502. describe SPIDIGO_IN [IN]Spidigo Broadband & Internet Services Chandranet Pvt.Ltd. 401, Parshwa Tower, 4th floor, S.G. Highway, Near Pakwan Restaurant Bodakdev
  6503. score SPIDIGO_IN 1.5
  6504.  
  6505. header TIKONANET_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:1\.2[23]|113\.193)(?:\.\d{1,3}){2} /
  6506. describe TIKONANET_IN [IN]Tikona Digital Networks Pvt. Ltd.
  6507. score TIKONANET_IN 1.5
  6508.  
  6509. # InternetAPN OpenInternetAccessAPN
  6510. # Vodafone Essar Limited-Value Added Services ,India
  6511. header HUTCHVAS_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:1\.3[89]\.\d{1,3}|42\.1(?:0[4-9]|1[01])\.\d{1,3}|112\.79\.\d{1,3}|114\.31\.1(?:6\d|7[0-5]))\.\d{1,3} /
  6512. describe HUTCHVAS_IN [IN]Vodafone Essar Limited GPRS service
  6513. score HUTCHVAS_IN 1.5
  6514.  
  6515. header ERNET_IN X-Spam-Relays-Untrusted =~ /^\[ ip=202\.141\.(?:\d|\d\d|1[0-5]\d)\.\d{1,3} /
  6516. describe ERNET_IN [IN]Education and Research Network
  6517. score ERNET_IN 1.5
  6518.  
  6519. header SBS_IN X-Spam-Relays-Untrusted =~ /^\[ ip=103\.1\.8[0-3]\.\d{1,3} /
  6520. describe SBS_IN [IN]Star Broadband Services (I) Pvt. Ltd. 19/48, 1st Floor, Malcha Marg Shopping Complex, Chanakyapuri
  6521. score SBS_IN 1.5
  6522.  
  6523. header HNS_IN X-Spam-Relays-Untrusted =~ /^\[ ip=111\.91\.(?:\d|\d\d|1[01]\d|12[0-7])\.\d{1,3} /
  6524. describe HNS_IN [IN]Honesty Net Solution (I) Pvt Ltd
  6525. score HNS_IN 1.5
  6526.  
  6527. header TULIP_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:110\.23[45](?:\.\d{1,3}){2}|(?:116\.214\.(?:2[4-9]|3[01])|203\.124\.(?:1[6-9:|2[0-3]))\.\d{1,3}) /
  6528. describe TULIP_IN [IN]IPVPN/INTERNET SERVICE PROVIDER TULIP TELECOM LTD. PLANNING & TECHNOLOGY TEAM C-160, Okhla Phase-1 New Delhi-110020
  6529. score TULIP_IN 1.5
  6530.  
  6531. header RSMANI_NKN_IN X-Spam-Relays-Untrusted =~ /^\[ ip=14\.139(?:\.\d{1,3}){2} /
  6532. describe RSMANI_NKN_IN [IN]National Knowledge Network C/0 National Informatics Centre Ministry Of Comm & IT A-Block CGO Complex Lodhi Road
  6533. score RSMANI_NKN_IN 1.5
  6534.  
  6535. header NSTPL_IN X-Spam-Relays-Untrusted =~ /^\[ ip=27\.124\.(?:\d|[1-5]\d|6[0-3])\.\d{1,3} /
  6536. describe NSTPL_IN [IN]NOIDA Software Technology Park Ltd Scindia Villa, Sarojini Nagar, Ring Road,
  6537. score NSTPL_IN 1.5
  6538.  
  6539. header WNET_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:49\.128\.1(?:6\d|7[1-5])|103\.29\.9[6-9])\.\d{1,3} /
  6540. describe WNET_IN [IN]Wan & Lan Internet Pvt. Ltd.
  6541. score WNET_IN 1.5
  6542.  
  6543. header BLAZENET_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:180\.211\.(?:9[6-9]|1[01]\d|12[0-7])|202\.131\.(?:9[6-9]|1[01]\d|12[0-7]))\.\d{1,3} /
  6544. describe BLAZENET_IN [IN]Blazenet Pvt Ltd 403 / 404 Sarita Complex Behind Hotel Classic Gold Off C. G. Road
  6545. score BLAZENET_IN 1.5
  6546.  
  6547. header AIRCEL_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:49\.138|101\.2(?:0[89]|1\d|2[0-3])|175\.40)(?:\.\d{1,3}){2} /
  6548. describe AIRCEL_IN [IN]Aircel gprs customer Hyderabad
  6549. score AIRCEL_IN 1.5
  6550.  
  6551. header CABLELITE_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:106\.51\.\d{1,3}|202\.83\.(?:1[6-9]|2\d|3[01]))\.\d{1,3} /
  6552. describe CABLELITE_IN [IN]Broad Band Internet Service Provider, India
  6553. score CABLELITE_IN 1.5
  6554.  
  6555. header ECLTELECOM_IN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:112\.196\.(?:\d|\d\d|1[01]\d|12[0-7])|202\.164\.3[6-9])\.\d{1,3} /
  6556. describe ECLTELECOM_IN [IN]HFCL INFOTEL LTD B-71 Phase-7 Ind. Area Mohali Punjab
  6557. score ECLTELECOM_IN 1.5
  6558.  
  6559.  
  6560. #inetnum: 150.129.236.0 - 150.129.239.255
  6561. #netname: REGENTCOMMUNICATION
  6562. header REGENTCOM_IN X-Spam-Relays-Untrusted =~ /^\[ ip=150\.129\.23[6-9]\.\d{1,3} /
  6563. describe REGENTCOM_IN [IN]Regent Communication U13/45,DLF-Phase-3,Gurgaon
  6564. score REGENTCOM_IN 1.5
  6565.  
  6566.  
  6567. # 68.32.0.0 - 68.63.255.255
  6568.  
  6569. # 24.0.0.0 - 24.15.255.255
  6570. # 24.16.0.0 - 24.23.255.255
  6571.  
  6572. # 24.0.0.0 - 24.23.255.255
  6573.  
  6574. # 24.30.0.0 - 24.30.95.255
  6575. # 24.30.96.0 - 24.30.127.255
  6576.  
  6577. # 24.30.0.0 - 24.30.127.255
  6578.  
  6579. # 24.60.0.0 - 24.63.255.255
  6580. # 24.130.224.0 - 24.130.255.255
  6581.  
  6582.  
  6583. # 202.177.0.0 - 202.177.31.255
  6584. header KDD_HK Received =~ /from .+202\.177\.([0-9]|[12][0-9]|3[01])\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/
  6585. describe KDD_HK [HK]KDDI HONG KONG LIMITED
  6586. score KDD_HK 1.5
  6587.  
  6588. # 210.245.128.0 - 210.245.255.255
  6589. # 59.188.0.0 - 59.188.255.255
  6590. # 210.209.64.0 - 210.209.127.255
  6591. # NEWWORLDTEL
  6592. header NWTNET X-Spam-Relays-Untrusted =~ /^\[ ip=(?:59\.188(?:\.\d{1,3}){2}|(?:(?:58\.64|113\.10|123\.1|210\.245)\.(?:12[89]|1[3-9]\d|2\d\d)|203\.98\.1(?:2[89]|[3-8]\d|9[01])|210\.209\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7]))\.\d{1,3}) /
  6593. describe NWTNET [HK]New World Telephone
  6594. score NWTNET 1.5
  6595.  
  6596. # 218.190.0.0 - 218.191.255.255
  6597. # 221.124.0.0 - 221.127.255.255
  6598. # 210.0.128.0 - 210.0.255.255
  6599. # 218.188.0.0 - 218.189.255.255
  6600. # 210.3.0.0 - 210.3.255.255
  6601. header HGC_HK X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:113\.25[2-5]|118\.14[0-3]|210\.3|218\.1(?:8[89]|9[01])|221\.12[4-7])(?:\.\d{1,3}){2}|210\.0\.(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3}) /
  6602. describe HGC_HK [HK]Hutchison Global Communications
  6603. score HGC_HK 1.5
  6604.  
  6605. # 202.66.0.0 - 202.66.255.255
  6606. header CPCNET_HK X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:202\.66|203\.85)(?:\.\d{1,3}){2}|202\.76\.(?:\d|\d\d|1[01]\d|12[0-7])\.\d{1,3}) /
  6607. describe CPCNET_HK [HK]CPCNet Hong Kong Ltd.
  6608. score CPCNET_HK 1.5
  6609.  
  6610. # 218.252.0.0 - 218.255.255.255
  6611. # 222.166.0.0 - 222.166.255.255
  6612. # header HKCABLE_HK X-Spam-Relays-Untrusted =~ /ip=(218\.25[2-5]|222\.16[67])(\.[0-9]{1,3}){2} .+ident= envfrom= intl=0 .+auth= /
  6613. header HKCABLE_HK X-Spam-Relays-Untrusted =~ /(rdns=cm\d{2,3}(-\d{1,3}){3}\.hkcable\.com\.hk|ip=(218\.25[2-5]|222\.16[67])(\.[0-9]{1,3}){2}) [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  6614. describe HKCABLE_HK [HK]HK Cable TV Ltd
  6615. score HKCABLE_HK 1.5
  6616.  
  6617.  
  6618. header HKCIX_HK X-Spam-Relays-Untrusted =~ /^\[ ip=202\.181\.(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3} /
  6619. describe HKCIX_HK [HK]Hongkong Commercial Internet Exchange
  6620. score HKCIX_HK 1.5
  6621.  
  6622. header HKNET_HK X-Spam-Relays-Untrusted =~ /^\[ ip=(?:121\.127\.2(?:4[89]|5[01])|(?:202\.67|203\.169)\.(?:12[89]|1[3-9]\d|2\d\d)|218\.213\.\d{1,3})\.\d{1,3} /
  6623. describe HKNET_HK [HK]HKNet Company Ltd.
  6624. score HKNET_HK 1.5
  6625.  
  6626. # 203.80.192.0 - 203.80.255.255
  6627. # HKBN
  6628. header CTINET_HK X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:58\.17[67]|61\.92)(?:\.\d{1,3}){2}|203\.80\.250\.1(?:2[89]|[345]\d)) /
  6629. describe CTINET_HK [HK]City Telecom (H.K.) Ltd.
  6630. score CTINET_HK 1.5
  6631.  
  6632. header GENESIS_HK X-Spam-Relays-Untrusted =~ /^\[ ip=(?:114\.142\.1(?:4[4-9]|5\d)|202\.65\.(?:19[2-9]|2[01]\d|22[0-3])|202\.134\.(?:9[6-9]|10\d|11[01])|219\.90\.1(?:1[2-9]|2[0-7]))\.\d{1,3} /
  6633. describe GENESIS_HK [HK]Genesis Net Limited
  6634. score GENESIS_HK 1.5
  6635.  
  6636. header SINGTEL_HK X-Spam-Relays-Untrusted =~ /^\[ ip=202\.83\.(?:19[2-9]|2[012]\d|22[0-3])\.\d{1,3} /
  6637. describe SINGTEL_HK [HK]Singtel Hong Kong Limited
  6638. score SINGTEL_HK 1.5
  6639.  
  6640. header FNCL_HK X-Spam-Relays-Untrusted =~ /^\[ ip=(?:116\.212\.11[2-8]|118\.102\.(?:[89]|1[0-5])|202\.59\.15[2-9])\.\d{1,3} /
  6641. describe FNCL_HK [HK]First Network Communications Limited, ISP at HK
  6642. score FNCL_HK 1.5
  6643.  
  6644. header APACSERVER_HK X-Spam-Relays-Untrusted =~ /^\[ ip=111\.68\.(?:\d|1[0-5])\.\d{1,3} /
  6645. describe APACSERVER_HK [HK]ASIA PACIFIC SERVER COMPANY
  6646. score APACSERVER_HK 1.5
  6647.  
  6648. # header NETVIGATOR_HK X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:116\.4[89]|218\.10[23]|220\.24[16])(?:\.\d{1,3}){2}|(?:(?:113\.28|202\.85)\.(?:\d|\d\d|1[01]\d|12[0-7])|125\.214\.(?:19[2-9]|2\d\d)|125\.215\.(?:12[89]|1[3-9]\d|2\d\d)|210\.176\.(?:4[89]|[5-9]\d|1[01]\d|12[0-7]))\.\d{1,3}) /
  6649. # MAINT-HK-PCCW-BIA
  6650. header NETVIGATOR_HK X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:112\.1(?:1[89]|20)|116\.4[89]|119\.23[67]|202\.82|203\.198|218\.10[23]|219\.7[6-9]|220\.24[16]|223\.197)\.\d{1,3}|(?:113\.28|202\.85|220\.241)\.(?:\d|\d\d|1[01]\d|12[0-7])|125\.214\.(?:19[2-9]|2\d\d)|(?:113\.28|125\.215|210\.177)\.(?:12[89]|1[3-9]\d|2\d\d)|42\.200\.(?:\d|[1-5]\d|6[0-3])|210\.87\.2[45]\d|210\.176\.(?:4[89]|[5-9]\d|1[01]\d|12[0-7])|223\.130\.(?:3[2-9]|[45]\d|6[0-3]))\.\d{1,3} /
  6651. describe NETVIGATOR_HK [HK]PCCW Limited
  6652. score NETVIGATOR_HK 1.5
  6653.  
  6654. header SNW_HK X-Spam-Relays-Untrusted =~ /^\[ ip=(?:112\.213\.(?:9[6-9]|1[01]\d|12[0-7])|121\.54\.1(?:6[89]|7[45])|210\.56\.(?:4[89]|5\d|6[0-3]))\.\d{1,3} /
  6655. describe SNW_HK [HK]Sun Network (Hong Kong) Limited
  6656. score SNW_HK 1.5
  6657.  
  6658. header SIMCENT_HK X-Spam-Relays-Untrusted =~ /^\[ ip=(?:112\.121\.1(?:[678]\d|9[01])|180\.178\.(?:3[2-9]|[45]\d|6[0-3])|182\.16\.(?:\d|\d\d|1[01]\d|12[0-7]))\.\d{1,3} /
  6659. describe SIMCENT_HK [HK]Simcentric Solutions, Internet Service Provider
  6660. score SIMCENT_HK 1.5
  6661.  
  6662. header ADI_HK X-Spam-Relays-Untrusted =~ /^\[ ip=183\.90\.1(?:8[4-9]|9[01])\.\d{1,3} /
  6663. describe ADI_HK [HK]Asia Data (Hong kong) Inc. Limited
  6664. score ADI_HK 1.5
  6665.  
  6666. header IPC_NEWTT_HK X-Spam-Relays-Untrusted =~ /^\[ ip=(?:59\.152\.2(?:2[4-9]|[345]\d)|101\.78\.(?:12[89]|1[3-9]\d|2\d\d)|115\.160\.1(?:2[89]|[3-8]\d|9[01])|175\.45\.(?:\d|[1-5]\d|6[0-3])|202\.126\.2(?:0[89]|1\d|2[0-3])|202\.130\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])|202\.131\.(?:6[4-9]|7\d)|202\.155\.(?:19[2-9]|2\d\d)|210\.5\.1(?:[678]\d|9[01]))\.\d{1,3} /
  6667. describe IPC_NEWTT_HK [HK]Wharf T&T Limited Fixed Telecommunication Network Service (FTNS) Harbour City, Hong Kong SAR
  6668. score IPC_NEWTT_HK 1.5
  6669.  
  6670. header HONGKONG_NET_HK X-Spam-Relays-Untrusted =~ /^\[ ip=152\.104(?:\.\d{1,3}){2} /
  6671. describe HONGKONG_NET_HK [HK]imported inetnum object for HKI
  6672. score HONGKONG_NET_HK 1.5
  6673.  
  6674. header INFOMOVE_HK X-Spam-Relays-Untrusted =~ /^\[ ip=119\.42\.1(?:4[4-9]|5[012])\.\d{1,3} /
  6675. describe INFOMOVE_HK [HK]INFOMOVE SOLUTIONS LIMITED Unit 2001, 20/F, New Tech Plaza, 34 Tai Yau Street, San Po Kong, KLN
  6676. score INFOMOVE_HK 1.5
  6677.  
  6678. # 123.108.108.0-123.108.111.255
  6679. header PANGNET_HK X-Spam-Relays-Untrusted =~ /^\[ ip=(?:103\.246\.24[4-7]|123\.108\.1(?:0[89]|1[01])|182\.237\.[0-3])\.\d{1,3} /
  6680. describe PANGNET_HK [HK]Pang International Limited
  6681. score PANGNET_HK 1.5
  6682.  
  6683. header PACNET_HK X-Spam-Relays-Untrusted =~ /^\[ ip=(?:58\.145\.(?:19[2-9]|2\d\d)|61\.47\.(?:\d|\d\d|1[01]\d|12[0-7])|202\.64\.\d{1,3}|203\.121\.1(?:2[89]|[3-8]\d|9[01])|203\.152\.(?:\d|[1-5]\d|6[0-3])|210\.24\.\d{1,3}|(?:210\.17|220\.232)\.(?:12[89]|1[3-9]\d|2\d\d))\.\d{1,3} /
  6684. describe PACNET_HK [HK]PACNET
  6685. score PACNET_HK 1.5
  6686.  
  6687. header PACIFICONENET_HK X-Spam-Relays-Untrusted =~ /^\[ ip=202\.180\.1(?:6\d|7[0-5])\.\d{1,3} /
  6688. describe PACIFICONENET_HK [HK]Pacific One Net Limited, Internet Service Provider, Hong Kong
  6689. score PACIFICONENET_HK 1.5
  6690.  
  6691. header ISERVICES_HK X-Spam-Relays-Untrusted =~ /^\[ ip=111\.92\.2(?:2[4-9]|3\d)\.\d{1,3} /
  6692. describe ISERVICES_HK [HK]Room 1204 , Chong Fat Comm Bldg
  6693. score ISERVICES_HK 1.5
  6694.  
  6695. header NET_SYS_HK X-Spam-Relays-Untrusted =~ /^\[ ip=(?:27\.98\.(?:19[2-9]|20[0-7])|180\.214\.16[0-7])\.\d{1,3} /
  6696. describe NET_SYS_HK [HK]Net Sys International Limited - Internet Service Provider
  6697. score NET_SYS_HK 1.5
  6698.  
  6699. header WLIN_HK X-Spam-Relays-Untrusted =~ /^\[ ip=122\.10\.2(?:0\d|1[0-5])\.\d{1,3} /
  6700. describe WLIN_HK [HK]World Link International Network Co., Limited Unit D,16/F,Cheuk Nang Plaza 250 Hennessy Road, Wanchai HongKong
  6701. score WLIN_HK 1.5
  6702.  
  6703. # HTHKITNMC
  6704. header H3GHK_HK X-Spam-Relays-Untrusted =~ /^\[ ip=(?:124\.217|180\.188)\.1(?:2[89]|[3-8]\d|9[01])\.\d{1,3} /
  6705. describe H3GHK_HK [HK]DOMAIN FIVE ENTERPRISES LIMITED Internet Service Provider Kwaichung
  6706. score H3GHK_HK 1.5
  6707.  
  6708. header SMARTONE_HK X-Spam-Relays-Untrusted =~ /^\[ ip=121\.20[23](?:\.\d{1,3}){2} /
  6709. describe SMARTONE_HK [HK]31/F, Millennium City 2, 378 Kwun Tong Road, Kwun Tong, Kowloon, Hong Kong
  6710. score SMARTONE_HK 1.5
  6711.  
  6712. header BBTEC_HK X-Spam-Relays-Untrusted =~ /^\[ ip=103\.29\.7[2-5]\.\d{1,3} /
  6713. describe BBTEC_HK [HK]Tower One,Royal Sea Crest,8 Lung Road,New Territories
  6714. score BBTEC_HK 1.5
  6715.  
  6716. # PCCWMOBILE-HK
  6717. header HKT_HK X-Spam-Relays-Untrusted =~ /^\[ ip=(?:120\.88\.(?:19[2-9]|2\d\d)|202\.4\.(?:19[2-9]|2[01]\d|22[0-3])|223\.130\.(?:3[2-9]|[45]\d|6[0-3]))\.\d{1,3} /
  6718. describe HKT_HK [HK]Hong Kong Telecommunications (HKT) Limited
  6719. score HKT_HK 1.5
  6720.  
  6721. # 103.7.240.50
  6722. header BBTECNETWORKS_HK X-Spam-Relays-Untrusted =~ /^\[ ip=103\.7\.24[0-3]\.\d{1,3} /
  6723. describe BBTECNETWORKS_HK [HK]Flat 20, 16 FL., 34 Tai Yau Street
  6724. score BBTECNETWORKS_HK 1.5
  6725.  
  6726. header HUTCHISON_HK X-Spam-Relays-Untrusted =~ /^\[ ip=203\.145\.(?:8\d|9[0-5])\.\d{1,3} /
  6727. describe HUTCHISON_HK [HK]Hutchison Telecommunications (HK) Ltd. 11/F Two Harbourfront 22 Tak Fung Street Hunghom, Kowloon
  6728. score HUTCHISON_HK 1.5
  6729.  
  6730. header ACME_HK X-Spam-Relays-Untrusted =~ /^\[ ip=202\.51\.1(?:2[89]|[345]\d)\.\d{1,3} /
  6731. describe ACME_HK [HK]ACME Universal Co. Unit 1, 19/F, New Tech Plaza, 34 Tai Yau Street, San Po Kong, Kowloon, Hong Kong
  6732. score ACME_HK 1.5
  6733.  
  6734.  
  6735. #inetnum: 103.39.72.0 - 103.39.75.255
  6736. #netname: CALRISSIANLIMITED-HK
  6737. header CALRISSIANLIMITED_HK X-Spam-Relays-Untrusted =~ /\[ ip=103\.39\.7[2-5]\.\d{1,3} /
  6738. describe CALRISSIANLIMITED_HK [HK]Wah Hen Commercial Centre, 381-383 Hennessy Rd
  6739. score CALRISSIANLIMITED_HK 1.5
  6740.  
  6741.  
  6742. #inetnum: 182.239.64.0 - 182.239.127.255
  6743. #netname: PEOPLESPHONE-AS-AP
  6744. #org-name: China Mobile Hong Kong Company Limited
  6745. header CHINAMOBILE_HK X-Spam-Relays-Untrusted =~ /\[ ip=182\.239\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])\.\d{1,3} /
  6746. describe CHINAMOBILE_HK [HK]China Mobile Hong Kong Company Limited Level 20, Tower 1, Kowloon Commerce Centre No 51, Kwai Cheong Road Kwai Chung
  6747. score CHINAMOBILE_HK 1.5
  6748.  
  6749. #inetnum: 203.160.64.0 - 203.160.95.255
  6750. #netname: UNICOM-HK
  6751. #descr: China Unicom (Hong Kong) Operations Limited
  6752. header UNICOM_HK X-Spam-Relays-Untrusted =~ /\[ ip=203\.160\.(?:6[4-9]|[78]\d|9[0-5])\.\d{1,3} /
  6753. describe UNICOM_HK [HK]China Unicom (Hong Kong) Operations Limited 28/F, Tower 1, The gateway, 25 Canton road, TST, Hong Kong
  6754. score UNICOM_HK 1.5
  6755.  
  6756. #inetnum: 43.227.112.0 - 43.227.115.255
  6757. #netname: GREATTANG-HK
  6758. header GREATTANG_HK X-Spam-Relays-Untrusted =~ /\[ ip=43\.227\.11[2-5]\.\d{1,3} /
  6759. describe GREATTANG_HK [HK]Great Tang Tech Co.,Limited Flat B 6/F., Kam Fai Building, No 240-242 Apliu Street,Kowloon, Hong Kong Kowloon
  6760. score GREATTANG_HK 1.5
  6761.  
  6762.  
  6763.  
  6764. # 203.215.80.0-203.215.95.255
  6765. # 203.115.144.0-203.115.159.255
  6766. # 203.115.128.0-203.115.159.255
  6767. # 203.115.176.0-203.115.191.255
  6768. # 203.115.128.0-203.115.191.255
  6769. # 121.96.0.0 - 121.97.255.255
  6770. header SKYINET_PH X-Spam-Relays-Untrusted =~ /^\[ ip=(?:121\.9[67](?:\.\d{1,3}){2}|114\.108\.(?:19[2-9]|2\d\d)\.\d{1,3}|203\.(?:115\.1(?:2[89]|[3-8]\d|9[01])|215\.(?:8[0-9]|9[0-5]))\.\d{1,3}) /
  6771. describe SKYINET_PH [PH]Bayan Telecommunications Inc.
  6772. score SKYINET_PH 1.5
  6773.  
  6774. # 203.82.16.0 - 203.82.23.255
  6775. header DEFENSNET X-Spam-Relays-Untrusted =~ /^\[ ip=203\.82\.(?:1[6-9]|2[0-3])\.\d{1,3} /
  6776. describe DEFENSNET [PH]DEFENSNET, Hosting Service and Content Provider from Antonio Defensor Consulting
  6777. score DEFENSNET 1.5
  6778.  
  6779. # 210.4.0.0 - 210.4.63.255
  6780. header BAYANTELDSL_AP X-Spam-Relays-Untrusted =~ /^\[ ip=(?:125\.212\.(?:\d|\d\d|1[01]\d|12[0-7])|202\.78\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])|210\.4\.(\d|[1-5]\d|6[0-3]))\.\d{1,3} /
  6781. describe BAYANTELDSL_AP [PH]Bayantel DSL Infrastructure
  6782. score BAYANTELDSL_AP 1.5
  6783.  
  6784. # 202.78.96.0-202.78.111.255
  6785. # SKYBB8 PILIPINO CABLE CORPORATION
  6786. # skycable.com
  6787. header SKYCABLENET_PH X-Spam-Relays-Untrusted =~ /^\[ ip=(?:111\.68\.(?:3[2-9]|[45]\d|6[0-3])|114\.108\.(?:19[2-9]|2\d\d)|202\.78\.(?:9[6-9]|10\d|11[01]))\.\d{1,3} /
  6788. describe SKYCABLENET_PH [PH]Sky Internet http://www.skyinet.net/
  6789. score SKYCABLENET_PH 1.5
  6790.  
  6791.  
  6792.  
  6793. # 210.14.0.0 - 210.14.31.255
  6794. # 124.104.0.0 - 124.107.255.255
  6795. # 58.71.0.0 - 58.71.127.255
  6796. # 58.69.0.0 - 58.69.255.255
  6797. # 122.52.0.0 - 122.55.255.255
  6798. # 122.2.0.0 - 122.3.255.255
  6799. # 119.92.0.0 - 119.95.255.255
  6800. #PHIX PLDT
  6801. header IPG_PH X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:49\.1(?:4[4-9]|5[01])|58\.69|119\.9[2-5]|122\.(?:[23]|5[2-5])|124\.10[4-7])(?:\.\d{1,3}){2}|(?:58\.71\.(?:\d|\d\d|1[01]\d|12[0-7])|210\.1\.(?:6[4-9]|[78]\d|9[0-5])|210\.14\.(?:\d|[12]\d|3[01])|210\.213\.(?:6[4-9]|[789]\d|[12]\d\d))\.\d{1,3}) /
  6802. describe IPG_PH [PH]Philippine Long Distance Telephone Company
  6803. score IPG_PH 1.5
  6804.  
  6805. # 58.69.0.0 - 58.69.127.0
  6806. header PLDTDSL_PH X-Spam-Relays-Untrusted =~ /^\[ ip=58\.69\.(\d|\d\d|1[01]\d|12[0-7])\.\d{1,3} /
  6807. describe PLDTDSL_PH [PH]DSL_Consumer
  6808. score PLDTDSL_PH 1.5
  6809.  
  6810. # 203.131.64.0 - 203.131.191.255
  6811. header INFOCOM_PH X-Spam-Relays-Untrusted =~ /^\[ ip=(?:111\.221\.[0-7]|203\.131\.(6[4-9]|[7-9]\d|1[0-8]\d|19[01]))\.\d{1,3} /
  6812. describe INFOCOM_PH [PH]INFOCOM Technologies Inc
  6813. score INFOCOM_PH 1.5
  6814.  
  6815. # 124.6.128.0 - 124.6.191.255
  6816. # 203.177.0.0 - 203.177.255.255
  6817. # 222.127.0.0 - 222.127.127.255
  6818. header GLOBET_PH X-Spam-Relays-Untrusted =~ /^\[ ip=(?:124\.6\.1(2[89]|[3-8]\d|9[01])\.\d{1,3}|(203\.177|222\.127)(?:\.\d{1,3}){2}) /
  6819. describe GLOBET_PH [PH]Globe Telecom/Innove Communication
  6820. score GLOBET_PH 1.5
  6821.  
  6822. # 210.23.96.0 - 210.23.127.255
  6823. header PI_PH X-Spam-Relays-Untrusted =~ /^\[ ip=210\.23\.(9[6-9]|1[01]\d|12[0-7])\.\d{1,3} /
  6824. describe PI_PH [PH]Pacific Internet Philippines
  6825. score PI_PH 1.5
  6826.  
  6827. # 124.104.176.0 - 124.104.191.255
  6828. header CONS_PH X-Spam-Relays-Untrusted =~ /^\[ ip=124\.104\.1(7[6-9]|8\d|9[01])\.\d{1,3} /
  6829. describe CONS_PH [PH]GNTC7300i02_Consumer
  6830. score CONS_PH 1.5
  6831.  
  6832. # 203.167.0.0 - 203.167.31.255
  6833. header TRIDEL_TECH_PH X-Spam-Relays-Untrusted =~ /^\[ ip=203\.167\.(\d|[12]\d|3[01])\.\d{1,3} /
  6834. describe TRIDEL_TECH_PH [PH]Tridel Technologies, Inc.
  6835. score TRIDEL_TECH_PH 1.5
  6836.  
  6837. # 117.103.40.0 - 117.103.47.255
  6838. # 119.27.128.0 - 119.27.159.255
  6839. # 115.166.64.0 - 115.166.95.255
  6840. header INFOVISION_PH X-Spam-Relays-Untrusted =~ /^\[ ip=(?:115\.166.(6[4-9]|[78]\d|9[0-5])|117\.103\.4[0-7]|119\.27\.1(2[89]|[345]\d))\.\d{1,3} /
  6841. describe INFOVISION_PH [PH]Infovision Data Hosting Services
  6842. score INFOVISION_PH 1.5
  6843.  
  6844. # 61.28.128.0 - 61.28.191.255
  6845. # 117.104.240.0 - 117.104.255.255
  6846. # 116.50.128.0 - 116.50.255.255
  6847. # 203.167.64.0 - 203.167.95.255
  6848. header ETPI_PH X-Spam-Relays-Untrusted =~ /^\[ ip=(?:61\.28\.1(?:2[89]|[3-8]\d|9[01])|112\.199\.(?:\d|\d\d|1[01]\d|12[0-7])|113\.61\.(?:3[2-9]|[45]\d|6[0-3])|(?:112\.196|115\.84)\.2(?:2[4-9]|[345]\d)|115\.85\.(?:\d|[1-5]\d|6[0-3])|116\.50\.(?:12[89]|1[3-9]\d|2\d\d)|117\.104\.2[45]\d|120\.89\.(?:\d|[1-5]\d|6[0-3])|180\.232\.\d{1,3}|202\.164\.(?:1[678]\d|19[01])|202\.167\.(?:9[6-9]|1[01]\d|12[0-7])|202\.175\.(?:19[2-9]|2\d\d)|203\.167\.(?:6[4-9]|[78]\d|9[0-5]))\.\d{1,3} /
  6849. describe ETPI_PH [PH]Eastern Telecoms Philippines, Inc.
  6850. score ETPI_PH 1.5
  6851.  
  6852. header GLOBALSPEED_PH X-Spam-Relays-Untrusted =~ /^\[ ip=(?:27\.123\.2(?:2[4-9]|[345]\d)|27\.124\.(?:6[4-9]|7\d)|180\.94\.(?:\d|[12]\d|3[01])|182\.54\.1(?:2[89]|[345]\d))\.\d{1,3} /
  6853. describe GLOBALSPEED_PH [PH]GLOBALSPEED-PH
  6854. score GLOBALSPEED_PH 1.5
  6855.  
  6856. # 110.232.160.0-110.232.175.255
  6857. # 122.202.96.0 - 122.202.127.255
  6858. header NEXTWEB_PH X-Spam-Relays-Untrusted =~ /^\[ ip=(?:110\.44\.1(?:2[89]|3\d|4[0-3])|110\.232\.1(?:6\d|7[0-5])|112\.109\.(?:\d|1[0-5])|113\.20\.1(?:[678]\d|9[01])|122\.202\.(?:9[6-9]|1[01]\d|12[0-7])|182\.255\.(?:3[2-9]|[45]\d|6[0-3]))\.\d{1,3} /
  6859. describe NEXTWEB_PH [PH]NEXT WEB PHIL
  6860. score NEXTWEB_PH 1.5
  6861.  
  6862. # 219.90.64.0 - 219.90.95.255
  6863. header INTERISLANDNET_PH X-Spam-Relays-Untrusted =~ /^\[ ip=219\.90\.(?:6[4-9]|[78]\d|9[0-5])\.\d{1,3} /
  6864. describe INTERISLANDNET_PH [PH]INTERISLANDNET Internet Service Provider
  6865. score INTERISLANDNET_PH 1.5
  6866.  
  6867. # 121.58.192.0 - 121.58.255.255
  6868. header COMCLARK_PH X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:111\.125|120\.29)\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])|121\.58\.(?:19[2-9]|2\d\d)|210\.4\.(?:9[6-9]|1[01]\d|12[0-7]))\.\d{1,3} /
  6869. describe COMCLARK_PH [PH]Comclark Bldg. Pres. M.A. Roxas Hi-way, CSEZ Clarkfield, Pampanga
  6870. score COMCLARK_PH 1.5
  6871.  
  6872. header DIGITELONE_PH X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:115\.147|180\.19[2-5])(?:\.\d{1,3}){2}|115\.146\.(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3}) /
  6873. describe DIGITELONE_PH [PH]Digitel Philippines
  6874. score DIGITELONE_PH 1.5
  6875.  
  6876. header LBNI_PH X-Spam-Relays-Untrusted =~ /^\[ ip=(?:27\.110|110\.54)\.(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3} /
  6877. describe LBNI_PH [PH]Liberty Broadcasting Network Inc.
  6878. score LBNI_PH 1.5
  6879.  
  6880. # 192-223
  6881. # 120.72.16.0 - 120.72.31.255
  6882. header DCTECH_PH X-Spam-Relays-Untrusted =~ /^\[ ip=(?:120\.72\.(?:1[6-9]|2\d|3[01])|202\.133\.(?:19[2-9]|2[01]\d|22[0-3]))\.\d{1,3} /
  6883. describe DCTECH_PH [PH]DctecH Micro Services, Inc.
  6884. score DCTECH_PH 1.5
  6885.  
  6886. header BELLTELECOM_PH X-Spam-Relays-Untrusted =~ /^\[ ip=202\.86\.(?:19[2-9]|20[0-7])\.\d{1,3} /
  6887. describe BELLTELECOM_PH [PH]Bell Telecommunications Philippines, Inc. 4th floor Pacific Star Bldg. Sen. Gil Puyat Avenue cor. Makati Avenue, Makati City, Philippines
  6888. score BELLTELECOM_PH 1.5
  6889.  
  6890. header SMARTBRO_PH X-Spam-Relays-Untrusted =~ /^\[ ip=(?:121\.54\.(?:\d|\d\d|1[01]\d|12[0-7])|(?:125\.60|203\.87)\.(?:12[89]|1[3-9]\d|2\d\d)|175\.158\.(?:19[2-9]|2\d\d))\.\d{1,3} /
  6891. describe SMARTBRO_PH [PH]Smart Broadband Incorporated Wireless Broadband Access Ayala Avenue, Makati City
  6892. score SMARTBRO_PH 1.5
  6893.  
  6894. header YOURWEBSTREAM_PH X-Spam-Relays-Untrusted =~ /^\[ ip=101\.78\.(?:1[6-9]|2\d|3[01])\.\d{1,3} /
  6895. describe YOURWEBSTREAM_PH [PH]Webstream Bldg ,J Palma Gil Street, Davao City,Philippines
  6896. score YOURWEBSTREAM_PH 1.5
  6897.  
  6898. header HRWIRE2008_PH X-Spam-Relays-Untrusted =~ /^\[ ip=14\.192\.(?:\d|[12]\d|3[01])\.\d{1,3} /
  6899. describe HRWIRE2008_PH [PH]Ground Floor TBS Bldg., Corrales Avenue,Cagayan de Oro City, Philippines
  6900. score HRWIRE2008_PH 1.5
  6901.  
  6902. header MARBELNETWORKS_PH X-Spam-Relays-Untrusted =~ /^\[ ip=119\.42\.(?:3[2-9]|[45]\d|6[0-3])\.\d{1,3} /
  6903. describe MARBELNETWORKS_PH [PH]Gnd Flr , Marbel Telecom Bldg General Paulino Drive
  6904. score MARBELNETWORKS_PH 1.5
  6905.  
  6906. header CABLE51_PH X-Spam-Relays-Untrusted =~ /^\[ ip=202\.5\.(?:1[6-9]|2\d|3[01])\.\d{1,3} /
  6907. describe CABLE51_PH [PH]Pendatun Avenue, cor National Highway
  6908. score CABLE51_PH 1.5
  6909.  
  6910. header DESTINYNOC_PH X-Spam-Relays-Untrusted =~ /^\[ ip=(?:202\.8\.2(?:2[4-9]|[345]\d)|202\.128\.(?:2[2-9]|[345]\d|6[0-3]))\.\d{1,3} /
  6911. describe DESTINYNOC_PH [PH]Destiny Inc. Cable Internet Service Provider Makati City, Philippines
  6912. score DESTINYNOC_PH 1.5
  6913.  
  6914.  
  6915. # 220.255.0.0 - 220.255.255.255
  6916. # 219.74.0.0 - 219.75.127.255
  6917. # 121.6.0.0 - 121.7.255.255
  6918. # header SINGNET_SG X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:58\.185|119\.74|121\.[67]|203\.127|219\.74|220\.255)(?:\.\d{1,3}){2}|116\.12\.(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3}|(?:203\.125|219\.75)\.(?:\d|\d\d|1[01]\d|12[0-7])\.\d{1,3}) /
  6919. header SINGNET_SG X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:58\.185|116\.1[45]|119\.74|121\.[67]|203\.12[67]|219\.74|220\.255)(?:\.\d{1,3}){2}|(?:115\.42|116\.12|119\.73)\.(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3}|(?:203\.125|219\.75)\.(?:\d|\d\d|1[01]\d|12[0-7])\.\d{1,3}|203\.126\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])\.\d{1,3}) /
  6920. describe SINGNET_SG [SG]SingNet Pte Ltd
  6921. score SINGNET_SG 1.5
  6922.  
  6923. # 222.164.0.0 - 222.165.127.255
  6924. # header SGCABLEVISION_SG X-Spam-Relays-Untrusted =~ /ip=(222\.164(\.\d{1,3}){2}|222\.165\.(\d|[1-9]\d|1[01]\d|12[0-7])\.\d{1,3}) [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  6925. # StarHub HSPA HSDPA STARHUB starhub AS4657
  6926. header SGCABLEVISION_SG X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:58\.182|59\.189|116\.8[678]|202\.156|203\.11[67]|218\.186|222\.164)(?:\.\d{1,3}){2}|58\.146\.(?:12[89]|1[3-8]\d|19[01])\.\d{1,3}|61\.8\.(?:19[2-9]|2\d\d)\.\d{1,3}|113\.10\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])\.\d{1,3}|117\.20\.1(?:2[89]|[3-8]\d|9[01])\.\d{1,3}|124\.155\.(?:19[2-9]|2[01]\d|22[0-3])\.\d{1,3}|202\.156\.(9[6-9]|1[01]\d|12[0-7])\.\d{1,3}|(?:27\.54|203\.118)\.(\d|[1-5]\d|6[0-3])\.\d{1,3}|222\.165\.(\d|[1-9]\d|1[01]\d|12[0-7])\.\d{1,3}) /
  6927. describe SGCABLEVISION_SG [SG]StarHub Cable Vision Ltd Singapore Broadband Access Provider
  6928. score SGCABLEVISION_SG 1.5
  6929.  
  6930. header MOBILEONE_SG X-Spam-Relays-Untrusted =~ /^\[ ip=(?:27\.104\.\d{1,3}|49\.245\.\d{1,3}|112\.199\.(?:12[89]|1[3-9]\d|2\d\d)|116\.197\.(?:19[2-9]|2\d\d)|(?:119\.56|124\.197)\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])|175\.156\.\d{1,3}|180\.129\.(?:\d|\d\d|1[01]\d|12[0-7]))\.\d{1,3} /
  6931. describe MOBILEONE_SG [SG]MobileOne Ltd
  6932. score MOBILEONE_SG 1.5
  6933.  
  6934. # SPARKSTATION PTE LTD
  6935. # AIDI-SG
  6936. header QALA_SG X-Spam-Relays-Untrusted =~ /^\[ ip=(?:112\.140\.18[4-7]|120\.50\.(?:3[2-9]|4[0-7])|180\.210\.20[0-7]|(?:202\.63|203\.211)\.1(?:2[89]|[345]\d)|202\.172\.(?:3[2-9]|[45]\d|6[0-3])|210\.193\.(?:\d|[1-5]\d|6[0-3]))\.\d{1,3} /
  6937. describe QALA_SG [SG]M1 CONNECT PTE. LTD.
  6938. score QALA_SG 1.5
  6939.  
  6940. header SKYDIO_SG X-Spam-Relays-Untrusted =~ /^\[ ip=(?:114\.129\.(?:3[2-9]|4[0-7])|203\.83\.250|203\.169\.[67])\.\d{1,3} /
  6941. describe SKYDIO_SG [SG]Skydio Pte Ltd, Server Hosting Provider, Singapore
  6942. score SKYDIO_SG 1.5
  6943.  
  6944. header EQUINIXAP_NET_SG X-Spam-Relays-Untrusted =~ /^\[ ip=(?:122\.50\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])|202\.167\.2(?:2[4-9]|[345]\d)|202\.177\.(?:19[2-9]|2[01]\d|22[0-3])|203\.190\.2(?:2[4-9]|3\d))\.\d{1,3} /
  6945. describe EQUINIXAP_NET_SG [SG]Equinix Asia Pacific
  6946. score EQUINIXAP_NET_SG 1.5
  6947.  
  6948. header NEWMEDIAEXPRESS_SG X-Spam-Relays-Untrusted =~ /^\[ ip=202\.150\.2(?:0[89]|1\d|2[0-3])\.\d{1,3} /
  6949. describe NEWMEDIAEXPRESS_SG [SG]NewMedia Express Pte Ltd, Singapore Web Hosting
  6950. score NEWMEDIAEXPRESS_SG 1.5
  6951.  
  6952. # 202.172.160.0 - 202.172.255.255
  6953. header ONE_NET_SG X-Spam-Relays-Untrusted =~ /^\[ ip=202\.172\.(?:1[6-9]\d|2\d\d)\.\d{1,3} /
  6954. describe ONE_NET_SG [SG]1-Net Singapore Pte Ltd
  6955. score ONE_NET_SG 1.5
  6956.  
  6957. header TPNET_SG X-Spam-Relays-Untrusted =~ /^\[ ip=152\.226(?:\.\d{1,3}){2} /
  6958. describe TPNET_SG [SG]imported inetnum object for TEMASE
  6959. score TPNET_SG 1.5
  6960.  
  6961. # 203.142.10.0 - 203.142.31.255
  6962. header WEBVISIONS_SG X-Spam-Relays-Untrusted =~ /^\[ ip=(?:123\.100\.2(?:2[4-9]|[345]\d)|202\.157\.1(?:2[89]|[3-8]\d)|203\.142\.(?:[12]\d|3[01]))\.\d{1,3} /
  6963. describe WEBVISIONS_SG [SG]Webvisions Pte Ltd
  6964. score WEBVISIONS_SG 1.5
  6965.  
  6966. header USONYX_NET_SG X-Spam-Relays-Untrusted =~ /^\[ ip=113\.197\.3[2-9]\.\d{1,3} /
  6967. describe USONYX_NET_SG [SG]USONYX Singapore Broadband Web Hosting Services Sumitomo Shibadaimon Bldg. 10F 2-5-5, Shibadaimon Minato-ku, Tokyo 105-0012 Japan
  6968. score USONYX_NET_SG 1.5
  6969.  
  6970. header SINGTEL_SG X-Spam-Relays-Untrusted =~ /^\[ ip=(?:119\.234\.\d{1,3}|202\.63\.2(?:2[4-9]|3\d))\.\d{1,3} /
  6971. describe SINGTEL_SG [SG]SingTel Ltd Regional Satelite Business Service Provider Singapore
  6972. score SINGTEL_SG 1.5
  6973.  
  6974. header YAHOO_SG X-Spam-Relays-Untrusted =~ /^\[ ip=106\.10\.1(?:2[89]|[3-8]\d|9[01])\.\d{1,3} /
  6975. describe YAHOO_SG [SG]Yahoo! SG3
  6976. score YAHOO_SG 1.5
  6977.  
  6978.  
  6979. # 203.208.64.0 - 203.208.127.255
  6980. header HFCCABLE_AU X-Spam-Relays-Untrusted =~ /ip=203\.208\.(6[4-9]|[7-9]\d|1[01]\d|12[0-7])\.\d{1,3} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  6981. describe HFCCABLE_AU [AU]Provider of Internet, Telecommunications services and PayTV over Broadband HFC cable network throughout regional VIC.
  6982. score HFCCABLE_AU 1.5
  6983.  
  6984. header OPTUSINTERNET_AU X-Spam-Relays-Untrusted =~ /^\[ ip=(?:1\.4[0-3]|42\.241|49\.1(7[6-9]|8\d|9[01])|58\.1(?:0[4-9]|1[01])|114\.7[2-5]|119\.225|122\.1(?:0[4-9]|1[01])|220\.23[6-9])(?:\.\d{1,3}){2} /
  6985. describe OPTUSINTERNET_AU [AU]OPTUS INTERNET - RETAIL INTERNET SERVICES
  6986. score OPTUSINTERNET_AU 1.5
  6987.  
  6988. header TELSTRAINTERNET_AU X-Spam-Relays-Untrusted =~ /^\[ ip=(?:1\.1[2-5]\d|58\.1(?:6\d|7[0-5])|60\.2(?:2[4-9]|3[01])|101\.1(?:[678]\d|9[01])|110\.14[0-3]|120\.1(?:4[4-9]|5\d)|121\.2(?:0[89]|1\d|2[0-3])|144\.13[12]|203\.(?:3[6-9]|4[0-7]))(?:\.\d{1,3}){2} /
  6989. describe TELSTRAINTERNET_AU [AU]Telstra Internet
  6990. score TELSTRAINTERNET_AU 1.5
  6991.  
  6992. header RWTS_AU X-Spam-Relays-Untrusted =~ /^\[ ip=114\.141\.(?:9[6-9]|10\d|11[01])\.\d{1,3} /
  6993. describe RWTS_AU [AU]Real World Internet
  6994. score RWTS_AU 1.5
  6995.  
  6996. header TPG_AU X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:14\.20[0-3]|27\.3[23]|60\.24[01]|110\.17[45]|115\.64|123\.243|220\.24[45])(?:\.\d{1,3}){2}|203\.213\.(?:\d|\d\d|1[01]\d|12[0-7])\.\d{1,3}) /
  6997. describe TPG_AU [AU]TPG Internet Pty Ltd.
  6998. score TPG_AU 1.5
  6999.  
  7000. header DODO_AU X-Spam-Relays-Untrusted =~ /^\[ ip=(?:122\.1(?:4[89]|5[01])|123\.[23])(?:\.\d{1,3}){2} /
  7001. describe DODO_AU [AU]Layer 2 Broadband Customer Network
  7002. score DODO_AU 1.5
  7003.  
  7004. header IINET_AU X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:58\.[67]|124\.1(?:4[89]|7[01]))\.\d{1,3}|202\.72\.1(?:2[89]|[3-8]\d|9[01]))\.\d{1,3} /
  7005. describe IINET_AU [AU]iiNet Limited
  7006. score IINET_AU 1.5
  7007.  
  7008. header VODAFONE_AU X-Spam-Relays-Untrusted =~ /^\[ ip=(?:101\.11[2-9]|120\.(?:1[6-9]|2[0-3]))(?:\.\d{1,3}){2} /
  7009. describe VODAFONE_AU [AU]Vodafone Australia Pty. Mobile Service Provider 799 Pacific Highway Chatswood NSW 2067
  7010. score VODAFONE_AU 1.5
  7011.  
  7012. header M2TELECOMMUNICATIONS_AU X-Spam-Relays-Untrusted =~ /^\[ ip=(?:111\.220|218\.21[45])(?:\.\d{1,3}){2} /
  7013. describe M2TELECOMMUNICATIONS_AU [AU]M2 Telecommunications Group Ltd
  7014. score M2TELECOMMUNICATIONS_AU 1.5
  7015.  
  7016. header VIVIDWIRELESS_AU X-Spam-Relays-Untrusted =~ /^\[ ip=180\.216(?:\.\d{1,3}){2} /
  7017. describe VIVIDWIRELESS_AU [AU]vividwireless Pty Ltd Level 21, 1 Market Street, Sydney, NSW 2000
  7018. score VIVIDWIRELESS_AU 1.5
  7019.  
  7020.  
  7021. # 203.81.192.0 - 203.81.239.255
  7022. # header WORLDCALL_PK X-Spam-Relays-Untrusted =~ /ip=203\.81\.(19[2-9]|2[0-3]\d)\.\d{1,3} [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  7023. header WORLDCALL_PK X-Spam-Relays-Untrusted =~ /^\[ ip=(?:115\.186\.(?:\d|\d\d|1[01]\d|12[0-7])|117\.102\.(?:\d|[1-5]\d|6[0-3])|203\.81\.(?:19[2-9]|2[0-3]\d))\.\d{1,3} /
  7024. describe WORLDCALL_PK [PK]WorldCALL Multimedia Ltd
  7025. score WORLDCALL_PK 1.5
  7026.  
  7027. # 119.152.0.0 - 119.159.255.255
  7028. # 221.120.192.0 - 221.120.255.255
  7029. header PTCL_PK X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:39\.(?:3[2-9]|[45]\d|6[0-3])|59\.103|116\.71|119\.15[2-9]|182\.1(?:7[6-9]|8\d|9[01]))(?:\.\d{1,3}){2}|(?:203\.99\.1(?:[678]\d|9[01])|203\.135\.(?:\d|[1-5]\d|6[0-3])|221\.120\.(?:19[2-9]|2\d\d))\.\d{1,3}) /
  7030. describe PTCL_PK [PK]Pakistan Telecommunication Company Limited
  7031. score PTCL_PK 1.5
  7032.  
  7033. header LINKDOTNET_PK X-Spam-Relays-Untrusted =~ /^\[ ip=(?:119\.30\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])|119\.73\.(?:\d|\d\d|1[01]\d|12[0-7])|202\.61\.(?:3[2-9]|[45]\d|6[0-3])|203\.223\.1(?:6\d|7[0-5])|210\.2\.(?:12[89]|1[3-8]\d|19[01]))\.\d{1,3} /
  7034. describe LINKDOTNET_PK [PK]LINKdotNET Telecom Limited
  7035. score LINKDOTNET_PK 1.5
  7036.  
  7037. header CYBERNET_PK X-Spam-Relays-Untrusted =~ /^\[ ip=61\.5\.1(?:2[89]|[345]\d)\.\d{1,3} /
  7038. describe CYBERNET_PK [PK]CYBER INTERNET SERVICES (PVT.) LTD. PAKISTAN BASED ISP
  7039. score CYBERNET_PK 1.5
  7040.  
  7041. # SNET-PK
  7042. header MULTINETBROADBAND_PK X-Spam-Relays-Untrusted =~ /^\[ ip=(?:118\.107\.1(?:2[89]|3\d|4[0-3])|125\.209\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])|202\.141\.2(?:2[4-9]|[345]\d))\.\d{1,3} /
  7043. describe MULTINETBROADBAND_PK [PK]MULTINETBROADBAND Karachi
  7044. score MULTINETBROADBAND_PK 1.5
  7045.  
  7046. header NTCPKNET_PK X-Spam-Relays-Untrusted =~ /^\[ ip=202\.83\.1(?:6\d|7[0-5])\.\d{1,3} /
  7047. describe NTCPKNET_PK [PK]National Telecom Corporation Sector F 5/1, Islamabad Pakistan
  7048. score NTCPKNET_PK 1.5
  7049.  
  7050. header WATEEN_PK X-Spam-Relays-Untrusted =~ /^\[ ip=(?:58\.27\.(?:12[89]|1[3-9]\d|2\d\d)|110\.3[6-9]\.\d{1,3})\.\d{1,3} /
  7051. describe WATEEN_PK [PK]National WiMAX/IMS environment
  7052. score WATEEN_PK 1.5
  7053.  
  7054. # MAINT-PK-BURRAQTEL-ASADKARIM
  7055. header WITRIBE_PK X-Spam-Relays-Untrusted =~ /^\[ ip=(?:115\.167\.(?:\d|\d\d|1[01]\d|12[0-7])|(?:139\.190|175\.110)\.\d{1,3})\.\d{1,3} /
  7056. describe WITRIBE_PK [PK]Telecom Services (DLI/WLL) Provider
  7057. score WITRIBE_PK 1.5
  7058.  
  7059.  
  7060. header NEXLINX_PK X-Spam-Relays-Untrusted =~ /^\[ ip=(?:116\.58\.(?:\d|\d\d|1[01]\d|12[0-7])|202\.59\.(?:6[4-9]|[78]\d|9[0-5]))\.\d{1,3} /
  7061. describe NEXLINX_PK [PK]Nexlinx ISP Pakistan Nexlinx Networks
  7062. score NEXLINX_PK 1.5
  7063.  
  7064. header GERRYSNET_PK X-Spam-Relays-Untrusted =~ /^\[ ip=(?:202\.69\.(?:3[2-9]|4[0-6])|202\.142\.1(?:4[4-9]|5\d))\.\d{1,3} /
  7065. describe GERRYSNET_PK [PK]Gerrys Information Technology (PVT) Ltd 4th Floor,Central Hotel Building, Mereweather Road Karachi
  7066. score GERRYSNET_PK 1.5
  7067.  
  7068. header FIBERLINK_PK X-Spam-Relays-Untrusted =~ /^\[ ip=(?:27\.255\.(?:\d|[1-5]\d|6[0-3])|110\.34\.3[2-9])\.\d{1,3} /
  7069. describe FIBERLINK_PK [PK]611 6th Floor Park Avenue
  7070. score FIBERLINK_PK 1.5
  7071.  
  7072. header NTCISP_PK X-Spam-Relays-Untrusted =~ /^\[ ip=175\.107\.(?:\d|[1-5]\d|6[0-3])\.\d{1,3} /
  7073. describe NTCISP_PK [PK]National Telecommunication Corporation NTC Headquarters Sector F-5/1
  7074. score NTCISP_PK 1.5
  7075.  
  7076. header CONNECT_PK X-Spam-Relays-Untrusted =~ /^\[ ip=(?:111\.119\.1(?:[678]\d|9[01])|115\.42\.(?:6[4-9]|7\d])|118\.103\.2(?:2[4-9]|3\d]))\.\d{1,3} /
  7077. describe CONNECT_PK [PK]Metro Ethernet Network Connect Communication
  7078. score CONNECT_PK 1.5
  7079.  
  7080. # 117.20.31.163
  7081. header TWA_PK X-Spam-Relays-Untrusted =~ /^\[ ip=(?:110\.93\.(?:19[2-9]|2\d\d)|117\.20\.(?:1[6-9]|2\d]|3[01]))\.\d{1,3} /
  7082. describe TWA_PK [PK]Transworld Associates (Pvt.) Ltd. 6th Floor, Executive Tower, Dolmen City Marine Drive, Clifton Block 4 Karachi, Pakistan
  7083. score TWA_PK 1.5
  7084.  
  7085. header NIPPAGROUP_PK X-Spam-Relays-Untrusted =~ /^\[ ip=103\.5\.13[6-9]\.\d{1,3} /
  7086. describe NIPPAGROUP_PK [PK]IDEAS WORKSHOP PRIVATE LIMITED No.14, Street 67, G-6/4
  7087. score NIPPAGROUP_PK 1.5
  7088.  
  7089.  
  7090.  
  7091. # 222.165.128.0 - 222.165.191.255
  7092. header LKTELECOM_LK X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:112\.13[45]|124\.43)\.\d{1,3}|222\.165\.(?:12[89]|1[3-8]\d|139[01]))\.\d{1,3} /
  7093. describe LKTELECOM_LK [LK]Sri Lanka Telecom Internet Service Provider in Sri Lanka
  7094. score LKTELECOM_LK 1.5
  7095.  
  7096. # 123.231.0.0 - 123.231.127.255
  7097. # DIALOG
  7098. # Dialog Telekom PLC
  7099. # MAINT-LK-MTTADMIN
  7100. header MTT_LK X-Spam-Relays-Untrusted =~ /^\[ ip=(?:103\.2\.1(?:4[89]|5[01])|111\.223\.1(?:2[89]|[3-8]\d|9[01])|123\.231\.(?:\d|\d\d|1[01]\d|12[0-7])|175\.157\.\d{1,3})\.\d{1,3} /
  7101. describe MTT_LK [LK]MTT Network Pvt Ltd 278, 4th Level, Aceccess towers, Union Place, descr: Colombo 02
  7102. score MTT_LK 1.5
  7103.  
  7104. header MOBITEL_LK X-Spam-Relays-Untrusted =~ /^\[ ip=(?:61\.245\.1(?:6\d|7[0-5])|202\.129\.23[2-5])\.\d{1,3} /
  7105. describe MOBITEL_LK [LK]IS Group No 108 W A D Ramanayake Mawatha,
  7106. score MOBITEL_LK 1.5
  7107.  
  7108. header BELLNET_LK X-Spam-Relays-Untrusted =~ /^\[ ip=(?:113\.59\.(?:19[2-9]|2[01]\d|22[0-3])|119\.235\.(?:\d|1[0-5]))\.\d{1,3} /
  7109. describe BELLNET_LK [LK]LankaBell (pvt) Limited, WLL, Broad band Telecom provider, ISP Colombo Sri Lanka
  7110. score BELLNET_LK 1.5
  7111.  
  7112. header ETISALATLKNET_LK X-Spam-Relays-Untrusted =~ /^\[ ip=203\.189\.1(?:8[4-9]|9[01])\.\d{1,3} /
  7113. describe ETISALATLKNET_LK [LK]Etisalat Lanka (Private) Ltd
  7114. score ETISALATLKNET_LK 1.5
  7115.  
  7116. # 112.135.-
  7117. # 220.247.192-
  7118. header SLT_LK X-Spam-Relays-Untrusted =~ /^\[ ip=(?:112\.135\.\d{1,3}|220\.247\.(?:19[2-9]|2\d\d))\.\d{1,3} /
  7119. describe SLT_LK [LK]SRI LANKA TELECOM Internet Division 7th floor OTS Building Sri Lanka Telecom Lotus Road Colombo-1
  7120. score SLT_LK 1.5
  7121.  
  7122. header AIRTEL_LK X-Spam-Relays-Untrusted =~ /^\[ ip=101\.2\.1(?:7[6-9]|8\d|9[01])\.\d{1,3} /
  7123. describe AIRTEL_LK [LK]Bharti Airtel Lanka Pvt. Limited 598, Elvitigala Mawatha
  7124. score AIRTEL_LK 1.5
  7125.  
  7126. header SUNTEL_LK X-Spam-Relays-Untrusted =~ /^\[ ip=(?:122\.255\.(?:[89]|1[0-5])|182\.161\.(?:\d|[12]\d|3[01]))\.\d{1,3} /
  7127. describe SUNTEL_LK [LK]Suntel-Dialog Broadband
  7128. score SUNTEL_LK 1.5
  7129.  
  7130.  
  7131. header DCL_BD X-Spam-Relays-Untrusted =~ /^\[ ip=202\.4\.(?:9[6-9]|1[01]\d|12[0-7])\.\d{1,3} /
  7132. describe DCL_BD [BD]DhakaCom Limited
  7133. score DCL_BD 1.5
  7134.  
  7135. header BTTB_BD X-Spam-Relays-Untrusted =~ /^\[ ip=(?:123\.49\.(?:\d|[1-5]\d|6[0-3])|180\.211\.(?:12[89]|1[3-9]\d|2\d\d)|202\.79\.(?:1[6-9]|2[0-3])|203\.112\.(?:19[2-9]|2[01]\d|22[0-3]))\.\d{1,3} /
  7136. describe BTTB_BD [BD]Bangladesh Telecommunications Company Ltd. (BTCL)
  7137. score BTTB_BD 1.5
  7138.  
  7139. header AGNISYS_BD X-Spam-Relays-Untrusted =~ /^\[ ip=116\.68\.(?:19[2-9]|20[0-7])\.\d{1,3} /
  7140. describe AGNISYS_BD [BD]Agni Systems Ltd. Navana Tower, 11th Floor, Suite-A 45 Gulshan Avenue, Gulshan-1, Dhaka-1212.
  7141. score AGNISYS_BD 1.5
  7142.  
  7143. header GRAMEENPHONEIT_BD X-Spam-Relays-Untrusted =~ /^\[ ip=119\.30\.(?:3[2-9]|4[0-7])\.\d{1,3} /
  7144. describe GRAMEENPHONEIT_BD [BD]Grameenphone Ltd. Telecommunication Company Internet service provider via GPRS/EDGE Dhaka, Bangladesh
  7145. score GRAMEENPHONEIT_BD 1.5
  7146.  
  7147. header DAFFODILNET_BD X-Spam-Relays-Untrusted =~ /^\[ ip=203\.190\.(?:[89]|1[0-5])\.\d{1,3} /
  7148. describe DAFFODILNET_BD [BD]Daffodil Online Limited, Internet Service Provider, Dhaka, Bangladesh
  7149. score DAFFODILNET_BD 1.5
  7150.  
  7151. header ALAPCOM_BD X-Spam-Relays-Untrusted =~ /^\[ ip=202\.161\.1(?:7[6-9]|8\d|9[01])\.\d{1,3} /
  7152. describe ALAPCOM_BD [BD]ALAPCOMMUNICATION Alap Communication Ltd. ,Data/Internet Service Provider,Bangladesh
  7153. score ALAPCOM_BD 1.5
  7154.  
  7155. header BDCOM_BD X-Spam-Relays-Untrusted =~ /^\[ ip=(?:113\.11\.(\d|\d\d|1[01]\d|12[0-7])|210\.4\.(?:6[4-9]|7\d))\.\d{1,3} /
  7156. describe BDCOM_BD [BD]BDCOM Online Limited, Internet Service Provider, Dhaka, Bangladesh
  7157. score BDCOM_BD 1.5
  7158.  
  7159. header LINK3_BD X-Spam-Relays-Untrusted =~ /^\[ ip=(?:27\.147\.(?:12[89]|1[3-9]\d|2\d\d)|123\.200\.(\d|[12]\d|3[01]))\.\d{1,3} /
  7160. describe LINK3_BD [BD]Link3 Technologies Limited LandView Tower, 8th Floor, 28 Gulshan North C/A, Gulshan Circle 2,
  7161. score LINK3_BD 1.5
  7162.  
  7163. header EXCELCO_LTD_BD X-Spam-Relays-Untrusted =~ /^\[ ip=103\.9\.15[6-9]\.\d{1,3} /
  7164. describe EXCELCO_LTD_BD [BD]Excel Company Ltd Bashundhara
  7165. score EXCELCO_LTD_BD 1.5
  7166.  
  7167.  
  7168.  
  7169.  
  7170. header GEMNET_MN X-Spam-Relays-Untrusted =~ /^\[ ip=180\.149\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])\.\d{1,3} /
  7171. describe GEMNET_MN [MN]Code M building #305
  7172. score GEMNET_MN 1.5
  7173.  
  7174. header YOKOZUNANET_MN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:49\.0\.(?:12[89]|1[3-9]\d|2\d\d)|180\.235\.1(?:[678]\d|9[01]))\.\d{1,3} /
  7175. describe YOKOZUNANET_MN [MN]internet service provider ulaanbaatar, mongolia
  7176. score YOKOZUNANET_MN 1.5
  7177.  
  7178. # BODICOM
  7179. header MONGOLNET_MN X-Spam-Relays-Untrusted =~ /^\[ ip=202\.170\.(?:6[4-9]|[78]\d|9[0-5])\.\d{1,3} /
  7180. describe MONGOLNET_MN [MN]Bodicomputer Co.,ltd. Ulaanbaatar,MONGOLIA
  7181. score MONGOLNET_MN 1.5
  7182.  
  7183. header MCSCOM_MN X-Spam-Relays-Untrusted =~ /^\[ ip=202\.70\.(?:3[2-9]|4[0-7])\.\d{1,3} /
  7184. describe MCSCOM_MN [MN]The first E-commerce ISP in Mongolia.
  7185. score MCSCOM_MN 1.5
  7186.  
  7187. header CITINET_MN X-Spam-Relays-Untrusted =~ /^\[ ip=124\.158\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])\.\d{1,3} /
  7188. describe CITINET_MN [MN]CITINET LLC
  7189. score CITINET_MN 1.5
  7190.  
  7191. header MOBINET_MN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:202\.21\.(?:9[6-9]|1[01]\d|12[0-7])|202\.131\.2(?:2[4-9]|[345]\d))\.\d{1,3} /
  7192. describe MOBINET_MN [MN]MobiCom Corporation Ulaanbaatar
  7193. score MOBINET_MN 1.5
  7194.  
  7195. header ULUSNET_MN X-Spam-Relays-Untrusted =~ /^\[ ip=202\.126\.(?:8[89]|9[0-5])\.\d{1,3} /
  7196. describe ULUSNET_MN [MN]Ulusnet, ISP, Ulaanbaatar, Mongolia
  7197. score ULUSNET_MN 1.5
  7198.  
  7199. header ERDEMNET_MN X-Spam-Relays-Untrusted =~ /^\[ ip=202\.5\.(?:19[2-9]|20[0-7])\.\d{1,3} /
  7200. describe ERDEMNET_MN [MN]ERDEMNET ISP Center, Computer Science Management School of MUST P.O.Box - 313, Postal code - 210349 Ulaanbaatar - 49, Mongolia
  7201. score ERDEMNET_MN 1.5
  7202.  
  7203. header TELEMAX_MN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:103\.23\.(?:4[89]|5[01])|202\.9\.4[0-7])\.\d{1,3} /
  7204. describe TELEMAX_MN [MN]Telemax Communication 3rd Floor Azmon Building Peace avenue SBD
  7205. score TELEMAX_MN 1.5
  7206.  
  7207. header SKYCC_MN X-Spam-Relays-Untrusted =~ /^\[ ip=202\.55\.1(?:7[6-9]|8\d|9[01])\.\d{1,3} /
  7208. describe SKYCC_MN [MN]SKYCC, VoIP and ISP, Ulaanbaatar, Mongolia
  7209. score SKYCC_MN 1.5
  7210.  
  7211. header RAILCOM_MN X-Spam-Relays-Untrusted =~ /^\[ ip=202\.72\.24[0-7]\.\d{1,3} /
  7212. describe RAILCOM_MN [MN]Mongolian Railway Commercial Center - Railcom,
  7213. score RAILCOM_MN 1.5
  7214.  
  7215. header DIGICOM_MN X-Spam-Relays-Untrusted =~ /^\[ ip=203\.169\.(?:4[89]|5[0-5])\.\d{1,3} /
  7216. describe DIGICOM_MN [MN]MN-DIGICOM-20081224
  7217. score DIGICOM_MN 1.5
  7218.  
  7219. header KEWIKONET_MN X-Spam-Relays-Untrusted =~ /^\[ ip=103\.10\.2[0-3]\.\d{1,3} /
  7220. describe KEWIKONET_MN [MN]15 Seoul street Suite #3 2-r Horoo Bayangol District
  7221. score KEWIKONET_MN 1.5
  7222.  
  7223.  
  7224.  
  7225. header CTM_MO X-Spam-Relays-Untrusted =~ /^\[ ip=(?:60\.246\.\d{1,3}|122\.100\.(?:12[89]|1[3-9]\d|2\d\d)|180\.94\.1(?:2[89]|[3-8]\d|9[01])|(?:125\.31|182\.93)\.(?:\d|[1-5]\d|6[0-3])|202\.175\.(?:\d|\d\d|1[01]\d|12[0-7]))\.\d{1,3} /
  7226. describe CTM_MO [MO]Companhia de Telecomunicacoes de Macau
  7227. score CTM_MO 1.5
  7228.  
  7229. header VIETTEL_CAMBODIA_KH X-Spam-Relays-Untrusted =~ /^\[ ip=(?:36.37.(?:12[89]|1[3-9]\d|2\d\d)|111.118.1(?:2[89]|[345]\d)|117\.120\.(?:2[4-9]|3[01])|175\.100\.(?:\d|\d\d|1[01]\d|12[0-7]))\.\d{1,3} /
  7230. describe VIETTEL_CAMBODIA_KH [KH]VIETTEL (CAMBODIA) PTE., LTD.
  7231. score VIETTEL_CAMBODIA_KH 1.5
  7232.  
  7233. header CAMSHIN_KH X-Spam-Relays-Untrusted =~ /^\[ ip=(?:114\.29\.2(?:2[4-9]|[345]\d)|202\.71\.(?:3[2-9]|4[0-7]))\.\d{1,3} /
  7234. describe CAMSHIN_KH [KH]Cambodia Shinawatra Co., Ltd. 66 Mao Tse Toung Blvd., Phnom Penh, Cambodia
  7235. score CAMSHIN_KH 1.5
  7236.  
  7237. header WICAM_KH X-Spam-Relays-Untrusted =~ /^\[ ip=(?:119\.15\.(?:8\d|9[0-5])|202\.79\.(?:2[4-9]|3[01]))\.\d{1,3} /
  7238. describe WICAM_KH [KH]WiCAM ISP, Ltd. Internet Service Provider Phnom Penh, Cambodia
  7239. score WICAM_KH 1.5
  7240.  
  7241. header NEOCOM_KH X-Spam-Relays-Untrusted =~ /^\[ ip=123\.108\.2(?:4[89]|5\d)\.\d{1,3} /
  7242. describe NEOCOM_KH [KH]Neocomisp Internet Service Provider
  7243. score NEOCOM_KH 1.5
  7244.  
  7245. #DTV-STARNET
  7246. header DTVSTAR_KH X-Spam-Relays-Untrusted =~ /^\[ ip=(?:103\.23\.13[2-5]|111\.92\.24[0-3]|114\.134\.1(?:8[4-9]|9[01])|115\.178\.2[4-7])\.\d{1,3} /
  7247. describe DTVSTAR_KH [KH]DTV-STar Co.,Ltd.Phnom Penh, Cambodia
  7248. score DTVSTAR_KH 1.5
  7249.  
  7250.  
  7251. header VZPACIFICA_MP X-Spam-Relays-Untrusted =~ /^\[ ip=(?:202\.88\.(?:6[4-9]|[78]\d|9[0-5])|210\.23\.(?:8\d|9[0-5]))\.\d{1,3} /
  7252. describe VZPACIFICA_MP [MP]Verizon Pacifica Telecommunications Northern Marianas Islands P.O. Box 500306 Saipan, MP 96950
  7253. score VZPACIFICA_MP 1.5
  7254.  
  7255.  
  7256. # 200.74.0.0 - 200.74.127.255
  7257. header METROPOLISINTERCOM Received =~ /from .+200\.74\.([0-9]|[1-9][0-9]|1([01][0-9]|2[0-7]))\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/
  7258. describe METROPOLISINTERCOM [CL]Metropolis Intercom
  7259. score METROPOLISINTERCOM 1.5
  7260.  
  7261. # 86.101.0.0 - 86.101.127.255
  7262. header UPCMK Received =~ /from .+86\.101\.([0-9]|[1-9][0-9]|1([01][0-9]|2[0-7]))\.[0-9]{1,3}/
  7263. describe UPCMK [HU]UPC Magyarorszag Kft.
  7264. score UPCMK 1.5
  7265.  
  7266. # 165.143.0.0 - 165.149.255.255
  7267. header TELKOMNET_ZA X-Spam-Relays-Untrusted =~ /(ip=165\.14[3-9](?:\.\d{1,3}){2}|rdns=dsl(-\d{1,3}){3}\.telkomadsl\.co\.za) [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  7268. describe TELKOMNET_ZA [ZA]Telkom SA Limited
  7269. score TELKOMNET_ZA 1.5
  7270.  
  7271. header TELECOMPLUS_MU X-Spam-Relays-Untrusted =~ /ip=202\.123\.(?:\d|[12]\d|3[01])\.\d{1,3} /
  7272. describe TELECOMPLUS_MU [MU]Telecom Plus Ltd 7th Floor, Telecom Tower Edith Cavell Street Port Louis
  7273. score TELECOMPLUS_MU 1.5
  7274.  
  7275. header LAOTELECOM_LA X-Spam-Relays-Untrusted =~ /^\[ ip=(?:115\.84\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])|202\.137\.1(?:2[89]|[345]\d))\.\d{1,3} /
  7276. describe LAOTELECOM_LA [LA]Telecommunication Service
  7277. score LAOTELECOM_LA 1.5
  7278.  
  7279. # STAR TELECOM
  7280. header UNITEL_LA X-Spam-Relays-Untrusted =~ /^\[ ip=183\.182\.1(?:1[2-9]|2[0-7])\.\d{1,3} /
  7281. describe UNITEL_LA [LA]PO box T511 Phonexay road - Xaysettha district
  7282. score UNITEL_LA 1.5
  7283.  
  7284.  
  7285. header OFFRATEL_NC X-Spam-Relays-Untrusted =~ /ip=(?:175\.158|202\.22)\.1(?:2[89]|[3-8]\d|9[01])\.\d{1,3} /
  7286. describe OFFRATEL_NC [NC]BP 8253 98807 Noumea Sud 101 route de l'Anse Vata Shop Center Vata 1er etage
  7287. score OFFRATEL_NC 1.5
  7288.  
  7289. header MLS_NC X-Spam-Relays-Untrusted =~ /^\[ ip=(?:118\.179\.2(?:4[4-9]|5\d)|202\.22\.2(?:2[4-9]|3\d))\.\d{1,3} /
  7290. describe MLS_NC [NC]Micro Logic Systems 28 rue FVvix Broche P.O BOX 13885 98 803 Noumea Cedex New Caledonia
  7291. score MLS_NC 1.5
  7292.  
  7293. #Bhutan
  7294. header BTTELECOM_BT X-Spam-Relays-Untrusted =~ /^\[ ip=(?:119\.2\.(?:9[6-9]|1[01]\d|12[0-7])|202\.144\.1(?:2[89]|[345]\d))\.\d{1,3} /
  7295. describe BTTELECOM_BT [BT]DrukNet, Bhutan Telecom Thimphu
  7296. score BTTELECOM_BT 1.5
  7297.  
  7298. #Timor-Leste
  7299. header TIMOR_TELECOM_TL X-Spam-Relays-Untrusted =~ /^\[ ip=180\.189\.1(?:6\d|7[0-5])\.\d{1,3} /
  7300. describe TIMOR_TELECOM_TL [TL]ISP network for Timor Telecom
  7301. score TIMOR_TELECOM_TL 1.5
  7302.  
  7303. #Maldives
  7304. #202.21.176.0-202.21.191.255
  7305. header FOCUSINFOCOM_MV X-Spam-Relays-Untrusted =~ /^\[ ip=202\.21\.1(?:7[6-9]|8\d|9[01])\.\d{1,3} /
  7306. describe FOCUSINFOCOM_MV [MV]Focus Infocom Pvt Ltd 4th Floor Fasmeeru Building Boduthakurufaanu Magu
  7307. score FOCUSINFOCOM_MV 1.5
  7308.  
  7309. header INSTA_AF X-Spam-Relays-Untrusted =~ /^\[ ip=(?:117\.104\.2(?:2[4-9]|3[01])|175\.106\.(?:3[2-9]|[345]\d|6[0-3]))\.\d{1,3} /
  7310. describe INSTA_AF [AF]Instatelecom Broadband Satellite, DSL, Wireless, Wi-Fi and Dial-Up Internet service provider.
  7311. score INSTA_AF 1.5
  7312.  
  7313.  
  7314. header XSERVER_UA X-Spam-Relays-Untrusted =~ /^\[ ip=194\.15\.112\.\d{1,3} /
  7315. describe XSERVER_UA [UA]Hosting Solutions Ltd. 00152, Commonwealth of Dominica, Roseau Valley, 8 Copthall
  7316. score XSERVER_UA 1.5
  7317.  
  7318.  
  7319. header NTCINTERNET_NP X-Spam-Relays-Untrusted =~ /^\[ ip=113\.199\.(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3} /
  7320. describe NTCINTERNET_NP [NP]Nepal Telecommunications Corporation Cellular Mobile and New Services Department Pulchowk, Kathmandu
  7321. score NTCINTERNET_NP 1.5
  7322.  
  7323.  
  7324. header SKYNET_IN X-Spam-Relays-Untrusted =~ /^\[ ip=103\.51\.13[2-5]\.\d{1,3} /
  7325. describe SKYNET_IN [IN]Room no.4, Sadhu Bhaiya Chawl,Vakola Bridge,Datta Mandir Road, Santacruz East,Mumbai,Maharashtra-400055
  7326. score SKYNET_IN 1.5
  7327.  
  7328.  
  7329.  
  7330. #
  7331. # added 2007.01.21 by [yoh]
  7332. # modified 2007.07.04 by [yoh]
  7333. #
  7334. header ONLY1HOPDIRECT X-Spam-Relays-Untrusted =~ /^\[ ip=(\d{1,3}\.){3}\d{1,3} [^\[\]]+ \]($| \[ ip=127\.0\.0\.1 rdns=localhost helo=localhost [^\[\]]+ \]$)/
  7335.  
  7336. # added 2017.11.01 by [yoh]
  7337. #
  7338. header OL1HDRNIFTY X-Spam-Relays-Untrusted =~ /^\[ ip=(\d{1,3}\.){3}\d{1,3} [^\[\]]+ \]$/
  7339. describe OL1HDRNIFTY Untrusted pseudo header has only 1 record.
  7340. score OL1HDRNIFTY 0.5
  7341.  
  7342. meta OL1HDRNIF_PSBL OL1HDRNIFTY && RCVD_IN_PSBL
  7343. score OL1HDRNIF_PSBL 3.0
  7344. meta OL1HDRNIF_SPAMCOP OL1HDRNIFTY && RCVD_IN_BL_SPAMCOP_NET
  7345. score OL1HDRNIF_SPAMCOP 3.0
  7346. meta OL1HDRNIF_BRBL OL1HDRNIFTY && RCVD_IN_BRBL_LASTEXT
  7347. score OL1HDRNIF_BRBL 3.0
  7348. meta OL1HDRNIF_CBL OL1HDRNIFTY && RCVD_IN_CBL
  7349. score OL1HDRNIF_CBL 3.0
  7350. meta OL1HDRNIF_MSPIKE OL1HDRNIFTY && ( RCVD_IN_MSPIKE_BL || RCVD_IN_MSPIKE_L5 )
  7351. score OL1HDRNIF_MSPIKE 3.0
  7352. meta OL1HDRNIF_PBL OL1HDRNIFTY && RCVD_IN_PBL
  7353. score OL1HDRNIF_PBL 3.0
  7354. meta OL1HDRNIF_XBL OL1HDRNIFTY && RCVD_IN_XBL
  7355. score OL1HDRNIF_XBL 3.0
  7356. meta OL1HDRNIF_SBL_CSS OL1HDRNIFTY && RCVD_IN_SBL_CSS
  7357. score OL1HDRNIF_SBL_CSS 3.0
  7358. meta OL1HDRNIF_SORBS_DUL OL1HDRNIFTY && RCVD_IN_SORBS_DUL
  7359. score OL1HDRNIF_SORBS_DUL 3.0
  7360.  
  7361.  
  7362.  
  7363.  
  7364. # 1st BY is same 2nd HELO
  7365. # added 2007.07.08 by [yoh]
  7366. #
  7367. header SAMEHELOBY2HOP X-Spam-Relays-Untrusted =~ /^\[ ip=(?:\d{1,3}\.){3}\d{1,3} rdns=[^\[\] ]* helo=([^\[\] ]+) by=(?:[^ ]+) [^\[\]]+ \] \[ ip=(?:\d{1,3}\.){3}\d{1,3} rdns=[^\[\] ]* helo=[a-z]{3,} by=\1 [^\[\]]+ \]/
  7368.  
  7369. mimeheader MIMEPDF Content-Type =~ /application\/pdf.+name=\".+\.pdf\"/
  7370. score MIMEPDF 0.1
  7371.  
  7372. meta PDFSPAM SAMEHELOBY2HOP && MIMEPDF && (ARIN || RIPE_NCC || LACNIC || AFRINIC || ___KOREATAIWANCHINA )
  7373. score PDFSPAM 3.5
  7374.  
  7375.  
  7376. # added 2007.08.02 by [yoh]
  7377. # modified 2007.08.18 by [yoh]
  7378. #
  7379. full NULLTXTPDF /(\n(?:-{12,}0\d{22,}|--={19,}_\d{6,}==_|-{12,}[0-9A-F]{16,})\n)Content-Type: text\/plain; charset=\"{0,1}[\w-]{5,}\"{0,1}(?:; format=flowed){0,1}(?:\nContent-Transfer-Encoding: 7bit){0,1}\n{2,}\1Content-Type: application\/(?:pdf|octet-stream);(?:\n| name=\")/
  7380.  
  7381.  
  7382. meta NULLPDF_DCN (NULLTXTPDF || HTMLPDF) && ___DCN
  7383. score NULLPDF_DCN 3.5
  7384.  
  7385.  
  7386. # added 2008.01.02 by [yoh]
  7387. # modified 2008.02.10 by [yoh]
  7388. #
  7389. full NULLTXTGIF /\nContent-Type: multipart\/mixed;\n boundary=\"(----=_NextPart_000_000[6E]_0[0-9A-F]{7}\.[0-9A-F]{8}|----------[0-9A-F]{16})\"\n(?:.+\n)+\n(?:.+\n\n){0,1}--\1\nContent-Type: text\/plain;(| charset=.+)\n(?:.+\n){0,3}Content-Transfer-Encoding: 7bit\n{2,}--\1\nContent-Type: image\/gif;/
  7390.  
  7391.  
  7392. meta NULLGIF_OTHER NULLTXTGIF && (ARIN || RIPE_NCC || LACNIC || AFRINIC || ___KOREATAIWANCHINA )
  7393. score NULLGIF_OTHER 3.5
  7394. meta NULLGIF_CBL NULLTXTGIF && RCVD_IN_CBL
  7395. score NULLGIF_CBL 3.5
  7396. meta NULLGIF_SPAMCOP NULLTXTGIF && RCVD_IN_BL_SPAMCOP_NET
  7397. score NULLGIF_SPAMCOP 3.5
  7398. meta NULLGIF_DSBL NULLTXTGIF && RCVD_IN_DSBL
  7399. score NULLGIF_DSBL 3.5
  7400. # meta NULLGIF_DUL NULLTXTGIF && RCVD_IN_SORBS_DUL
  7401. # score NULLGIF_DUL 3.5
  7402.  
  7403.  
  7404. # added 2008.02.01 by [yoh]
  7405. #
  7406. full NUMURLWITHWORDS /\n\n[A-Za-z]\S{0,10} (\S{1,10} ){1,}http:\/\/\d{2,3}(?:\.\d{1,3}){3}\/\n\n+$/
  7407.  
  7408. meta NUMURL_OTHER NUMURLWITHWORDS && (ARIN || RIPE_NCC || LACNIC || AFRINIC || ___KOREATAIWANCHINA )
  7409. score NUMURL_OTHER 3.5
  7410. meta NUMURL_CBL NUMURLWITHWORDS && RCVD_IN_CBL
  7411. score NUMURL_CBL 3.5
  7412. meta NUMURL_SPAMCOP NUMURLWITHWORDS && RCVD_IN_BL_SPAMCOP_NET
  7413. score NUMURL_SPAMCOP 3.5
  7414. meta NUMURL_DSBL NUMURLWITHWORDS && RCVD_IN_DSBL
  7415. score NUMURL_DSBL 3.5
  7416. # meta NUMURL_DUL NUMURLWITHWORDS && RCVD_IN_SORBS_DUL
  7417. # score NUMURL_DUL 3.5
  7418.  
  7419. # added 2008.03.01 by [yoh]
  7420. #
  7421. full LONGCHARHTTP /\nContent-Type: text\/plain;\n(?:.+\n)+\n[A-Z][a-z]{2,}[A-Za-z]{15,}\nhttp:\/\/[a-z.]+[a-z]\n{1,}$/
  7422. meta L_C_HTTP_OTHER LONGCHARHTTP && (ARIN || RIPE_NCC || LACNIC || AFRINIC || ___KOREATAIWANCHINA )
  7423. score L_C_HTTP_OTHER 3.5
  7424. meta L_C_HTTP_CBL LONGCHARHTTP && RCVD_IN_CBL
  7425. score L_C_HTTP_CBL 3.5
  7426. meta L_C_HTTP_SPAMCOP LONGCHARHTTP && RCVD_IN_BL_SPAMCOP_NET
  7427. score L_C_HTTP_SPAMCOP 3.5
  7428. meta L_C_HTTP_DSBL LONGCHARHTTP && RCVD_IN_DSBL
  7429. score L_C_HTTP_DSBL 3.5
  7430. # meta L_C_HTTP_DUL LONGCHARHTTP && RCVD_IN_SORBS_DUL
  7431. # score L_C_HTTP_DUL 3.5
  7432.  
  7433. # added 2008.03.03 by [yoh]
  7434. #
  7435. full CHATGIRL /\nContent-Type: text\/plain;\n(?:.+\n)+\nHello\! I am .+ I am .+ that would like to chat with you\. Email me at [A-Z][a-z]+@[A-Za-z.]+ only/
  7436. meta C_G_OTHER CHATGIRL && (ARIN || RIPE_NCC || LACNIC || AFRINIC || ___KOREATAIWANCHINA )
  7437. score C_G_OTHER 3.5
  7438. meta C_G_CBL CHATGIRL && RCVD_IN_CBL
  7439. score C_G_CBL 3.5
  7440. meta C_G_SPAMCOP CHATGIRL && RCVD_IN_BL_SPAMCOP_NET
  7441. score C_G_SPAMCOP 3.5
  7442. meta C_G_DSBL CHATGIRL && RCVD_IN_DSBL
  7443. score C_G_DSBL 3.5
  7444. # meta C_G_DUL CHATGIRL && RCVD_IN_SORBS_DUL
  7445. # score C_G_DUL 3.5
  7446.  
  7447. meta C_G_PBL CHATGIRL && RCVD_IN_PBL
  7448. score C_G_PBL 3.5
  7449. meta C_G_DCN CHATGIRL && ___DCN
  7450. score C_G_DCN 3.5
  7451.  
  7452.  
  7453. # added 2008.11.29 by [yoh]
  7454. # MultiPart/ALTernative but, Shift_JIS Quoted-Printable ONLY
  7455. #
  7456. full MPALTSJISQPONLY /\nContent-Type: multipart\/alternative;\n\tboundary=\"(--=.+(?:[a-zA-Z0-9]|=_)|--[0-9]{14,}|--)\"\n(?:.+\n){2,}\n--\1\nContent-Type: text\/plain;(?: charset=\"shift_jis\"){0,1}\nContent-Transfer-Encoding: quoted-printable\n\n(?:(?!\n--\1\n).+\n|\n){2,}--\1--\n/
  7457.  
  7458. meta M_A_S_Q_O_OTHER MPALTSJISQPONLY && (ARIN || RIPE_NCC || LACNIC || AFRINIC || ___KOREATAIWANCHINA )
  7459. score M_A_S_Q_O_OTHER 3.5
  7460. meta M_A_S_Q_O_PBL MPALTSJISQPONLY && RCVD_IN_PBL
  7461. score M_A_S_Q_O_PBL 3.5
  7462. meta M_A_S_Q_O_XBL MPALTSJISQPONLY && RCVD_IN_XBL
  7463. score M_A_S_Q_O_XBL 3.5
  7464. meta M_A_S_Q_O_CBL MPALTSJISQPONLY && RCVD_IN_CBL
  7465. score M_A_S_Q_O_CBL 3.5
  7466. meta M_A_S_Q_O_BLACK MPALTSJISQPONLY && URIBL_BLACK
  7467. score M_A_S_Q_O_BLACK 3.5
  7468. meta M_A_S_Q_O_COP MPALTSJISQPONLY && RCVD_IN_BL_SPAMCOP_NET
  7469. score M_A_S_Q_O_COP 3.5
  7470. meta M_A_S_Q_O_DCN MPALTSJISQPONLY && ___DCN
  7471. score M_A_S_Q_O_DCN 3.5
  7472.  
  7473.  
  7474. # added 2010.06.26 by [yoh]
  7475. full RTFONLY /\nContent-Type: application\/octet-stream; name=\"[a-z]+\.rtf\"\nContent-Transfer-Encoding: base64\n(?:.+\n){0,}\n[A-Za-z0-9]{69,}\n/
  7476. meta RTFOLDCN RTFONLY && ___DCN
  7477. score RTFOLDCN 3.5
  7478. meta DYN_RTFOL RTFONLY && ___DYNAMICIP
  7479. score DYN_RTFOL 3.5
  7480.  
  7481.  
  7482. # added 2007.08.11 by [yoh]
  7483. #
  7484. full HTMLPDF /(-{6}=_NextPart_000_00[0-9A-F]{2}_[0-9A-F]{8}\.[0-9A-F]{8})\nContent-Type: multipart\/alternative;\n.boundary=\"(----=_NextPart_001_00[0-9A-F]{2}_[0-9A-F]{8}\.[0-9A-F]{8})\"\n\n\n--\2\nContent-Type: text\/plain;\n.charset=\"{0,1}[\w-]{5,}\"{0,1}\nContent-Transfer-Encoding: quoted-printable\n\n\n--\2\nContent-Type: text\/html;\n.charset=\"{0,1}[\w-]{5,}\"{0,1}\nContent-Transfer-Encoding: quoted-printable\n\n(?:.+\n){5}<STYLE><\/STYLE>\n.+\n.+\n<DIV><FONT face=3DArial size=3D2><\/FONT>&nbsp;<\/DIV><\/BODY><\/HTML>\n\n--\2--\n\n\1\nContent-Type: application\/(?:pdf|octet-stream);/
  7485.  
  7486.  
  7487. # added 2014.09.28 by [yoh]
  7488. # modified 2014.10.05 by [yoh]
  7489. #
  7490. #full SJIS7BIT /\nContent-Transfer-Encoding: 7bit\nContent-Type: text\/plain; charset=Shift_JIS\n\n/
  7491. full SJIS7BIT /\n(?:Content-Transfer-Encoding: 7bit\nContent-Type: text\/plain; charset=Shift_JIS|Content-Type: text\/plain; charset=Shift_JIS\nContent-Transfer-Encoding: 7bit)\n\n/
  7492. score SJIS7BIT 10
  7493.  
  7494. # added 2014.10.02 by [yoh]
  7495. #
  7496. header __SHIFT_JIS3 Content-Type =~ /^text\/plain; charset=Shift_JIS$/i
  7497. header __CONT7BIT Content-Transfer-Encoding =~ /^7bit$/i
  7498. meta SJIS7BITHDR __SHIFT_JIS3 && __CONT7BIT
  7499. score SJIS7BITHDR 10
  7500.  
  7501. meta DYN_7BITSJIS ___DYNAMICIP && ( SJIS7BIT || SJIS7BITHDR )
  7502. score DYN_7BITSJIS 15
  7503.  
  7504.  
  7505. # added 2016.01.27 by [yoh]
  7506. #
  7507. # full SENDMULTITIME /!\nI.+ing .*to you.+ already .+ time\./
  7508. full SENDMULTITIME /\n[GH].{4,14}!\nI.+ing .*to you.+ already .+ time\./
  7509. score SENDMULTITIME 3.5
  7510.  
  7511. meta NOTCONTMULTI SENDMULTITIME && NOTINCONTENTTYPE
  7512. score NOTCONTMULTI 7
  7513.  
  7514.  
  7515. # added 2011.09.26 by [yoh]
  7516. #
  7517. full __SAME_RCVD_MSGID /\nReceived: from ([a-z0-9]{6,}) \(.+\n(?:.+\n){1,}Message-ID: <[0-9A-F]{30,}\@\1>/
  7518. meta SAME_RV_ID_JPSCAMURI JPSCAMURI && __SAME_RCVD_MSGID
  7519. score SAME_RV_ID_JPSCAMURI 3.5
  7520. meta SAME_RV_ID_JPSCAMTEL JPSCAMTEL && __SAME_RCVD_MSGID
  7521. score SAME_RV_ID_JPSCAMTEL 3.5
  7522.  
  7523.  
  7524. # added 2016.07.17 by [yoh]
  7525. #
  7526. full MAILTOVIRUS /\nTo: ([a-z0-9_-]{2,})@.+\n(?:.+\n|\n){1,}.+name=\"(?:.+\1|.+\1.+|\1.+)\.zip\"/
  7527. score MAILTOVIRUS 3.5
  7528. # full SUBJECTVIRUS /\nSubject: .{0,}([A-F0-9]{8,20})\n(?:.+\n|\n){1,}.+name=\"{0,1}\1\.docm/
  7529. full SUBJECTVIRUS /\nSubject: ([a-zA-F0-9]{8,20})\n(?:.+\n|\n){1,}.+name=\"{0,1}\1\.docm/
  7530. score SUBJECTVIRUS 3.5
  7531.  
  7532. # added 2016.08.05 by [yoh]
  7533. # modified 2016.08.08 by [yoh]
  7534. # modified 2016.08.09 by [yoh]
  7535. # modified 2016.09.21 by [yoh]
  7536. #
  7537. # full SUBJECT2VIRUS /\nSubject: [A-Za-z]+: ([a-zA-Z0-9]{3,20}\([0-9]+\)(?:\.[a-zA-Z]+){0,1})\n(?:.+\n|\n){1,}.+name=\"{0,1}\1\.zip/
  7538. full SUBJECT2VIRUS /\nSubject: [A-Za-z]+: +([a-zA-Z0-9]{3,20}\([0-9]+\)(?:\.[a-zA-Z]+){0,1}|[_0-9]+)\n(?:.+\n|\n){1,}.+name=\"{0,1} {0,5}\1\.zip/
  7539.  
  7540. # added 2016.09.28 by [yoh]
  7541. full SUBJECT3VIRUS /\nSubject: ([a-zA-Z0-9 ]{3,20}[0-9]+)\n(?:.+\n|\n){1,}.+name=\"{0,1}\1\.zip/
  7542.  
  7543.  
  7544.  
  7545. # added 2016.07.27 by [yoh]
  7546. #
  7547. full XFWDVIRUS /\nX-Forward: [a-f0-9]{8,70}\n(?:.+\n|\n){1,}.+name=\"[a-f0-9]{8,50}\.zip\"/
  7548. score XFWDVIRUS 3.5
  7549.  
  7550. # added 2016.08.03 by [yoh]
  7551. # modified 2016.09.15 by [yoh]
  7552. # modified 2016.11.08 by [yoh]
  7553. #
  7554. full CTRLTVIRUS /\nContent-Type: multipart\/related;(?:.+\n|\n){1,}.+name=\"[A-Za-z0-9_-]{4,50}\.zip\"/
  7555.  
  7556. # added 2016.09.28 by [yoh]
  7557. # full CTMXVIRUS /\nContent-(?:T|t)ype: multipart\/mixed;(?:.+){0,1}\n(?:.+\n|\n){1,}.+name=(?:\"(?:(?:[a-z_]{5,50}[a-f0-9]{4,50}|2[0-9]{12,}|[A-Za-z0-9_-]{12,})\.(?:zip|xls)|[A-Za-z0-9_ -\.]{4,}\.(?:rar|zip|ZIP|xls|XLS|docm))\"|[A-Za-z0-9_ -]{10,}\.(?:xls|doc|zip))/
  7558. full CTMXVIRUS /\nContent-[Tt]ype: multipart\/mixed;(?:.+){0,1}\n(?:.+\n|\n){1,}.+name=\"{0,1}[A-Za-z0-9_ -\.@~]{4,}\.(?:rar|zip|ZIP|xls|XLS|doc[mx]{0,1}|7z|pdf{0,1})\"{0,1}/
  7559.  
  7560.  
  7561. # added 2016.10.03 by [yoh]
  7562. # modified 2017.04.04 by [yoh]
  7563. # reference: http://perldoc.jp/docs/perl/5.20.1/perlreref.pod
  7564. # http://qiita.com/key-amb/items/1a9d67740324b39b7aaa
  7565. full ONLYZIPVIRUS /\nReceived: .+\n(?:.+\n){1,}Content-Type: application\/zip; name=\"[A-Za-z0-9_-]{2,}\.zip\"\n(?:.+\n){1,}\n[\x21-\x7e]{60,}/
  7566.  
  7567.  
  7568. meta FOREIGN_VR (RIPE_NCC || LACNIC || AFRINIC) && ( MAILTOVIRUS || SUBJECTVIRUS || XFWDVIRUS || CTRLTVIRUS || CTMXVIRUS || SUBJECT2VIRUS || SUBJECT3VIRUS || ONLYZIPVIRUS)
  7569. score FOREIGN_VR 10
  7570.  
  7571. meta BL_VR ( RCVD_IN_BL_SPAMCOP_NET || RCVD_IN_BRBL_LASTEXT || RCVD_IN_CBL || RCVD_IN_MSPIKE_BL || RCVD_IN_MSPIKE_L5 || RCVD_IN_PBL || RCVD_IN_PSBL || RCVD_IN_SORBS_WEB || RCVD_IN_XBL ) && ( MAILTOVIRUS || SUBJECTVIRUS || XFWDVIRUS || CTRLTVIRUS || CTMXVIRUS || SUBJECT2VIRUS || SUBJECT3VIRUS || ONLYZIPVIRUS)
  7572. score BL_VR 13
  7573.  
  7574.  
  7575. # 2018.05.15 by [yoh]
  7576. meta __ISOJP_RLA ISO2022JP_BODY && (RIPE_NCC || LACNIC || AFRINIC)
  7577. meta IJR_BRBL __ISOJP_RLA && RCVD_IN_BRBL_LASTEXT
  7578. score IJR_BRBL 0.5
  7579. meta IJR_CBL __ISOJP_RLA && RCVD_IN_CBL
  7580. score IJR_CBL 0.5
  7581. meta IJR_CHINA __ISOJP_RLA && RCVD_IN_CHINA
  7582. score IJR_CHINA 0.5
  7583. meta IJR_MSPBL __ISOJP_RLA && RCVD_IN_MSPIKE_BL
  7584. score IJR_MSPBL 0.5
  7585. meta IJR_MSPZB __ISOJP_RLA && RCVD_IN_MSPIKE_ZBI
  7586. score IJR_MSPZB 0.5
  7587. meta IJR_PBL __ISOJP_RLA && RCVD_IN_PBL
  7588. score IJR_PBL 0.5
  7589. meta IJR_XBL __ISOJP_RLA && RCVD_IN_XBL
  7590. score IJR_XBL 0.5
  7591.  
  7592. # http://www.wareportal.co.jp/support/faq/mdaemon-faq/2380
  7593. # 2018.05.15 by [yoh]
  7594. score TVD_SPACE_ENCODED 0.5
  7595. score TVD_SPACE_RATIO_MINFP 0.5
  7596.  
  7597.  
  7598. # ToDo: renew regex pattern by below:
  7599. # http://bgp.potaroo.net/ipv4/
  7600. # 2006.04.11 by [yoh]
  7601.  
  7602. # http://www.iana.org/assignments/ipv4-address-space
  7603.  
  7604. # 109\.(?:65|8[23]|197)|
  7605. # 31\.(?:2[38]|[34]\d|5[0-5]|6[34]|128|13[034]|140|16[267]|17[0145]|18[0146]|222)|
  7606.  
  7607. replace_tag RIPE_NCC_IPS (?:(?:[25]|3[17]|46|62|7[789]|8\d|9[0-5]|109|14[16]|151|17[68]|188|19[345]|21[237])(?:\.\d{1,3}){3}|(?:5\.(?:[19]|10|2[28]|3[49]|4[347]|52|77|10[29]|119|13[58]|14[67]|15[23]|16[4-7]|17[35]|187|201)|79\.127|93\.2(?:2[4-9]|3\d)|95\.(?:2[4-9]|3[01]|5[2-5])|62\.122|91\.228|128\.(?:6[589]|7[0145]|140)|130\.(?:0|43|193|204|239|255)|131\.117|134\.(?:[03]|17|90|146|249|255)|136\.169|137\.101|138\.188|139\.141|143\.225|144\.(?:64|122)|145\.25[345]|146\.(?:83|185|19[1-4]|247|25[15])|147\.(?:91|243)|149\.(?:[03]|62|91|14[07]|154|172|255)|150\.(?:134|140|254)|156\.17|158\.(?:64|181|255)|159\.(?:0|20|134|14[6-9]|213|224|255)|161\.(?:53|116)|168\.187|171\.25|176\.(?:[89]|2[67]|1[24-9]|28|3[01246]|4[45]|5[0-79]|6[0257]|8[0-389]|9[67]|10[0-469]|11[0135-8]|124|19[2-689]|20[09]|21[2346-9]|22[1256]|23[6-9]|241|254)|185\.(?:\d|10)|188\.(?:4[89]|5[0-5])|192\.1(?:1[3-8]|6[26])|196\.206)(?:\.\d{1,3}){2})
  7608. header RIPE_NCC X-Spam-Relays-Untrusted =~ /^\[ ip=<RIPE_NCC_IPS> /
  7609. describe RIPE_NCC Mail from RIPE NCC area (Russia, Italy, Spain...)
  7610. score RIPE_NCC 0.1
  7611.  
  7612. meta SJIS_RIPE_NCC SJIS_C && RIPE_NCC
  7613. describe SJIS_RIPE_NCC SHIFT_JIS mail from RIPE_NCC area
  7614. score SJIS_RIPE_NCC 5.5
  7615.  
  7616. header ONLY1HOPDIRECTRIPE X-Spam-Relays-Untrusted =~ /^\[ ip=<RIPE_NCC_IPS> [^\[\]]+ \]$/
  7617.  
  7618. # 96.12.0.0 - 96.15.255.255
  7619. # replace_tag ARIN_IPS (?:(?:8|12|24|38|6[3-9]|7[0-6]|9[689]|1(?:6[45]|73|99)|20[4-9]|216)(?:\.\d{1,3}){3}|96\.1[2-5](?:\.\d{1,3}){2}|98\.10[4-7](?:\.\d{1,3}){2}|128\.(?:[1-689]|1[0-5789]|2\d|3[0-8]|4[2346-9]|5\d|6[0-4]|8[0-589]|9[0124-79]|1(?:[01]\d|2[0-35-9]|3[235-8]|4[3-9]|[56]\d|7[0-57]|8[0-35-9]|9[0-8])|2(?:0[235-9]|1[0-35-9]|2\d|3[0135-9]|4[1245789]|5[1-5]))(?:\.\d{1,3}){2}|140\.99(?:\.\d{1,3}){2}|146\.(?:[15-9]|1[02-8]|2[02-9]|3\d|4[0-79]|5[34578]|6[13589]|7[134689]|8[245689]|9[1-689]|1(?:1[1345]|2[1235-9]|3[0125789]|4[235-9]|5[0-467]|6[035-8]|7[04]|8[0134679]|9[0789])|2(?:0\d|1[4578]|2[2359]|3[35-9]|4[0-6]|5[02]))(?:\.\d{1,3}){2}|152\.(?:[1-9]|[2-5]\d|6[0-57-9]|7[0259]|8[02567]|97|100|11[3679]|12\d|13[0-35-8]|14[0124568]|15[145789]|16[0-5]|17[6-9]|1[89]\d|20[89]|21\d|22[0-5789])(?:\.\d{1,3}){2}|161\.159(?:\.\d{1,3}){2}|166\.82(?:\.\d{1,3}){2}|169\.227(?:\.\d{1,3}){2}|173\.(?:1[6-9]|2\d|3[01])(?:\.\d{1,3}){2}|174\.(?:3[6-9]|4[0-3]|13[459])(?:\.\d{1,3}){2}|184\.7[6-9](?:\.\d{1,3}){2})
  7620. replace_tag ARIN_IPS (?:(?:[48]|1[28]|24|3[28]|50|6[3-9]|7[0-6]|9[689]|1(?:6[45]|73|84|9[89])|20[4-9]|216)(?:\.\d{1,3}){3}|(?:23\.(?:19|2[0-3]|9[45])|32\.106|50\.(?:[89]|1[0-5]|3[2-9]|4\d|5[0-5]|90)|74\.7|96\.1[2-5]|97\.(?:6[67]|7[6-9]|9[6-9]|10[0-7]|11[2-9]|12[0-7])|98\.10[4-7]|107\.(?:[89]|1[0-5]|17[2-5])|108\.(?:\d|[1-8]\d|9[0-5]|16[36]|170)|128\.(?:[1-689]|1[0-5789]|2\d|3[0-8]|4[2346-9]|5\d|6[0-4]|8[0-589]|9[0124-79]|1(?:[01]\d|2[0-35-9]|3[1235-8]|4[3-9]|[56]\d|7[0-57]|8[0-35-9]|9[0-8])|2(?:0[235-9]|1[0-35-9]|2\d|3[0135-9]|4[1245789]|5[1-5]))|129\.121|130\.(?:[79]4|164|179|184)|131\.1(?:[29]3)|132\.(?:204|254)|136\.1(?:59|66)|137\.(?:36|207)|138\.2(?:10|38)|139\.55|140\.(?:99|198|247)|142\.(?:4|4[5-9]|50|78|1(?:65|7[69])|204)|144\.50|146\.(?:[15-9]|1[02-8]|2[02-9]|3\d|4[0-79]|5[34578]|6[13589]|7[134689]|8[245689]|9[1-689]|1(?:1[1345]|2[1235-9]|3[0125789]|4[235-9]|5[0-467]|6[035-8]|7[04]|8[0134679]|9[0789])|2(?:0\d|1[4578]|2[2359]|3[35-9]|4[0-6]|5[02]))|147\.255|148\.(?:6[2-9]|7[0-8])|149\.(?:62|75|168|172)|150\.199|152\.(?:[1-9]|[2-5]\d|6[0-57-9]|7[0259]|8[02567]|97|100|11[3679]|12\d|13[0-35-8]|14[0124568]|15[145789]|16[0-5]|17[6-9]|1[89]\d|20[89]|21\d|22[0-5789])|153\.125|155\.2(?:12|29)|158\.142|160\.7|161\.1(?:59|62)|162\.(?:39|40)|163\.178|166\.(?:70|8[24]|12[89]|1[3-9]\d|2\d\d)|168\.(?:[789]|1[01]|103|158|216)|169\.2(?:04|27)|170\.(?:24|201)|173\.(?:1[6-9]|2\d|3[01])|174\.(?:[0-7]|1[6-9]|2\d|3[01346-9]|4[0-3]|6[4-9]|7\d|12[0-6]|13[023479]|14[0-3])|184\.7[6-9]|192\.84|206\.(?:196|214))(?:\.\d{1,3}){2}|45\.56\.(?:\d|\d\d|1\d\d|2[01]\d|22[0-4])\.\d{1,3})
  7621. header ARIN X-Spam-Relays-Untrusted =~ /^\[ ip=<ARIN_IPS> /
  7622. describe ARIN Mail from ARIN area (USA)
  7623. score ARIN 0.1
  7624.  
  7625. meta SJIS_ARIN SJIS_C && ARIN
  7626. describe SJIS_ARIN SHIFT_JIS mail from ARIN area
  7627. score SJIS_ARIN 1.0
  7628.  
  7629. header ONLY1HOPDIRECTARIN X-Spam-Relays-Untrusted =~ /^\[ ip=<ARIN_IPS> [^\[\]]+ \]$/
  7630.  
  7631.  
  7632. # 148.201.0.0 - 148.250.255.255
  7633. replace_tag LACNIC_IPS (?:(?:18[1679]|1(?:7[79]|90)|20[01])(?:\.\d{1,3}){3}|(?:131\.0|132\.(?:24[78]|254)|138\.(?:12[12]|255)|143\.10[678]|148\.2(?:[0-4]\d|50)|150\.165|157\.253|163\.178|167\.58|168\.2(?:05|26|34|43|2[6-8])|170\.(?:0|51)|177\.26|191\.102)(?:\.\d{1,3}){2})
  7634. header LACNIC X-Spam-Relays-Untrusted =~ /\[ ip=<LACNIC_IPS> /
  7635. describe LACNIC Mail from LACNIC area (Brazil, Mexico, Uruguay, Argentina...)
  7636. score LACNIC 0.1
  7637.  
  7638. meta SJIS_LACNIC SJIS_C && LACNIC
  7639. describe SJIS_LACNIC SHIFT_JIS mail from LACNIC area
  7640. score SJIS_LACNIC 5.5
  7641.  
  7642. header ONLY1HOPDIRECTLACNIC X-Spam-Relays-Untrusted =~ /^\[ ip=<LACNIC_IPS> [^\[\]]+ \]$/
  7643.  
  7644. # 165.3.0.0 - 165.5.255.255
  7645. # 165.8.0.0 - 165.11.255.255
  7646. # 165.25.0.0 - 165.25.255.255
  7647. # 165.143.0.0 - 165.149.255.255
  7648. # 165.165.0.0 - 165.165.255.255
  7649. # 165.180.0.0 - 165.180.255.255
  7650. # 165.233.0.0 - 165.233.255.255
  7651. # 196.208.0.0 - 196.211.255.255
  7652. # replace_tag AFRINIC_IPS (?:(?:41|196)(?:\.[0-9]{1,3}){3}|(?:165\.(?:[3-589]|1[01]|25|14[3-9]|165|180|233)|196\.2(?:0[89]|1[01]))(?:\.[0-9]{1,3}){2}|202\.123\.(?:\d|[12]\d|3[01])\.\d{1,3})
  7653. replace_tag AFRINIC_IPS (?:(?:41|10[25]|19[67])(?:\.\d{1,3}){3}|(?:147\.110|165\.(?:[3-589]|1[01]|25|14[3-9]|165|180|233)|168\.167|196\.2(?:0[89]|1[01]))(?:\.\d{1,3}){2}|202\.123\.(?:\d|[12]\d|3[01])\.\d{1,3})
  7654. # replace_tag AFRINIC_IPS 41(?:\.\d{1,3}){3}
  7655. header AFRINIC X-Spam-Relays-Untrusted =~ /^\[ ip=<AFRINIC_IPS> /
  7656. score AFRINIC 0.1
  7657.  
  7658. meta SJIS_AFRINIC SJIS_C && AFRINIC
  7659. score SJIS_AFRINIC 5.5
  7660.  
  7661. header ONLY1HOPDIRECTAFRINIC X-Spam-Relays-Untrusted =~ /^\[ ip=<AFRINIC_IPS> [^\[\]]+ \]$/
  7662.  
  7663.  
  7664. meta ONLY1DCN (ONLY1HOPDIRECTRIPE || ONLY1HOPDIRECTARIN || ONLY1HOPDIRECTLACNIC || ONLY1HOPDIRECTAFRINIC) && ___DCN
  7665. score ONLY1DCN 3.0
  7666.  
  7667.  
  7668. meta RIPE_PYZOR PYZOR_CHECK && RIPE_NCC
  7669. score RIPE_PYZOR 3.5
  7670. meta ARIN_PYZOR PYZOR_CHECK && ARIN
  7671. score ARIN_PYZOR 3.5
  7672. meta LACNIC_PYZOR PYZOR_CHECK && LACNIC
  7673. score LACNIC_PYZOR 3.5
  7674. meta AFRINIC_PYZOR PYZOR_CHECK && AFRINIC
  7675. score AFRINIC_PYZOR 3.5
  7676.  
  7677. meta RIPE_RAZOR (RAZOR2_CF_RANGE_51_100 || RAZOR2_CHECK) && RIPE_NCC
  7678. score RIPE_RAZOR 3.5
  7679. meta ARIN_RAZOR (RAZOR2_CF_RANGE_51_100 || RAZOR2_CHECK) && ARIN
  7680. score ARIN_RAZOR 3.5
  7681. meta LACNIC_RAZOR (RAZOR2_CF_RANGE_51_100 || RAZOR2_CHECK) && LACNIC
  7682. score LACNIC_RAZOR 3.5
  7683. meta AFRINIC_RAZOR (RAZOR2_CF_RANGE_51_100 || RAZOR2_CHECK) && AFRINIC
  7684. score AFRINIC_RAZOR 3.5
  7685.  
  7686.  
  7687. # added 2010.12.18 by [yoh]
  7688. header BUGGYRECIEVED X-Spam-Relays-Untrusted =~ /^\[ ip=EHLO /
  7689. score BUGGYRECIEVED 3.5
  7690.  
  7691.  
  7692. # 220.144.0.0 - 220.144.255.255
  7693. header BIGLOBE X-Spam-Relays-Untrusted =~ /(ip=220\.144(?:\.\d{1,3}){2}|rdns=FL[AH]1A[a-z]{2,2}[0-9]{3,3}\.[a-z]{3,3}\.mesh\.ad\.jp) .+ ident= envfrom= intl=0 [^\[\]]+auth= /
  7694. describe BIGLOBE BIGLOBE
  7695. score BIGLOBE 0.1
  7696.  
  7697.  
  7698. # DION (KDDI CORPORATION)
  7699. # 219.108.16.0 - 219.108.255.255
  7700. # 59.128.0.0 - 59.140.255.255
  7701. # 218.222.0.0 - 218.222.255.255
  7702. # 222.0.0.0 - 222.15.255.255
  7703. #
  7704. # 59\.1(2[89]|3[0-9]|40)
  7705. # 218\.222
  7706. # 222\.([0-9]|1[0-5])
  7707. #
  7708. # (59\.1(2[89]|3[0-9]|40)|218\.222|222\.([0-9]|1[0-5]))(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2,2}
  7709. #
  7710. # 219\.108\.(1[6-9]|[2-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])
  7711. #
  7712. #
  7713. header DION X-Spam-Relays-Untrusted =~ /(ip=((59\.1(2[89]|3[0-9]|40)|218\.222|222\.([0-9]|1[0-5]))(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2,2}|219\.108\.(?:1[6-9]|[2-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]))|rdns=([A-Z]{2,2}[0-9]{6,6}\.ppp|[a-zA-Z]{1,2}[0-9]{12,14}\.(ec-){0,1}userreverse)\.dion\.ne\.jp) .+ ident= envfrom= intl=0 [^\[\]]+auth= /
  7714. describe DION DION Dialup
  7715. score DION 0.1
  7716.  
  7717. # 61.116.0.0-61.116.255.255
  7718. # 211.131.0.0-211.131.255.255
  7719. header ODN X-Spam-Relays-Untrusted =~ /(ip=((61\.116|211\.131|218\.218|219\.66)(?:\.\d{1,3}){2}|61\.209\.([4-9]|[1-9]\d|1[0-8]\d|190)\.\d{1,3}|210\.231\.(\d|[1-8]\d)\.\d{1,3}|211\.121\.(\d|[1-9]\d|1[01]\d|12[0-7])\.\d{1,3})|rdns=[A-Za-z0-9-]+\.ppp\d{2,2}\.odn\.ad\.jp) [^\[\]]+ ident= envfrom= intl=0 [^\[\]]+auth= /
  7720. describe ODN ODN Dialup
  7721. score ODN 0.1
  7722.  
  7723.  
  7724. # 219.0.0.0 - 219.63.255.255
  7725. # 220.0.0.0 - 220.63.255.255
  7726. # (219|220)\.
  7727. # (0-9|[1-5][0-9]|6[0-3])
  7728. # (\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2,2}
  7729. # 219.168.0.0 - 219.215.255.255
  7730. # 219\.
  7731. # (16[89]|1[7-9][0-9]|20[0-9]|21[0-5])
  7732. # (\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2,2}
  7733. # 218.112.0.0 - 218.143.255.255
  7734. # 218\.
  7735. # (11[2-9]|1[23][0-9]|14[0-3])
  7736. # (\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2,2}
  7737. # 221.16.0.0 - 221.111.255.255
  7738. # 221\.
  7739. # (1[6-9]|[2-9][0-9]|10[0-9]|11[01])
  7740. # (\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2,2}
  7741. # 126.0.0.0 - 126.255.255.255
  7742. # 126
  7743. # (\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){3,3}
  7744.  
  7745. header BBTEC X-Spam-Relays-Untrusted =~ /ip=((221\.(?:1[6-9]|[2-9]\d|10\d|11[01])|(219|220)\.(\d|[1-5]\d|6[0-3])|219\.(?:16[89]|1[7-9]\d|20\d|21[0-5])|218\.(?:11[2-9]|1[23]\d|14[0-3]|17[6-9]|18[0-3]))(?:\.\d{1,3}){2}|126(\.(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])){3}) [^\[\]]+ident= envfrom= intl=0 [^\[\]]+auth= /
  7746. describe BBTEC YahooBB bbtec.net
  7747. score BBTEC 0.1
  7748.  
  7749. # 221.240.0.0 - 221.255.255.255
  7750. header USENISP Received =~ /from.+221\.(24[0-9]|25[0-5])(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2,2}/
  7751. describe USENISP U's Communications Corp.
  7752. score USENISP 0.1
  7753.  
  7754. header DORPHIN X-Spam-Relays-Untrusted =~ /(ip=211\.132\.(?:1[6-9]|2\d|3[01])\.\d{1,3}|rdns=[a-z]{3}[0-9]{2}-[0-9]{4}\.din\.or\.jp) [^\[\]]+ ident= envfrom= intl=0 [^\[\]]+auth= /
  7755. describe DORPHIN DOLPHIN INTERNATIONAL INC. (din.or.jp)
  7756. score DORPHIN 0.1
  7757.  
  7758. header WILLCOM X-Spam-Relays-Untrusted =~ /rdns=P\d{12}\.ppp\.prin\.ne\.jp .+ ident= envfrom= intl=0 [^\[\]]+auth= /
  7759. describe WILLCOM WILLCOM,Inc.
  7760. score WILLCOM 0.1
  7761.  
  7762.  
  7763.  
  7764. header JPHANDPHONE From =~ /\@(ezweb|docomo|[a-z]\.vodafone|softbank)\.ne\.jp/
  7765. describe JPHANDPHONE Mail from KEITAI
  7766. score JPHANDPHONE 0.1
  7767.  
  7768.  
  7769. header MSGIDLOCALMTA Message-ID =~/\@localhost\.localdomain/
  7770. describe MSGIDLOCALMTA seems to be sent from local MTA with dynamic IP
  7771. score MSGIDLOCALMTA 0.1
  7772. meta KEITAILOCALMTA JPHANDPHONE && MSGIDLOCALMTA
  7773. describe KEITAILOCALMTA JPHANDPHONE && MSGIDLOCALMTA
  7774. score KEITAILOCALMTA 3.0
  7775.  
  7776.  
  7777. # added 2009.06.16 by [yoh]
  7778. meta KEITAIASIA JPHANDPHONE && ___KOREATAIWANCHINA
  7779. score KEITAIASIA 5.0
  7780.  
  7781. # added 2015.08.14 by [yoh]
  7782. meta KEITAIRIPE JPHANDPHONE && RIPE_NCC
  7783. score KEITAIRIPE 5.0
  7784.  
  7785.  
  7786. # revived 2008.01.06 by [yoh]
  7787. # revived 2008.08.05 by [yoh]
  7788. #
  7789. header FORGEDHELOGOO X-Spam-Relays-Untrusted =~ /(helo=mx01\.mail\.goo\.n[^e]\.jp|ip=(?!210\.165\.9\.48).+ helo=mx01\.mail\.goo\.ne\.jp)/
  7790. describe FORGEDHELOGOO Forged HELO goo.nc.jp
  7791. score FORGEDHELOGOO 10.0
  7792.  
  7793. # added 2007.07.23 by [yoh]
  7794. # revived 2008.08.05 by [yoh]
  7795. #
  7796. header FORGEDHELOYAHOO X-Spam-Relays-Untrusted =~ /^\[ ip=((43\.244|61\.189|124\.17[2-5]|210.138|218\.2[45]|220\.150)(?:\.\d{1,3}){2}|(61\.115\.(\d|\d\d|1[01]\d|12[0-7])|61\.205\.23[2-9]|61\.206\.1(?:1[2-9]|2[0-7])|122\.152\.1(2[89]|[3-8]\d|9[01])|124\.41\.(\d|\d\d|1[01]\d|12[0-7])|202\.213\.(?:19[2-9]|2\d\d)|202\.238\.(6[4-9]|[789]\d|1[01]\d|12[0-7])|203.141.1(2[89]|[345]\d)|219\.103\.2(0[89]|1[0-5])|219\.111\.(\d|\d\d|1[01]\d|12[0-7])|219\.117\.(?:19[2-9]|2\d\d))\.\d{1,3}) rdns=[^\[ ]* helo=(mx(01\.mail\.goo\.n[a-z]\.jp|\d\.mail\.yahoo\.co\.jp|\d\.hotmail\.com)|gmail\.com|excite\.co\.jp|yahoo\.co\.jp|grape\.plala\.or\.jp|mgsmax\.docomo\.ne\.jp|mail\.goo\.n[a-z]\.jp|gemini\.livedoor\.com|st1\.yuan\.sc) by=[^\[ ]+ ident= envfrom= intl=0 id=[^\[\] ]* auth= \]$/
  7797. score FORGEDHELOYAHOO 10.0
  7798.  
  7799. # added 2009.10.25 by [yoh]
  7800. #
  7801. header HELOYAHOO X-Spam-Relays-Untrusted =~ /^\[ ip=\d{2,3}(?:\.\d{1,3}){3} rdns=[^\[ ]{0,} helo=(?:(?:mx\d\.mail\.){0,1}yahoo\.co\.jp|[A-Z]{2,3}-{0,1}\d{2,3}) /
  7802. score HELOYAHOO 0.1
  7803.  
  7804. meta HLYH_KTC HELOYAHOO && ___KOREATAIWANCHINA
  7805. score HLYH_KTC 3.5
  7806.  
  7807.  
  7808. header MSGID_NUMONLY Message-ID =~/^200\d{8,}$/
  7809. describe MSGID_NUMONLY Message-ID: YYYYMMDDHHMM
  7810. score MSGID_NUMONLY 10
  7811.  
  7812. meta SJISMSGIDNUMONLY MSGID_NUMONLY && SJIS_C
  7813. score SJISMSGIDNUMONLY 10
  7814.  
  7815. header MSGID_IPNUM Message-ID =~/\@(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])(?:\.\d{1,3}){3}/
  7816. describe MSGID_IPNUM Domain part of Message-ID is IP number
  7817. score MSGID_IPNUM 1.0
  7818.  
  7819. meta MSGIDIPNUM99 MSGID_IPNUM && BAYES_99
  7820. describe MSGIDIPNUM99 MSGID_IPNUM && BAYES_99
  7821. score MSGIDIPNUM99 3.5
  7822.  
  7823. header MSGID_TOOSHORT MESSAGEID =~ /^<[A-Z0-9]\[[0-9A-Z]{1,3}$/
  7824. describe MSGID_TOOSHORT Too short Message-Id: format
  7825. score MSGID_TOOSHORT 8.0
  7826.  
  7827. meta SJISMSGIDCAPS SJIS_C && MSGID_SPAM_CAPS
  7828. score SJISMSGIDCAPS 2.5
  7829.  
  7830. meta BASE64MSGIDCAPS MIME_BASE64_TEXT && MSGID_SPAM_CAPS
  7831. score BASE64MSGIDCAPS 2.5
  7832.  
  7833. meta UNPARSMSGIDCAPS UNPARSEABLE_RELAY && MSGID_SPAM_CAPS
  7834. score UNPARSMSGIDCAPS 2.5
  7835.  
  7836. meta SJISCAPSBASE64 SJISMSGIDCAPS && BASE64MSGIDCAPS
  7837. score SJISCAPSBASE64 3.5
  7838.  
  7839. meta SJISCAPSUNPARS SJISMSGIDCAPS && UNPARSMSGIDCAPS
  7840. score SJISCAPSUNPARS 3.5
  7841.  
  7842.  
  7843. # 2011.08.12 by [yoh]
  7844. header HELO_WIN X-Spam-Relays-Untrusted =~ / helo=WIN-[A-Z0-9]{11} /
  7845. score HELO_WIN 1.5
  7846.  
  7847. meta ARIN_HELO_WIN ARIN && HELO_WIN
  7848. score ARIN_HELO_WIN 3.5
  7849. meta RIPE_HELO_WIN RIPE_NCC && HELO_WIN
  7850. score RIPE_HELO_WIN 3.5
  7851. meta LACNIC_HELO_WIN LACNIC && HELO_WIN
  7852. score LACNIC_HELO_WIN 3.5
  7853. meta AFRINIC_HELO_WIN AFRINIC && HELO_WIN
  7854. score AFRINIC_HELO_WIN 3.5
  7855.  
  7856.  
  7857. header ___RCVDTOK2COM X-Spam-Relays-Untrusted =~ / helo=[0-9.]*pro\.tok2\.com /
  7858. header ___RCVDBFRTOK2 X-Spam-Relays-Untrusted =~ / ip=((58\.[01]|220\.150)(\.[0-9]{1,3}){2}|61\.192\.(?:1(2[89]|[3-9][0-9])|2([0-4][0-9]|5[0-5]))\.[0-9]{1,3}) rdns= helo=\?192\.168(\.[0-9]{1,3}){2}\? .+ ident= envfrom= intl=0 id= auth= /
  7859. header ___XAUTHUSEN X-Authentication =~ / was authenticated by .+ftth\.ucom\.ne\.jp/
  7860. meta TOK2COM ___RCVDTOK2COM && ___RCVDBFRTOK2 && ___XAUTHUSEN
  7861. describe TOK2COM mail from tok2.com
  7862. score TOK2COM 3.0
  7863.  
  7864. header TOKU_NET X-Spam-Relays-Untrusted =~ / (rdns=\w+\.(toku|prime-server)\.net|helo=\w+\.toku\.net) .+ ident= envfrom= intl=0 .+ auth= /
  7865. describe TOKU_NET www3.toku.net
  7866. score TOKU_NET 3.0
  7867.  
  7868.  
  7869. # added 2011.01.24 by [yoh]
  7870. header __BARBWIRE_IP X-Spam-Relays-Untrusted =~ /^\[ ip=(?:59\.106\.\d{1,3}|61\.211\.2(?:2[4-9]|3\d)|112\.78\.(?:11[2-9]|12[0-7]|19[2-9]|2[01]\d|22[0-3])|125\.206\.11[56]|202\.181\.(?:9[6-9]|10\d|11[01])|202\.222\.(?:1[6-9]|2\d|3[01])|210\.188\.20[0-7]|210\.224\.16[4-7]|219\.94\.(?:12[89]|1[3-9]\d|2\d\d))\.\d{1,3} /
  7871. rawbody __BARBWIRE_URL1 /http:\/\/(?:barbwire\.jpn\.org|barbwire\.co\.jp)/
  7872. rawbody __BARBWIRE_TEL /06-6337-862[02]/
  7873. meta BARBWIRE __BARBWIRE_IP && ( __BARBWIRE_URL1 || __BARBWIRE_TEL ) && ! __HAS_X_MAILER
  7874. score BARBWIRE 3.5
  7875.  
  7876. # added 2011.03.09 by [yoh]
  7877. meta DYN_ISOJP_NOXMAILER ___DYNAMICIP && ISO2022JP_BODY && ISO2022JP_CHARSET && ! __HAS_X_MAILER
  7878. score DYN_ISOJP_NOXMAILER 10
  7879.  
  7880.  
  7881. # 64.151.112.40-64.151.112.47
  7882. # 211\.133\.130\.(?:12[89]|1[3-9]\d|2[0-4]\d|25[0-5])|
  7883.  
  7884. header OTHER_FOOTSTOOL Received =~ /from .*(sdns\.at-m\.jp|211\.10\.28\.165|206\.223\.148\.30|202\.177\.19\.75|64\.151.112.4[0-7]|58\.81\.102\.109|\.298\.jp|cansystem\.net|c-mgr\.com|networksolutionsemail\.com|211\.19\.52\.(?:19|103|149|193)|61\.197\.228\.8[0-7]|60\.32\.176\.2(2[4-9]|3[01])|s135\.secure\.ne\.jp)/
  7885. describe OTHER_FOOTSTOOL temporary registering spamming sites and footstools
  7886. score OTHER_FOOTSTOOL 2.0
  7887.  
  7888.  
  7889.  
  7890. # =-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Personal rules =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
  7891. # <<< Attention! >>>
  7892. # Now, you don't need "MYMTA" setting!
  7893. # 2010.01.14 by [yoh]
  7894. #
  7895.  
  7896. replace_start <
  7897. replace_end >
  7898.  
  7899. header DIRECTYOURNET X-Spam-Relays-Untrusted =~ /^\[ ip=(?:36\.55\.(?:233\.94|237\.204)|(?:(?:43\.244|220\.(?:150|215))(?:\.\d{1,3}){2}|(?:61\.12\.(?:12[89]|1[3-9]\d|2[0-4]\d|25[0-5])|61\.44\.(?:\d|[1-9]\d|1[01]\d|12[0-7])|61\.87\.(?:\d|[1-5]\d|6[0-3])|61\.203\.1(?:6\d|7[0-5])|210\.143\.1(?:4[4-9]|5\d)|219\.112\.(?:\d|[1-9]\d|1[01]\d|12[0-7])|220\.150\.(?:[4-9]|\d\d|\d\d\d)|221\.113\.(?:6[4-9]|[7-9]\d|1[01]\d|12[0-7]))\.\d{1,3})|\d{2,3}(?:\.\d{1,3}){3} rdns=.+(?:fbb\.(?:ReSET\.JP|aol\.co\.jp)|ap\.(?:(?:seikyou|yournet|infoeddy|cyberbb)\.ne\.jp|zero-isp\.NET|inforyoma\.or\.jp))) /
  7900. describe DIRECTYOURNET directly received spam from FreeBit
  7901. score DIRECTYOURNET 1.5
  7902.  
  7903. header DIRECTINTERSPIN X-Spam-Relays-Untrusted =~ /^\[ ip=\d{2,3}(?:\.\d{1,3}){3} rdns=\d{1,3}\.pool\d{1,2}\.(ftth|dsl24m)\w+\.att\.ne\.jp /
  7904. describe DIRECTINTERSPIN directly received spam from InterSpin
  7905. score DIRECTINTERSPIN 1.5
  7906.  
  7907. # 61.202.0.0-61.202.127.255
  7908. # 211.18.0.0 - 211.18.190.255
  7909. # 211.18.212.129 - 211.18.212.255
  7910.  
  7911. # avoid list:
  7912. # 222.3.140.*
  7913. # 2009.10.01 by [yoh]
  7914.  
  7915. # header DIRECTDION X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:61\.120\.5\.2[45]\d|210\.155\.83\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])|210\.168\.253\.250|210\.230\.216\.163|210\.233\.26\.(?:6[4-9]|7\d)|211\.18\.(?:(?:(?:\d|\d\d|1[0-8]\d|190)\.\d{1,3}|211\.18\.252\.(?:9[6-9]|10\d|11[01])|207\.1(?:6\d|7[0-5]))|212\.(?:129|1[3-9]\d|2\d\d)|252\.(?:9[6-9]|10\d|11[01]))|61\.117\.(?:[6-9]|1[0-7]|(?!68)[2-9]\d|(?!103)1[01]\d|12[0-7])\.\d{1,3}|61\.202\.(?!(?:2|3|27|64|90|105)\.)(?:\d|[1-9]\d|1[01]\d|12[0-7])\.\d{1,3}|(?:59\.1(?:2[89]|3\d|40)|218\.222|222\.(?:[0-24-9]|1[0-5]))(?:\.\d{1,3}){2}|219\.108\.(?:1[6-9]|[2-9]\d|1\d\d|2[0-4]\d|25[0-5])\.\d{1,3}|61\.120\.5\.2[45]\d|210\.251\.110\.(?:4[89]|5\d|6[0-3]))|(?:\d{1,3}\.){3}\d{1,3} rdns=(?:[A-Z]{1,2}\d{6}\.ppp|[a-zA-Z]{1,2}\d{12,14}\.(?:ec-){0,1}userreverse)\.dion\.ne\.jp) /
  7916. # 210.238.197.144-210.238.197.151
  7917. header DIRECTDION X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:59\.1(?:2[89]|3\d|40)|218\.222|222\.(?:[0-24-9]|1[0-5]))(?:\.\d{1,3}){2}|61\.120\.5\.2[45]\d|61\.117\.(?:[6-9]|1[0-7]|(?!68)[2-9]\d|(?!103)1[01]\d|12[0-7])\.\d{1,3}|61\.120\.5\.2[45]\d|61\.202\.(?!(?:2|3|27|64|90|105)\.)(?:\d|[1-9]\d|1[01]\d|12[0-7])\.\d{1,3}|111\.87\.90\.(?:\d|\d\d|1[01]\d|12[0-7])|210\.155\.(?:[46-9]|1[0-589]|2[126]|3[245]|5[456]|7[237]|9[5-9]|10[4678]|11[1-8]|12[01])\.\d{1,3}|210\.155\.83\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])|210\.168\.244\.(?:3[346-9]|4[2-5])|210\.168\.253\.250|210\.172\.105\.(?:19[2-9]|2\d\d)|210\.230\.216\.163|210\.233\.26\.(?:6[4-9]|7\d)|210\.238\.197\.1(?:4[4-9]|5[01])|210\.238\.228\.2(?:0[89]|1[0-5])|210\.251\.110\.(?:4[89]|5\d|6[0-3])|211\.5\.152\.(?:[89]|1[0-5])|211\.5\.117\.1(?:8[4-9]|9[01])|211\.18\.(?:(?:\d|\d\d|1[0-8]\d|190)\.\d{1,3}|198\.1(?:2[89]|3[0-5])|207\.1(?:6\d|7[0-5])|212\.(?:129|1[3-9]\d|2\d\d)|252\.(?:9[6-9]|10\d|11[01])|254\.1(?:4[4-9]|5\d)|255\.(?:12[89]|1[3-9]\d|2\d\d))|219\.108\.(?:1[6-9]|[2-9]\d|1\d\d|2[0-4]\d|25[0-5])\.\d{1,3}|(?:\d{1,3}\.){3}\d{1,3} rdns=(?:[A-Z]{1,2}\d{6}\.ppp|[a-zA-Z]{1,2}\d{12,14}\.(?:ec-){0,1}userreverse)\.dion\.ne\.jp) /
  7918. describe DIRECTDION directly received spam from DION
  7919. score DIRECTDION 1.5
  7920.  
  7921. # 210.231.0.0-210.231.89.255
  7922. # 61.209.4.0 - 61.209.190.255
  7923. # 211.3.0.0 - 211.3.255.255
  7924. # lacked: 13-15, 49, 100, 102, 104-106, 134-135, 137, 144, 180-181, 194-195,
  7925. # 228, 230-231, 238, 247, 253, 255
  7926. # 210.169.251.160-210.169.251.191
  7927. # 220.212.0.0-220.212.115.255
  7928. # 220.212.121.0-220.212.251.255
  7929. # 220.212.254.0-220.212.255.255
  7930. # ! 220.212.240.23 247.162 249.0/24 252.0/24 253.0/24
  7931. # 61\.209\.([4-9]|[1-9]\d|1[0-8]\d|190)\.\d{1,3}
  7932. # 211.121.160.96-211.121.160.103
  7933. header DIRECTODN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:(?:61\.116|211\.131|218\.218|219\.66)(?:\.\d{1,3}){2}|61\.196\.150\.(?:\d|[0-5])|61\.201\.(?:\d|[1-7]\d)\.\d{1,3}|61\.209\.(?:[4-9]|[1235-9]\d|4[0-689]|1[0-8]\d|190|203)\.\d{1,3}|210\.231\.(?:\d|[1-8]\d)\.\d{1,3}|211\.3.(?!(?:1[345]\.|49\.|1(?:0[02456]|3[457]|44|8[01]|9[45])|2(?:28|3[018]|47|5[35])))(?:\d|[1-9]\d|[12]\d\d)\.\d{1,3}|211\.121\.(?:\d|[1-9]\d|1[01]\d|12[0-7])\.\d{1,3}|210\.146\.28\.(?:12[89]|1[3-9]\d|2\d\d)|210\.169\.251\.(?:1[67]\d|181)|211\.121\.160\.(?:9[6-9]|10[0-3])|220\.212\.(?:\d|\d\d|1[01][0-5])\.\d{1,3}|220\.212\.(?!(?:240\.23[^\d]|247\.162|2(?:49|52|53)\.\d{1,3}))\d{1,3}\.\d{1,3})|(?:\d{1,3}\.){3}\d{1,3} rdns=[A-Za-z0-9-]+\.ppp\d{2,2}\.odn\.ad\.jp) /
  7934. describe DIRECTODN directly received spam from ODN
  7935. score DIRECTODN 1.5
  7936.  
  7937.  
  7938. # 202.224.204.112-202.224.204.127
  7939. header DIRECTINFOSPHERE X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:61\.194\.(?:120\.68|206\.16[0-7])|61\.197\.(?:\d|\d\d|1[0-5]\d|16[01])\.\d{1,3}|61\.197\.192\.(?:4[89]|5\d|6[0-3])|119\.245\.192\.27|210\.150\.128\.\d{1,3}|210\.165\.(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3}|202\.212\.(?:(?:9|1[237]|2[01]|7[4-9]|8[234]|9[023]|10[789]|11[01]|12[123]|156|16[4-7]|17[3-6]|18[56]|19[345]|23[67]|243|25[45])\.\d{1,3}|30\.(?:\d|[1-8]\d|9[0-5])|89\.1(?:2[89]|[34]\d|5[01])|91\.(?:\d|\d\d|1[0-4]\d|15[01])|1(?:19|40)\.(?:\d|[123]\d|4[0-7])|15[07]\.(?:\d|[1-5]\d|6[0-3])|183\.(?:\d|[12]\d|3[01])|184\.(?:\d|1[0-5])|242\.(?:\d|[1-3]\d|4[0-7])|252\.(?:\d|[1-5]\d|6[0-3]|12[89]|1[3-8]\d|19[01])|(?:35|169|221)\.(?:\d|\d\d|1[01]\d|12[0-7])|(?:36|87|120|140|157|179|180|184|25[01])\.1(?:2[89]|[345]\d))|202\.224\.204\.1(?:1[2-9]|2[0-79]|6\d|7[0-5])|202\.229\.(?:4[89]|5[01]|12[56]|13[2368]|14[0-3]|15[2-5]|16[4-7]|2(?:0\d|1[0-59]|2[1-9]|34|4[4-7]|5[345]))\.\d{1,3}|203\.138\.(?:(?:92|114|16[89]|17[0-5])\.\d{1,3}|1(?:20|82)\.(?:\d|[1-5]\d|6[0-3])|17[69]\.(?:\d|\d\d|1[0-5]\d)|184\.(?:\d|[12]\d|3[01])|234\.(?:\d|\d\d|1[01]\d|12[0-7])|238\.(?:12[89]|1[345]\d)|240\.(?:12[89]|1[3-8]\d|19[01]))|210\.136\.(?:(?:[0-3]|1[6-9]|2[0-389]|3[0-5]|8[4-9]|9[01]|12[89]|13[01]|14[0-3]|171|18[0-3]|19[6-9]|2[45]\d)\.\d{1,3}|13\.(?:\d|[12]\d|3[01])|36\.(?:6[4-9]7\d)|53\.(?:\d|[12]\d|3[01]|12[89]|1[345]\d)|82\.(?:129|1[3-9]\d|2\d\d)|186\.(?:\d|\d\d|10\d|11[01])|189\.(?:\d|[1-5]\d|6[0-3])|224\.(?:\d|[12]\d|3[01]|12[89]|1[3-8]\d|19[01])|234\.(?:\d|[1-5]\d|6[0-3])|238\.(?:20[89]|21\d|22[0-3]))|219\.102(?:\.\d{1,3}){2})|(?:\d{1,3}\.){3}\d{1,3} rdns=.+\.nttpc\.ne\.jp) /
  7940. describe DIRECTINFOSPHERE directly received spam from INFOSPHERE
  7941. score DIRECTINFOSPHERE 2.0
  7942.  
  7943. # header DIRECTSONETDYN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:59\.14[67](?:\.\d{1,3}){2}|202\.213\.(?:208\.11[2-9]|247\.\d{1,3})|202\.238\.(?:65|7[0345]|8[01789]|9[0-8]|101|11[02-9]|12[0-7])\.\d{1,3}|210\.174\.(?:\d|1[01378]|[2-5]\d|6[0-3])\.\d{1,3})|(?:\d{1,3}\.){3}\d{1,3} rdns=p[a-z0-9]{5,6}\.[a-z0-9]{7,8}\.ap\.so-net\.ne\.jp) /
  7944. header DIRECTSONETDYN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:59\.14[67]|111\.21[67]|121\.[23]|219\.98)(?:\.\d{1,3}){2}|202\.213\.2(?:0[01589]|1[013569]|2[2-79]|3[28]|4[789]|5\d)\.\d{1,3}|202\.238\.(?:65|7[0345]|8[01789]|9[0-8]|101|11[02-9]|12[0-7])\.\d{1,3}|210\.174\.(?:\d|1[01378]|[2-5]\d|6[0-3])\.\d{1,3}|(?:\d{1,3}\.){3}\d{1,3} rdns=p[a-z0-9]{5,6}\.[a-z0-9]{7,8}\.ap\.so-net\.ne\.jp) /
  7945. describe DIRECTSONETDYN directly received spam from SO-NET
  7946. score DIRECTSONETDYN 1.5
  7947.  
  7948.  
  7949. # 220.96.0.0 - 220.99.63.255
  7950. # 61.207.56.0 - 61.207.255.255
  7951. # 124.84.0.0 - 124.84.255.255
  7952. # 124.85.0.0 - 124.85.41.255
  7953. # 124.85.58.0 - 124.85.255.255
  7954. # 124.86.0.0 - 124.86.218.255
  7955. # 124.86.227.0 - 124.86.255.255
  7956. # 124.87.0.0 - 124.87.255.255
  7957. # 60.32.16.0 - 60.32.21.255
  7958. # 60.32.38.0 - 60.32.63.255
  7959. # 60.37.64.0 - 60.37.255.255
  7960. # 60.38.0.0 - 60.38.105.255
  7961. # 60.38.114.0 - 60.38.152.255
  7962. # 60.38.157.0 - 60.38.255.255
  7963. # 60.45.0.0 - 60.45.148.255
  7964. # 60.45.155.0 - 60.45.187.255
  7965. # 60.45.192.0 - 60.45.255.255
  7966. # 60.46.0.0 - 60.46.127.255
  7967. # 60.33.0.0 - 63.33.255.255
  7968. # 60.39.0.0 - 60.40.255.255
  7969. # 60.44.0.0 - 60.44.255.255
  7970. # 219.114.0.0 - 219.114.99.255
  7971. # 221.184.64.0 - 221.184.67.255
  7972. # 221.184.84.0 - 221.184.127.255
  7973.  
  7974. # avoid list:
  7975. # 60.37.40.* 61.207.11.* 61.207.12.*
  7976. # 122.1.235.* 122.28.14.* 122.28.17.* 122.28.30.* 125.170.92.* 125.206.187.*
  7977. # 211.129.14.* 222.146.51.*
  7978. # 2009.10.01 by [yoh]
  7979.  
  7980. # 221.186.143.104-221.186.143.111
  7981.  
  7982. # header DIRECTOCNDYN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:58\.(?:88|9[01245])|60\.(?:3[39]|4[04])|122\.26|123\.2(?:16|20)|124\.8[47]|125\.17[2-5]|219\.16[0-5]|221\.188|220\.(?:9[678]|10[4-7])|222\.(?:14[457-9]|15[01]))(?:\.\d{1,3}){2}|(?:60\.32\.(?:1[6-9]|2[01]|3[89]|[45]\d|6[0-3])|60\.37\.(?:6[4-9]|[789]\d|\d\d\d)|60\.38\.(?:\d|\d\d|10[0-5]|11[4-9]|1[2-9]\d|2\d\d)|60\.45\.(?:\d|\d\d|1[0-3]\d|14[0-8]|15[5-9]|1[67]\d|18[0-7]|19[2-9]|2\d\d)|60\.46\.(?:\d|\d\d|1[01]\d|12[0-7])|61\.112\.(?:6[89]|[7-9]\d|\d\d\d)|61\.199\.(?:\d|\d\d|1[01]\d|12[0-7])|61\.207\.(?:5[6-9]|[6-9]\d|1[0-57-9]\d|16[0-8]|20[04-9]|2[1-5]\d)|118\.15\.(?:1(?:2[89]|[3-8]\d|9[01])|2[45]\d)|124\.85\.(?:\d|[1-3]\d|4[01]|5[89]|[6-9]\d|[12]\d\d)|124\.86\.(?:\d|\d\d|1\d\d|20\d|21[0-8]|22[789]|2[3-5]\d)|124\.(?:96\.(?:[016-9]|[1-4789]\d|5[0124-7]|6[0-36-9]|10[16-9]|11[0-3789]|(?:1[236-9]|2\d)\d|14[02-9]|15[012])|97\.(?:\d|[1-8]\d|9[0-6]|10[5-9]|(?:1[1-9]|2\d)\d)|98\.(?:\d|1\d|2[04-7]|4[1-9]|[5-9]\d|1[0-57]\d|16[0124-9]|18[0-3]|19[01]|22[4-9]|23[013-9]|24[014-9]|25[0145])|99\.(?:[0-5]|1[0-7]|2[2-689]|5[0-3]|[34]\d|7[2-9]|8[0-8]|9[4-9]|[12]\d\d)|100\.\d{1,3}|101\.(?:[3-6]|1[1-489]|[23789]\d|4[0-5]|5[12]|6[3-9]|1[04-7]\d|11[0-4]|18[0-6]|20[2-9]|2[1-5]\d)|102\.(?:\d|\d\d|17[016-9]|1[0-689]\d|2\d\d)|103\.(?:\d|[1-8]\d|9[01]|10[2-5]|11[0-389]|1[235-9]\d|14[0-5]|2[0-4]\d))|218\.43\.118|219\.114\.(?:\d|[1-57-9]\d)|220\.99\.(?:\d|[1-5]\d|6[0-3])|220\.111\.(?:4[89]|[5-9]\d|\d\d\d)|222\.146\.(?:12[89]|1[3-9]\d|2[0-4]\d|25[0-5]))\.\d{1,3}|60\.32\.90\.1(?:4[4-9]|5[01])|60\.37\.51\.(?:7|254)|61\.199\.212\.20[1-6]|118\.22\.2\.(?:4[89]|5[0-5])|118\.23\.108\.11|125\.206\.(?:117\.1(?:25|33)|227\.11[2-9])|219\.166\.29\.(?:8[89]|9[0-5])|220\.110\.34\.3[2-9]|221\.184\.(?:6[4-7]|8[4-9]|9\d|1[01]\d|12[0-7])\.\d{1,3}|210\.161\.67\.147|219\.166\.160\.1(?:6[89]|7[0-5])|221\.186\.251\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])) /
  7983. replace_tag OCN_WIDE (?:58\.(?:88|9[01245])|60\.(?:3[39]|4[04])|122\.26|123\.2(?:16|20)|124\.8[47]|124\.100|125\.17[2-5]|180\.(?:9|43)|219\.16[0-5]|221\.188|220\.(?:9[678]|10[4-7])|222\.(?:14[457-9]|15[01]))(?:\.\d{1,3}){2}
  7984. replace_tag OCN_60 60\.32\.(?:1[6-9]|2[01]|3[89]|[45]\d|6[0-3])|60\.37\.(?:6[4-9]|[789]\d|\d\d\d)|60\.38\.(?:\d|\d\d|10[0-5]|11[4-9]|1[2-9]\d|2\d\d)|60\.45\.(?:\d|\d\d|1[0-3]\d|14[0-8]|15[5-9]|1[67]\d|18[0-7]|19[2-9]|2\d\d)|60\.46\.(?:\d|\d\d|1[01]\d|12[0-7])|
  7985. replace_tag OCN_61 61\.112\.(?:6[89]|[7-9]\d|\d\d\d)|61\.199\.(?:\d|\d\d|1[01]\d|12[0-7])|61\.207\.(?:5[6-9]|[6-9]\d|1[0-57-9]\d|16[0-8]|20[04-9]|2[1-5]\d)|
  7986. replace_tag OCN_118 118\.15\.(?:1(?:2[89]|[3-8]\d|9[01])|2[45]\d)|
  7987. replace_tag OCN_124 124\.85\.(?:\d|[1-3]\d|4[01]|5[89]|[6-9]\d|[12]\d\d)|124\.86\.(?:\d|\d\d|1\d\d|20\d|21[0-8]|22[789]|2[3-5]\d)|124\.96\.(?:[016-9]|[1-4789]\d|5[0124-7]|6[0-36-9]|10[16-9]|11[0-3789]|(?:1[236-9]|2\d)\d|14[02-9]|15[012])|124\.97\.(?:\d|[1-8]\d|9[0-6]|10[5-9]|(?:1[1-9]|2\d)\d)|124\.98\.(?:\d|1\d|2[04-7]|4[1-9]|[5-9]\d|1[0-57]\d|16[0124-9]|18[0-3]|19[01]|22[4-9]|23[013-9]|24[014-9]|25[0145])|124\.99\.(?:[0-5]|1[0-7]|2[2-689]|5[0-3]|[34]\d|7[2-9]|8[0-8]|9[4-9]|[12]\d\d)|124\.101\.(?:[3-6]|1[1-489]|[23789]\d|4[0-5]|5[12]|6[3-9]|1[04-7]\d|11[0-4]|18[0-6]|20[2-9]|2[1-5]\d)|124\.102\.(?:\d|\d\d|17[016-9]|1[0-689]\d|2\d\d)|124\.103\.(?:\d|[1-8]\d|9[01]|10[2-5]|11[0-389]|1[235-9]\d|14[0-5]|2[0-4]\d)|
  7988. replace_tag OCN_218 218\.43\.118|
  7989. replace_tag OCN_219 219\.114\.(?:\d|[1-57-9]\d)|
  7990. replace_tag OCN_220 220\.99\.(?:\d|[1-5]\d|6[0-3])|220\.111\.(?:4[89]|[5-9]\d|\d\d\d)|
  7991. replace_tag OCN_222 222\.146\.(?:12[89]|1[3-9]\d|2[0-4]\d|25[0-5])
  7992. replace_tag OCN_211 211\.129\.(?:1[2-9]|[2-9]\d|1\d\d|2[0-4]\d|25[0-5])|
  7993. replace_tag OCN_153 153\.(?:140\.(?:12[89]|1[3-9]\d|2[0-4]\d|25[0-5])|142\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7]))|
  7994. replace_tag OCN_125 125\.175\.(?:12[7-9]|1[3-9]\d|2[0-4]\d|25[0-5])|
  7995.  
  7996.  
  7997. # 118\.23\.108\.11|
  7998. header DIRECTOCNDYN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:<OCN_WIDE>|(?:<OCN_60><OCN_61><OCN_118><OCN_124><OCN_125><OCN_153><OCN_211><OCN_218><OCN_219><OCN_220><OCN_222>)\.\d{1,3}|60\.32\.(?:90\.1(?:4[4-9]|5[01])|208\.4[0-7]|213\.4[0-7])|60\.37\.51\.(?:7|254)|61\.199\.212\.20[1-6]|114\.160\.(?:19[2-9]|2\d\d)\.\d{1,3}|118\.22\.2\.(?:4[89]|5[0-5])|118\.22\.4[4-7]\.\d{1,3}|122\.29\.(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3}|125\.170\.(?:\d|\d\d|1[01]\d|12[0-7])\.\d{1,3}|125\.206\.(?:117\.1(?:25|33)|227\.11[2-9])|125\.207\.(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3}|180\.4\.(?:\d|\d\d|1[01]\d|12[0-7])\.\d{1,3}|210\.161\.67\.147|210\.190\.119\.1(?:4[4-9]|5[01])|210\.226\.108\.16[0-7]|219\.166\.(?:29\.(?:8[89]|9[0-5])|76\.11[2-9])|220\.110\.(?:1\.12[0-7]|34\.3[2-9])|219\.166\.160\.1(?:6[89]|7[0-5])|221\.184\.(?:6[4-7]|8[4-9]|9\d|1[01]\d|12[0-7])\.\d{1,3}|221\.186\.143\.1(?:0[4-9]|1[01])|(?:210\.226\.77|221\.186\.153)\.(?:9[6-9]|10\d|11[01])|221\.186\.251\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])) /
  7999. describe DIRECTOCNDYN directly received spam from OCN
  8000. score DIRECTOCNDYN 1.5
  8001.  
  8002. replace_tag VECTANT_36_2 36\.2\.(?:108|14[789]|1[5-8]\d|19[01]|25[45])\.\d{1,3}
  8003.  
  8004. replace_tag VECTANT_115_179 115\.179\.(?:1|2[89]|[3-8]\d|9[01]|1(?:0[89]|[1-9]\d)|2(?:0[0-7]|1[0-3]|21))\.\d{1,3}
  8005. replace_tag VECTANT_116_91 116\.91\.(?:11[245689]\.\d{1,3}|110\.(?![0-7] )\d{1,3}|113\.(?!(?:17[89]|18[012]) )\d{1,3}|139\.(?:1[3-9]|2\d)\d)
  8006. # replace_tag VECTANT_120_51 120\.51\.(?:[0-389]|1\d|2[5-9]|3[0-589]|[4-9]\d|1\d\d|20[0129]|21[01])\.\d{1,3}
  8007. replace_tag VECTANT_120_51 120\.51\.(?:[0-389]|1\d|2[5-9]|3[0-589]|[4-9]\d|1\d\d|20[0129]|21[014-9]|22[0-3])\.\d{1,3}
  8008. replace_tag VECTANT_122_103 122\.103\.(?:(?:6[4-9]|7\d|8[0-8]|9[135-8]|1\d\d|20[02-8]|21[02-9]|22\d|23[0-59]|24[6-9]|25[345])\.\d{1,3}|89\.(?!(?:5\d|6[012]|13[01]|23[56]) )\d{1,3}|90\.(?!90 )\d{1,3}|92\.(?!(?:[12349]|1[034]|9[89]|10[234]|(?:12|20)[0-7]|146) )\d{1,3}|94\.(?!(?:\d|1[0-4]|[3467]) )\d{1,3}|99\.(?!(?:11[34]|245) )\d{1,3}|201\.(?!(?:24|6[27]|103|135|171|188) )\d{1,3}|209\.(?!8[245] )\d{1,3}|211\.(?!8[123] )\d{1,3}|236\.(?!(?:169|170|212) )\d{1,3}|237\.(?!(?:5[012458]|16[25]) )\d{1,3}|238\.(?!(?:18[67]|241) )\d{1,3}|240\.(?!(?:26|3[34789]|25[01]) )\d{1,3}|241\.(?!8[1456] )\d{1,3}|242\.(?!(?:16[23457]|252) )\d{1,3}|243\.(?!42 )\d{1,3}|244\.(?!32 )\d{1,3}|245\.(?!10 )\d{1,3}|250\.(?!188 )\d{1,3}|251\.(?!76 )\d{1,3}|252\.(?!98 )\d{1,3}|)
  8009.  
  8010. replace_tag VECTANT_124_110 124\.110\.(?:(?:\d|[1-5]\d|6[137]|9[16-9]|1(?:[01246-9]\d|3[0-6]|5[0136-9])|2(?:[02-5]\d|1[2-9]))\.\d{1,3}|152\.(?!(?:72|172) )\d{1,3})
  8011.  
  8012. replace_tag VECTANT_163_139 163\.139\.(?:(?:[0-7]|1[05-9]|2[4-9]|3[0124-9]|4[2-9]|5[0-5]|6[0-79]|7[0-589]|8[0-36-9]|9[2-9]|1(?:[01457]\d|2[2367]|3[3-9]|6[0-8]|8[0-7]|9[2-9])|2(?:0[23467]|1[012679]|2[0124679]|3[5-9]|4[0-57]|5[13]))\.\d{1,3}|169\.(?!178 )\d{1,3})
  8013.  
  8014. replace_tag VECTANT_183_177 183\.177\.1(?:2[789]|3\d|4[0-367]|5[67]|7[56]|8\d)\.\d{1,3}
  8015. replace_tag VECTANT_183_180 183\.180\.127\.\d{1,3}
  8016.  
  8017. # replace_tag VECTANT_202_215 202\.215\.(?:[23]|1[246-9]|2[0-57-9]|3[014-7]|4[014-9]|5[5-9]|6[0-35679]|7[013-9]|8[014-9]|9[0179]|1(?:0[02-9]|1[123567]|2[0145689]|3[0-36-9]|4[0-37]|5[1-9]|6[1-58]|7[0-378]|8[0-5789]|9[1-69])|2(?:0[0247]|1\d|2[0-48]|3[01678]|4[01]|55))\.\d{1,3}
  8018. # replace_tag VECTANT_202_215 202\.215\.(?:(?:[23]|1[246-9]|2[0-57-9]|3[014-7]|4[014-9]|5[5-9]|6[0-35679]|7[013-9]|8[014-9]|9[0179]|1(?:0[02-9]|1[123567]|2[0145689]|3[0-36-9]|4[0-37]|5[1-9]|6[1-58]|7[0-378]|8[0-5789]|9[1-69])|2(?:0[0247]|1\d|2[0-48]|3[01678]|4[01]|55))\.\d{1,3}|32\.(?!204 )\d{1,3})
  8019. replace_tag VECTANT_202_215 202\.215\.(?:(?:[23]|1[246-9]|2[0-57-9]|3[014-7]|4[014-9]|5[5-9]|6[0-35679]|7[013-9]|8[014-9]|9[0179]|1(?:0[02-9]|1[123567]|2[0145689]|3[0-36-9]|4[0-37]|5[1-9]|6[1-58]|7[0-378]|8[0-5789]|9[1-69])|2(?:0[0247]|1\d|2[0-48]|3[01678]|4[01]|55))\.\d{1,3}|32\.(?!204 )\d{1,3}|50\.(?!22 )\d{1,3}|64\.(?!237 )\d{1,3}|118\.(?!30 )\d{1,3}|119\.(?!(?:3[2-9]|[45]\d|6[0-3]|14[5-9]|15[045]) )\d{1,3})
  8020. replace_tag VECTANT_202_231 202\.231\.(?:6[579]|7[0-5789]|8[12358]|9\d|1(?:0[02-57]|1[2-9]|2[23467]))\.\d{1,3}
  8021. # replace_tag VECTANT_202_239 202\.239\.(?:2(?:2[6-9]|3[02-7]|4[2-9]|5[023])\.\d{1,3}|231\.(?!162 )\d{1,3}|238\.(?!(?:3|71|12[89]|13[01]) )\d{1,3}|239\.(?![3-7]\d )\d{1,3}|240\.(?![67]\d )\d{1,3}|241\.(?!10[06] )\d{1,3}|251\.(?!3 )\d{1,3}|254\.(?!74 )\d{1,3}|255\.(?!(?:9|[123567]\d) )\d{1,3})
  8022. replace_tag VECTANT_202_239 202\.239\.(?:(?:19[2-9]|2(?:0[0-3]|2[6-9]|3[02-7]|4[2-9]|5[023]))\.\d{1,3}|231\.(?!162 )\d{1,3}|238\.(?!(?:3|71|12[89]|13[01]) )\d{1,3}|239\.(?![3-7]\d )\d{1,3}|240\.(?![67]\d )\d{1,3}|241\.(?!10[06] )\d{1,3}|251\.(?!3 )\d{1,3}|254\.(?!74 )\d{1,3}|255\.(?!(?:9|[127]\d|30|5[023]|6[5-9]) )\d{1,3})
  8023.  
  8024. # (?:6[579]|7[0-5789]|8[12358]|9\d|1(?:0[02-57]|1[2-9]|2[23467]))\.\d{1,3}
  8025. replace_tag VECTANT_220_247 220\.247\.(?:(?:[25-9]|1[2-9]|2[0135-9]|[3-8]\d|9[0-5]|10[2-9]|11\d|12[0-7])\.\d{1,3}|0\.(?!(?:143|157) )\d{1,3}|1\.(?!(?:56|189|227) )\d{1,3}|10\.(?!(?:26|168|247) )\d{1,3}|11\.(?!(?:7|106|138|151|163|220) )\d{1,3}|22\.(?!8[1-5] )\d{1,3}|24\.(?!14[78] )\d{1,3}|100\.(?!(?:138|14[069]|24[23]) )\d{1,3}|101\.(?!250 )\d{1,3})
  8026. # replace_tag VECTANT_222_228 222\.228\.(?:\d|[1-8]\d|9[4-9]|1(?:0\d|1[3-9]|2[0124-9]|3[0-5789]|4\d|5[0-6]|6[0-7]|7[346-9]|[89]\d)|2(?:0\d|1[0-3]|2[0-59]|30))\.\d{1,3}
  8027. replace_tag VECTANT_222_228 222\.228\.(?:(?:\d|[1-8]\d|9[24-9]|1(?:0\d|1[3-9]|2[0124-9]|3[0-5789]|4\d|5[0-6]|6[0-7]|7[346-9]|[89]\d)|2(?:0\d|1[0-37]|2[0-589]|3[013-68]|4[6-9]))\.\d{1,3}|90\.(?!111 )\d{1,3}|91\.(?!5[014] )\d{1,3}|93\.(?!(?:10|6[45]|70) )\d{1,3}|110\.(?!(?:2|118) )\d{1,3}|111\.(?!(?:3[345]|45) )\d{1,3}|112\.(?!(?:11[3-8]|202) )\d{1,3}|123\.(?!(?:5[1-5]|14[5-9]|150|16[0456]) )\d{1,3}|136\.(?!220 )\d{1,3}|157\.(?!(?:20|5[0-4]|129|13[04]|18[678]) )\d{1,3}|158\.(?!(?:34|25[0124]) )\d{1,3}|159\.(?!63 )\d{1,3}|168\.(?!(?:2[6-9]|5[0-3]|21[789]|22[012]|242) )\d{1,3}|170\.(?!160 )\d{1,3}|171\.(?!188 )\d{1,3}|172\.(?!(?:8[2-9]|9[0-3]|12[013]) )\d{1,3}|175\.(?![23] )\d{1,3}|214\.(?!(?:4[89]|5[12]|16[0-36-9]|17[128]|18[45]) )\d{1,3}|215\.(?!(?:12[12456]|13[01]) )\d{1,3}|216\.(?!(?:120|133|178) )\d{1,3}|218\.(?!(?:130|161) )\d{1,3}|219\.(?!21[124] )\d{1,3})
  8028.  
  8029. # replace_tag VECTANT_222_230 222\.230\.(?:(?:\d|[1236-9]\d|4[0-3689]|5[0235-9]|1(?:0[0-8]|1[02-9]|2[13-9]|3[0-5]|4[04-7]|5[124-9]|[67]\d|8[0-35]))\.\d{1,3}|150\.24[128])
  8030. replace_tag VECTANT_222_230 222\.230\.(?:(?:\d|[1236-9]\d|4[0-3689]|5[0235-9]|1(?:0[0-8]|1[02-9]|2[13-9]|3[0-5]|4[04-7]|5[124-9]|[67]\d|8[0-35]))\.\d{1,3}|150\.24[128]|111\.(?!(?:73|200) )\d{1,3})
  8031.  
  8032. header DIRECTVECTANTDYN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:<VECTANT_36_2>|<VECTANT_115_179>|<VECTANT_116_91>|<VECTANT_120_51>|<VECTANT_122_103>|<VECTANT_124_110>|<VECTANT_163_139>|<VECTANT_183_177>|<VECTANT_183_180>|<VECTANT_202_215>|<VECTANT_202_231>|<VECTANT_202_239>|<VECTANT_220_247>|<VECTANT_222_228>|222\.229\.(?:\d|[1-5]\d|6[0-3])\.\d{1,3}|<VECTANT_222_230>|202\.189\.(?:19[2-9]|2[01]\d|22[0-3])\.\d{1,3}) /
  8033. describe DIRECTVECTANTDYN directly received spam from vectant.ne.jp
  8034. score DIRECTVECTANTDYN 1.5
  8035.  
  8036. header DIRECTHI_HO X-Spam-Relays-Untrusted =~ /^\[ ip=\d{2,3}(?:\.\d{1,3}){3} rdns=[a-z]{3,3}[0-9]+-p[0-9]{1,3}\.flets\.hi-ho\.ne\.jp /
  8037. describe DIRECTHI_HO directly received spam from Panasonic hi-ho
  8038. score DIRECTHI_HO 1.5
  8039.  
  8040. # header DIRECTUSENBROAD X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:124\.34\.(?:4\.(?:0|1|14|4[567]|65|98|10[067]|22[56]|24[09]|25[012])|5\.(?:\d|[1-8]\d|23[2689]|2[45]\d))|221\.252\.14\.7[2-9])|\d{2,3}(?:\.\d{1,3}){3} rdns=(?:usen-[25]\d{1,2}(?:x\d{2,3}){3}\.ap-(?:us|US)\d+\.usen\.ad\.jp|[125]\d{1,2}(?:x\d{2,3}){3,3}\.ap[125]\d{1,2}\.ftth\.ucom\.ne\.jp|\w+\.(?:kabir-ken\.com|vds-server\.net))) /
  8041. # header DIRECTUSENBROAD X-Spam-Relays-Untrusted =~ /^\[ ip=(?:113\.34\.82\.\d{1,3}|113\.39\.92\.\d{1,3}|122\.220\.75\.\d{1,3}|124\.34\.(?:4\.(?:0|1|14|4[567]|65|98|10[067]|22[56]|24[09]|25[012])|5\.(?:\d|[1-8]\d|23[2689]|2[45]\d))|221\.252\.14\.7[2-9]|\d{2,3}(?:\.\d{1,3}){3} rdns=(?:usen-[25]\d{1,2}(?:x\d{2,3}){3}\.ap-(?:us|US)\d+\.usen\.ad\.jp|[125]\d{1,2}(?:x\d{2,3}){3,3}\.ap[125]\d{1,2}\.ftth\.ucom\.ne\.jp|\w+\.(?:kabir-ken\.com|vds-server\.net))) /
  8042.  
  8043.  
  8044. replace_tag USEN_58_81 58\.81\.(?:(?:[03-7]|1\d|2[1-9]|3[0-4679]|4\d|5[0124-9]|6[0-46-9]|7[0-589]|8\d|9[0135-8]|1(?:0\d|1[1-9]|2[0-8]|3[0-689]|4[025-9]|5[1-79]|6[01346-9]|7[1-9])|20[02-9]|21[0-46-9]|23\d|24[0-8]|25\d)\.\d{1,3}|1\.(?!(?:8[1789]|9[0-4]) )\d{1,3}|2\.(?!17[12] )\d{1,3}|8\.(?!1(?:4[69]|95) )\d{1,3}|9\.(?!7[2-9] )\d{1,3}|20\.(?!16[2-6] )\d{1,3}|35\.(?!12[0-6] )\d{1,3}|38\.(?!1(?:8[5-9]|90) )\d{1,3}|53\.(?!16[234] )\d{1,3}|65\.(?!(?:3[3-6]|11[5-8]) )\d{1,3}|76\.(?!2(?:2[4-9]|[345]\d) )\d{1,3}|77\.(?!(?:9[89]|10[016-9]|110) )\d{1,3}|92\.(?!11[56] )\d{1,3}|94\.(?!18[5-8] )\d{1,3}|99\.(?!15[4-7] )\d{1,3}|110\.(?!130 )\d{1,3}|129\.(?!(?:[5689]|1[0-4]) )\d{1,3}|137\.(?!210 )\d{1,3}|141\.(?!2(?:3[4-8]|42) )\d{1,3}|143\.1(?!7(?:[89]|8[01]) )\d{1,3}|144\.(?!24[2-6] )\d{1,3}|150\.(?!13[01] )\d{1,3}|158\.1(?!1(?:[4-9]|[012]) )\d{1,3}|162\.1(?!(?:99|10[016]) )\d{1,3}|165\.(?!16[234] )\d{1,3}|169\.(?!(?:3[4-9]|4[0-6]) )\d{1,3}|170\.(?!164 )\d{1,3}|201\.(?!2(?:2[6-9]|3[0-5]) )\d{1,3}|215\.(?!(?:43|17[89]|18[1348]) )\d{1,3}|)
  8045.  
  8046. replace_tag USEN_113_36 113\.36\.(?:(?:[02-9]|1[0-35-9]|2[0125-8]|3[013-69]|4[0-39]|[56]\d|7[0-8]|8[0-7]|9[789]|1(?:0[0-6]|1[23469]|[278]\d|3[0124-9]|4[0-47]|5[0-7]|6[0-579]|9[0245])|2\d\d)\.\d{1,3}|191\.(?!35 )\d{1,3})
  8047.  
  8048. replace_tag USEN_113_34 113\.34\.82\.\d{1,3}
  8049. replace_tag USEN_113_35 113\.35\.(?:(?:[013-6]|1[0-46-9]|[25][0-8]|[34]\d|6[01345789]|7[06-9]|8[0124-9]|9[23479]|10[015789]|11[123567]|12[0134689]|14[0125679]|15[146-9]|1[67]\d|18[02-9]|19[013-79]|20[0-35-8]|21[1-9]|22[0124569]|2[34]\d|25[0-4])\.\d{1,3}|2\.(?!146 )\d{1,3}|7\.(?!(?:19|20) )\d{1,3}|8\.(?!186 )\d{1,3}|9\.(?!(?:9[789]|10[012]) )\d{1,3})
  8050.  
  8051. # avoided 2013.12.31 by [yoh]
  8052. # Thanks to: Mzaki-san. http://twitter.com/mzaki_jp/status/413359282566868992
  8053. # replace_tag USEN_113_39 113\.39\.92\.\d{1,3}
  8054.  
  8055. # (?:47\.59|75\.\d{1,3})
  8056. replace_tag USEN_122_210 122\.210\.123\.58
  8057. # replace_tag USEN_122_220 122\.220\.(?:[026-9]|1[23689]|2[0-79]|3[0-579]|4[0-3789]|5[0-8]|6[01245689]|7\d|8[013-69]|9[02-7]|1(?:0[0124-9]|1[0-4678]|2[6-9]|3[0-36-9]|4[0-46-9]|5[0-35-9]|6[1-9]|7\d|8[0134789]|9[018])|2(?:0[4-9]|[13]\d|2[1-8]|4[0134567]|52))\.\d{1,3}
  8058.  
  8059. # avoided 2013.12.31 by [yoh]
  8060. # Thanks to: Mzaki-san. http://twitter.com/mzaki_jp/status/413359282566868992
  8061. replace_tag USEN_122_220 122\.220\.(?:(?:[026-9]|1[23689]|2[0-79]|3[0-579]|4[0-3789]|5[0-8]|6[01245689]|7\d|8[013-69]|9[02-7]|1(?:0[0124-9]|1[0-4678]|2[6-9]|3[0-36-9]|4[0-46-9]|5[0-35-9]|6[1-9]|7\d|8[0134789]|9[01])|2(?:0[4-9]|[13]\d|2[1-8]|4[0134567]|52))\.\d{1,3}|38\.187)
  8062. replace_tag USEN_124_34 124\.34\.(?:4\.(?:0|1|14|4[567]|65|98|10[067]|22[56]|24[09]|25[012])|5\.(?:\d|[1-8]\d|23[2689]|2[45]\d))
  8063. replace_tag USEN_125_102 125\.102\.96\.(?:8\d|9[0-5])
  8064. replace_tag USEN_221_115 221\.115\.(?:(?:[0-36-9]|1[0-35-9]|[25-8]\d|3[2-9]|4[0-35-9]|9[0235-9]|1[013489]\d|12[0-35-9]|15[0-7]|16[0-689]|17[02-9]|20[02-9]|22\d|23[0-7]|24[0-589]|25[0-4])\.\d{1,3}|4\.(?!(?:4[0-7]|15[2-9]) )\d{1,3}|5\.(?!2(?:4[89]|5\d) )\d{1,3}|14\.(?!16[0-7] )\d{1,3}|30\.(?!(?:12[0-7]|2[45]\d) )\d{1,3}|31\.(?!(?:[0-7]|2[45]\d) )\d{1,3}|44\.(?!2[45]\d )\d{1,3}|91\.(?!(?:\d|1[0-5]|23[2-9]) )\d{1,3}|124\.(?!(?:12[89]|1[345]\d) )\d{1,3}|149\.(?!11[2-9] )\d{1,3}|158\.(?!(?:1[6-9]|2[0-3]|6[4-9]|7[01]|15[2-9]) )\d{1,3}|159\.(?!2[45]\d )\d{1,3}|167\.(?!(?:12[89]|13[0-5]|22[4-9]|2[345]\d) )\d{1,3}|171\.(?!(?:\d|1[0-5]) )\d{1,3}|201\.(?!(?:20[89]|21\d|22[0-3]) )\d{1,3}|238\.(?!(?:\d|1[0-5]|16\d|17[0-5]) )\d{1,3}|239\.(?!98 )\d{1,3}|246\.(?!3[2-9] )\d{1,3}|247\.(?!9[6-9] )\d{1,3}|255\.(?!(?:7[2-9]|20[89]|21\d|22[0-3]|24[012]) )\d{1,3})
  8065. replace_tag USEN_221_117 221\.117\.(?:(?:\d|[179]\d|2[015-9]|3[0124-8]|4[2-9]|5[0124-7]|6[4-9]|8[045689]|1\d\d|2(?:[0145]\d|2[0124-9]|3[2-9]))\.\d{1,3}|22\.(?!(?:1[6-9]|[23]\d|22[4-9]|23[01]) )\d{1,3}|23\.(?!(?:5[6-9]|6[0-3]) )\d{1,3}|24\.(?!(?:12[89]|1[3678]\d|14[0-3]|19[01]) )\d{1,3}|33\.(?!(?:8\d|9[0-5]) )\d{1,3}|39\.(?!(?:1[48][4-9]|1[59][01]|2[02][0-3]|21[6-9]|23[2-9]|2[45]\d) )\d{1,3}|40\.(?!(?:2[4-7]|18[4-9]|19[01]|20[89]|21[0-5]) )\d{1,3}|41\.(?!(?:4[89]|5[0-5]) )\d{1,3}|53\.(?!24[0-7] )\d{1,3}|58\.(?!(?:\d|1[0-5]|12[89]|13\d|14[0-3]|24[89]|25\d) )\d{1,3}|59\.(?!(?:8[89]|9\d|10\d|11[01]|1[59][2-9]|20[0-7]) )\d{1,3}|60\.(?!(?:\d|1[0-5]) )\d{1,3}|61\.(?!(?:12[89]|13[0-5]|1[48][4-9]|15\d|19[01]) )\d{1,3}|62\.(?!(?:9[6-9]|10[0-3]|21[6-9]|22\d|23[01]) )\d{1,3}|63\.(?!(?:[89]|1[0-5]|11[2-9]|17[6-9]|18[0-3]|2[45]\d) )\d{1,3}|81\.(?!(?:3[2-9]|5[6-9]|6[0-3]|20[0-3]|22[4-9]|23[01]|2[45]\d) )\d{1,3}|82\.(?!(?:6[4-9]|7\d) )\d{1,3}|83\.(?!7[2-9] )\d{1,3}|87\.(?!(?:9[6-9]|10\d|11[01]) )\d{1,3}|223\.(?!(?:9[6-9]|10[0-3]) )\d{1,3}|230\.(?!(?:12[89]|13\d|14[0-3]) )\d{1,3}|231\.(?!(?:14[4-7]|19[2-9]) )\d{1,3}|236\.(?!(?:20[89]|21\d|22[0-3]) )\d{1,3})
  8066. replace_tag USEN_221_252 221\.252\.(?:14\.7[2-9]|199\.(?:8[89]|9[0-5]))
  8067. # 113\.35\.4\.1(?:8[4-9]|9[01])|
  8068. # UCOM
  8069. header DIRECTUSENBROAD X-Spam-Relays-Untrusted =~ /^\[ ip=(?:<USEN_58_81>|<USEN_113_34>|<USEN_113_35>|<USEN_113_36>|<USEN_122_210>|<USEN_122_220>|<USEN_124_34>|<USEN_125_102>|113\.33\.224\.19[2-9]|122\.217\.29\.23[2-9]|124\.39\.71\.(?:12[89]|1[3-9]\d|2\d\d)|221\.245\.246\.1(?:7[6-9]|8\d|9[01])|<USEN_221_115>|<USEN_221_117>|221\.247\.71\.(?:1[6-9]|2[0-3])|<USEN_221_252>|\d{2,3}(?:\.\d{1,3}){3} rdns=(?:usen-[25]\d{1,2}(?:x\d{2,3}){3}\.ap-(?:us|US)\d+\.usen\.ad\.jp|[125]\d{1,2}(?:x\d{2,3}){3,3}\.ap[125]\d{1,2}\.ftth\.ucom\.ne\.jp|\w+\.(?:kabir-ken\.com|vds-server\.net))) /
  8070. describe DIRECTUSENBROAD directly received spam from USEN broadgate
  8071. score DIRECTUSENBROAD 1.5
  8072.  
  8073. # 60.64.0.0 - 60.159.255.255
  8074. header DIRECTBBTEC X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:60\.(?:6[4-9]|[789]\d|1[0-5]\d)|221\.(?:1[6-9]|[2-9]\d|10\d|11[01])|(?:219|220)\.(?:\d|[1-5]\d|6[0-3])|219\.(?:16[89]|1[7-9]\d|20\d|21[0-5])|218\.(?:11[2-9]|1[23]\d|14[0-3]|17[6-9]|18[0-3]))(?:\.\d{1,3}){2}|126(?:\.\d{1,3}){3}|211\.133\.134\.(?:\d|\d\d|1[01]\d|12[0-7])|210\.151\.32\.\d{1,3}) /
  8075. describe DIRECTBBTEC directly received spam from YahooBB bbtec.net
  8076. score DIRECTBBTEC 1.5
  8077.  
  8078. # header DIRECTINFOWEB X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:58\.[01]|61\.124|125\.[0-3]|218\.226)(?:\.\d{1,3}){2}|218\.217\.(?:\d|[1-9]\d|1\d\d|2[0-3]\d)\.\d{1,3}|219\.104\.(?:\d|\d\d|1[0-36-9]\d|2\d\d|14[0-5]|15[3-9])\.\d{1,3}|219\.105\.43\.2(?:40|53|54)|(?:\d{1,3}\.){3}\d{1,3} rdns=(?:nt[a-z]{4}\d{6}\.[a-z]{4}\.nt\.(?:adsl|ftth)\d{0,1}|[a-z]{4}\d{6}\.catv)\.ppp\.infoweb\.ne\.jp) /
  8079. header DIRECTINFOWEB X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:58\.[01]|61\.124|115\.17[67]|125\.[0-3]|218\.226)(?:\.\d{1,3}){2}|121\.94\.(?!96)(?:\d|\d\d|1[01]\d|12[0-7])\.\d{1,3}|211\.128\.(?!24[24-7])(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3}|218\.217\.(?:\d|\d\d|1\d\d|2[0-3]\d)\.\d{1,3}|219\.104\.(?:\d|\d\d|1[0-36-9]\d|2\d\d|14[0-5]|15[3-9])\.\d{1,3}|219\.105\.43\.2(?:40|53|54)|(?:\d{1,3}\.){3}\d{1,3} rdns=(?:nt[a-z]{4}\d{6}\.[a-z]{4}\.nt\.(?:adsl|ftth)\d{0,1}|[a-z]{4}\d{6}\.catv)\.ppp\.infoweb\.ne\.jp) /
  8080. describe DIRECTINFOWEB directly received spam from INFOWEB
  8081. score DIRECTINFOWEB 1.5
  8082.  
  8083. # 202.216.232.216-202.216.232.223
  8084. header DIRECTDTI X-Spam-Relays-Untrusted =~ /^\[ ip=(?:27\.120\.111\.62|183\.181\.36\.30|202\.216\.(?:232\.2(?:1[6-9]|2[0-3])|234\.1(?:2[89]|3[0-5]))|210\.170\.(?:12[89]|1[3-9]\d|2\d\d)\.\d{1,3}|211\.132\.(?:6[4-9]|[78]\d|9[0-5])\.\d{1,3}|\d{2,3}(?:\.\d{1,3}){3} rdns=(?:PPP|DSL)[a-z0-9]+\.[a-z]+\-(?:ip|4x8x)\.dti\.ne.jp) /
  8085. describe DIRECTDTI directly received spam from DTI
  8086. score DIRECTDTI 1.5
  8087.  
  8088. header DIRECTBIGLOBE X-Spam-Relays-Untrusted =~ /^\[ ip=(?:61\.203\.(?:[4-9]|1[25-9]|2[0124-8]|3[014-9]|[4-8]\d|9[1-9]|1[01]\d|12[0-7])\.\d{1,3}|49\.129\.30\.43|119\.243\.73\.\d{1,3}|125\.(?:19[2-8]\.(?:[1-9]|\d\d|1\d\d|2[0-4]\d|25[0-4])|199\.(?:[1-9]|\d\d|1\d\d|2[0-3]\d|24[0-7]))\.\d{1,3}|220\.102\.138\.\d{1,3}|(?:219\.107|220\.144)(?:\.\d{1,3}){2}) /
  8089. describe DIRECTBIGLOBE directly received spam from BIGLOBE
  8090. score DIRECTBIGLOBE 1.5
  8091.  
  8092. # B-net LLC
  8093. header DIRECTALPHANET X-Spam-Relays-Untrusted =~ /^\[ ip=(?:61\.192\.(?:1(?:2[89]|[3-9]\d)|2\d\d)\.\d{1,3}|103\.8\.6[4-7]\.\d{1,3}|210\.229\.(?:67\.(?:3[3-9]|[4-9]\d|\d\d\d)|70\.(?:3[3-9]|[4-8]\d|9[01])|(?:7[36-9]|8[0-3])\.\d{1,3})|(?:\d{1,3}\.){3}\d{1,3} rdns=\d{1,3}(?:\.\d{1,3}){3}\.(?:[a-z]+\.b{0,1}flets|west\.global)\.alpha-net\.ne\.jp) /
  8094. describe DIRECTALPHANET directly received spam from ALPHANET
  8095. score DIRECTALPHANET 1.5
  8096.  
  8097. header DIRECTUNETSURF X-Spam-Relays-Untrusted =~ /^\[ ip=(?:\d{1,3}\.){3}\d{1,3} rdns=(?:f[0-9a-f]{4,4}\.[a-z]+|\w+-\w+\.(?:\d{1,3}-){3}\d{1,3})\.ppp\.u-netsurf\.ne\.jp /
  8098. describe DIRECTUNETSURF directly received spam from U-NETSURF
  8099. score DIRECTUNETSURF 1.5
  8100.  
  8101. # header DIRECTEDITNET X-Spam-Relays-Untrusted =~ /^\[ ip=(?:\d{1,3}\.){3}\d{1,3} rdns=f[0-9a-z](\-[0-9]{1,3}){2,2}\.edit\.ne\.jp /
  8102. header DIRECTEDITNET X-Spam-Relays-Untrusted =~ /^\[ ip=49\.236\.224\.(?:19[2-9]|20[0-7]) /
  8103. describe DIRECTEDITNET directly received spam from EDITNET
  8104. score DIRECTEDITNET 1.5
  8105.  
  8106. # flets-a-as-east-2-189.dsn.jp
  8107. # flets-a-as-east-2-210.dsn.jp
  8108. # flets-a-west-17-24.dsn.jp
  8109. # bflets-ma-as-east-1-46.dsn.jp
  8110.  
  8111. header DIRECTDSNETWORKS X-Spam-Relays-Untrusted =~ /^\[ ip=210\.199\.(?:8\d|9[0-5])\.\d{1,3} /
  8112. describe DIRECTDSNETWORKS directly received spam from DS Networks Co.
  8113. score DIRECTDSNETWORKS 1.5
  8114.  
  8115. header DIRECTGERAGERA X-Spam-Relays-Untrusted =~ /^\[ ip=(?:\d{1,3}\.){3}\d{1,3} rdns=lo\d+\.\d+\.geragera\.co\.jp /
  8116. describe DIRECTGERAGERA directly received spam from GERAGERA netcafe
  8117. score DIRECTGERAGERA 3.5
  8118.  
  8119. # 218.44.198.208-218.44.198.215
  8120. # 219.106.231.56 - 219.106.231.63
  8121. header DIRECTVOICETOWN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:219\.106\.231\.(?:5[6-9]|6[0-3])|218\.44\.198\.2(?:0[89]|1[0-5])) /
  8122. describe DIRECTVOICETOWN directly received spam from VOICETOWN netcafe
  8123. score DIRECTVOICETOWN 3.5
  8124.  
  8125.  
  8126. # header DIRECTSAKURAWEB Received =~ /from .*www[0-9]{1,3}\.sakura\.ne\.jp[^a-z]+[0-9]{2,3}(\.[0-9]{1,3}){3,3}[^(a-z]{0,3}by (mail\.flcl\.org|[a-z0-9]+\.nifty\.((ne|co|ad)\.jp|com)|(alt|dns|mta|ybbmta)[0-9][0-9]\.mail\.((bbt|mci|tnz)\.){0,1}yahoo\.co\.jp|fm[1-6]\.freemail\.ne\.jp)/
  8127. # 128\.(?:24|45|51|82|17[39]|188)|
  8128. # 162\.(?:15|37|56|142|173)|
  8129. # 129\.(56|91|156)|
  8130. # 171\.(?:[79]3|10[16]))|
  8131. # 13\.211|
  8132. # 19\.40|
  8133. # header DIRECTSAKURAWEB X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:59\.106\.(?:13\.(?:[6-9]|\d\d|1\d\d|2[01]\d|220|237)|14\.204|18\.67|19\.(?:1[1-9]|[2-9]\d|10\d|110|13[1-9]|1[4-9]\d|2[012]\d|230)|20\.223|27\.(?:14[1-9]|1[5-9]\d|2[0-3]\d|240)|32\.207|33\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])|100\.20[34]|107\.72|113\.84|162\.(?:19[2-9]|20[0-7])|171\.(?:1[1-9]|[2-9]\d|10\d|110))|61\.211\.234\.41|112\.78\.(?:112\.86|117\.105|119\.224|196\.(?:79|149))|202\.(?:181\.(?:96\.173|97\.71|98\.162|105\.136)|222\.30\.222)|210\.188\.201\.\d{1,3}|210\.188\.205\.(?:199|2(05|12))|210\.188\.235\.(?:\d|\d\d|1[01]\d|12[0-7])|210\.224\.165\.36|219\.94\.(?:1(?:2[89]|62)\.(?:1[1-9]|[2-9]\d|10\d|110|14[1-9]|1[5-9]\d|2[0-3]\d|240)|132\.(?:7|107)|133\.2(?:14|42)|143\.3[2-5]|144\.71|148\.176|155\.184|163\.153|166\.[24]0|167\.17[78]|181\.120|190\.106|192\.(?:1[1-9]|[2-9]\d|10\d|110|13[1-9]|1[456]\d|170)|200\.33))|\d{2,3}(?:\.\d{1,3}){3} rdns=(?:www2{0,1}\.skynetdm\.com|www933\.sakura\.ne\.jp|sv1\.mhai\.jp|sv\d{1,3}\.xserver\.jp)) /
  8134. header DIRECTSAKURAWEB X-Spam-Relays-Untrusted =~ /^\[ ip=(?:49\.212\.(?:2\.(?:70|170)|10\.221|24\.45|36\.46|47\.26|58\.122|87\.74|91\.109|96\.96|106\.155|109\.4[46]|138\.208|222\.19|235\.19)|59\.106\.(?:13\.(?:[6-9]|\d\d|1\d\d|2[01]\d|220|237)|14\.204|18\.67|19\.(?:1[1-9]|[2-9]\d|10\d|110|13[1-9]|1[4-9]\d|2[012]\d|230)|20\.223|27\.(?:14[1-9]|1[5-9]\d|2[0-3]\d|240)|32\.207|33\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])|37\.131|100\.20[34]|107\.72|113\.84|140\.219|162\.(?:19[2-9]|20[0-7])|171\.(?:1[1-9]|[2-9]\d|10\d|110))|61\.211\.234\.41|133\.242\.(?:25\.76|115\.46|134\.(?:235|246)|148\.1(?:02|95)|150\.194|153\.181|160\.20)|112\.78\.(?:112\.86|117\.105|119\.224|125\.142|196\.(?:79|149))|153\.120\.(?:5\.(?:108|236)|6\.58|36\.36|165\.10)|153\.127\.(?:248\.166|249\.(28|37))|160\.16\.232\.115|182\.48\.(?:17\.4[45]|36\.26|47\.139)|202\.(?:181\.(?:96\.173|97\.71|98\.162|105\.136)|222\.30\.222)|210\.188\.201\.\d{1,3}|210\.188\.205\.(?:199|2(?:05|12))|210\.188\.235\.(?:\d|\d\d|1[01]\d|12[0-7])|210\.224\.165\.36|219\.94\.(?:1(?:2[89]|62)\.(?:1[1-9]|[2-9]\d|10\d|110|14[1-9]|1[5-9]\d|2[0-3]\d|240)|132\.(?:7|107)|133\.2(?:14|42)|143\.3[2-5]|144\.71|148\.176|155\.1(?:43|84)|163\.153|166\.[24]0|167\.17[78]|181\.120|190\.106|192\.(?:1[1-9]|[2-9]\d|10\d|110|13[1-9]|1[456]\d|170)|200\.33|224\.18[39]|249\.72)|\d{2,3}(?:\.\d{1,3}){3} rdns=(?:www2{0,1}\.skynetdm\.com|www933\.sakura\.ne\.jp|sv1\.mhai\.jp|sv\d{1,3}\.xserver\.jp)) /
  8135. describe DIRECTSAKURAWEB directly received spam from SAKURAWEB
  8136. score DIRECTSAKURAWEB 3.5
  8137.  
  8138. # 210.188.233.128-210.188.233.255
  8139. # 210.188.248.0-210.188.248.127
  8140. header DIRECTHYPERBOX X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:\d{1,3}\.){3}\d{1,3} rdns=\w+\.cansystem\.(?:net|info)|210\.188\.(?:233\.(?:12[89]|1[3-9]\d|2\d\d)|248\.(?:\d|\d\d|1[01]\d|12[0-7]))) /
  8141. describe DIRECTHYPERBOX directly received spam from HYPERBOX
  8142. score DIRECTHYPERBOX 1.5
  8143.  
  8144. header DIRECTGMOACCESS X-Spam-Relays-Untrusted =~ /^\[ ip=(?:36\.2\.(?:107|249)\.\d{1,3}|36\.3\.1(?:08|1[1-9]|2[3-7])\.\d{1,3}|114\.179\.254\.185|(?:115\.179\.10[01]|122\.103\.201)\.\d{1,3}|121\.119\.179\.189|157\.7\.17[45]\.\d{1,3}|210\.146\.174\.\d{1,3}|210\.157\.9\.(?:2[1-9]|3[0-5789]|4[0234])|211\.16\.230\.18|(?:\d{1,3}\.){3}\d{1,3} rdns=(?:\d+\.){4}ap\.gmo-access\.jp) /
  8145. describe DIRECTGMOACCESS directly received spam from GMO Internet
  8146. score DIRECTGMOACCESS 1.5
  8147.  
  8148. # 125.30.0.0 - 125.30.255.255
  8149. header DIRECTIIJ4U X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:118\.151|124\.41)\.(?:\d|[1-9]\d|1[01]\d|12[0-7])\.\d{1,3}|125\.30(?:\.\d{1,3}){2}|202\.32\.122\.\d{1,3}|210.138.(?:[4-7]|1[09]|2[1236]|35|4[13]|5[2-7]|6[02]|7[236]|8[0568]|9[01]|1(?:0[4589]|1[237]|2[0-3678]|3[4-8]|4[2389]|5\d|6[0-379]|7[36-9]|8[1-9]|9[0-46-9])|2(?:0[0-689]|1[0-79]|2\d|3[14-8]|4[0-4678]|52))\.\d{1,3}|210\.148\.64\.45|\d{2,3}(?:\.\d{1,3}){3} rdns=(?:(?:h\d+\.p\d+|(?:\d+\.){4}dy)\.iij4u\.or\.jp|[a-z\d]{8}\.i-revonet\.jp)) /
  8150. describe DIRECTIIJ4U directly received spam from IIJ4U
  8151. score DIRECTIIJ4U 1.5
  8152.  
  8153. # 211.120.64.0-211.120.95.255
  8154. # 202.213.128.0-202.213.159.255
  8155. # 124.155.0.0 - 124.155.127.255
  8156. # 218.45.160.0 - 218.45.191.255
  8157. # header DIRECTASAHINET X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:121\.1\.(?:12[89]|1[3-9]\d|2\d\d)|122\.249\.\d{1,3}|124\.155\.(?:\d|\d\d|1[01]\d|12[0-7])|202\.213\.1(?:2[89]|[345]\d)|211\.13\.1(?:2[89]|[2-5]\d)|211\.120\.(?:6[4-9]|[78]\d|9[0-5])|218\.45\.1(?:[678]\d|9[01]))\.\d{1,3}|\d{2,3}(?:\.\d{1,3}){3} rdns=[a-z][0-9]{6,6}\.ppp\.asahi-net\.or\.jp) /
  8158. # header DIRECTASAHINET X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:121\.1\.(?:12[89]|1[3-9]\d|2\d\d)|122\.249\.\d{1,3}|124\.155\.(?:\d|\d\d|1[01]\d|12[0-7])|202\.213\.1(?:2[89]|[345]\d)|211\.13\.1(?:2[89]|[2-5]\d)|211\.120\.(?:6[4-9]|[78]\d|9[0-5])|218\.45\.1(?:[678]\d|9[01])|110\.5\.(?!44\.5[01] )(?:\d|[1-5]\d|6[0-3]))\.\d{1,3}|\d{2,3}(?:\.\d{1,3}){3} rdns=[a-z][0-9]{6,6}\.ppp\.asahi-net\.or\.jp) /
  8159. # header DIRECTASAHINET X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:110\.4\.(?!223\.1[12] )(?:12[89]|1[3-9]\d|2\d\d)|110\.5\.(?!44\.5[01] )(?:\d|[1-5]\d|6[0-3])|121\.1\.(?:12[89]|1[3-9]\d|2\d\d)|122\.249\.\d{1,3}|124\.155\.(?:\d|\d\d|1[01]\d|12[0-7])|202\.213\.1(?:2[89]|[345]\d)|203\.181\.(?:\d|[1-5]\d|6[0-3])|210\.253\.224|211\.13\.1(?:2[89]|[2-5]\d)|211\.120\.(?:6[4-9]|[78]\d|9[0-5])|218\.45\.1(?:[678]\d|9[01])|)\.\d{1,3}|\d{2,3}(?:\.\d{1,3}){3} rdns=[a-z][0-9]{6,6}\.ppp\.asahi-net\.or\.jp) /
  8160. header DIRECTASAHINET X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:110\.4\.(?!223\.1[12] )(?:12[89]|1[3-9]\d|2\d\d)|110\.5\.(?!44\.5[01] )(?:\d|[1-5]\d|6[0-3])|121\.1\.(?:12[89]|1[3-9]\d|2\d\d)|122\.249\.\d{1,3}|124\.155\.(?:\d|\d\d|1[01]\d|12[0-7])|180\.235\.(?:\d|[1-5]\d|6[0-3])|202\.213\.1(?:2[89]|[345]\d)|203\.181\.(?:\d|[1-5]\d|6[0-3])|210\.253\.224|211\.13\.1(?:2[89]|[2-5]\d)|211\.120\.(?:6[4-9]|[78]\d|9[0-5])|218\.45\.1(?:[678]\d|9[01])|220\.157\.(?!(?:164\.(?:[1-5]|29|30)|196\.163|25[2-5]\.\d{1,3}) )(?:12[89]|1[3-9]\d|2\d\d)|)\.\d{1,3}|\d{2,3}(?:\.\d{1,3}){3} rdns=[a-z][0-9]{6,6}\.ppp\.asahi-net\.or\.jp) /
  8161. describe DIRECTASAHINET directly received spam from ASAHI-NET
  8162. score DIRECTASAHINET 1.5
  8163.  
  8164.  
  8165. # 153209147058user.viplt.ne.jp
  8166. # 58.147.204.0 - 58.147.221.255
  8167. header DIRECTVIPLT X-Spam-Relays-Untrusted =~ /^\[ ip=\d{2,3}(?:\.\d{1,3}){3} rdns=[0-9]{12,12}user\.viplt\.ne\.jp /
  8168. describe DIRECTVIPLT directly received spam from Vipalette (NTT NEOMEIT Co.)
  8169. score DIRECTVIPLT 1.5
  8170.  
  8171. # 220.100.0.0 - 220.100.127.255
  8172. header DIRECTSST_BB X-Spam-Relays-Untrusted =~ /^\[ ip=\d{2,3}(?:\.\d{1,3}){3} rdns=(?:[0-9]{1,3}\.){2,2}100\.220\.sst-bb\.sst\.ne\.jp /
  8173. describe DIRECTSST_BB directly received spam from Sharp Space Town
  8174. score DIRECTSST_BB 1.5
  8175.  
  8176.  
  8177. # 59.84.0.0 - 59.86.159.255
  8178. # 220.148.0.0 - 220.148.255.255
  8179. # 220.148.128.0 - 220.148.191.255
  8180. # TOKAI Corporation
  8181. # header DIRECTTCOMADSL X-Spam-Relays-Untrusted =~ /^\[ ip=(?:59\.(?:8[45](?:\.\d{1,3}){2}|86\.(?:\d|[1-9]\d|1[0-5]\d)\.\d{1,3}))|220\.148\.1(?:2[89]|[3-8]\d|9[01])\.\d{1,3}|\d{2,3}(?:\.\d{1,3}){3} rdns=(?:p\d{3,3}\.net\d{9}\.tnc\.ne\.jp|\d{1,3}\.net\d{9}\.t-com\.ne\.jp) /
  8182. header DIRECTTCOMADSL X-Spam-Relays-Untrusted =~ /^\[ ip=(?:59\.(?:8[45](?:\.\d{1,3}){2}|86\.(?:\d|[1-9]\d|1[0-5]\d)\.\d{1,3}))|61\.206\.(?:6[4-9]|[567]\d)\.\d{1,3}|(?:183\.86|220\.148)\.1(?:2[89]|[3-8]\d|9[01])\.\d{1,3}|116\.254\.(?:6[4-9]|[78]\d|9[0-5])\.\d{1,3}|117\.104\.(?:\d|[12]\d|3[013-8]|4[0-5789]|5[1-9]|6[013])\.\d{1,3}|117\.104\.(?:32\.(?!24[123] )\d{1,3}|(?:39|46)\.(?!241 )\d{1,3}|50\.(?!24[1-5] )\d{1,3}|62\.(?!250 )\d{1,3})|220\.216\.(?:(?:3[2-9]|4\d|5[013-9]|6[0-3])\.\d{1,3}|52\.(?!(?:24[1-9]|250) )\d{1,3})|\d{2,3}(?:\.\d{1,3}){3} rdns=(?:p\d{3,3}\.net\d{9}\.tnc\.ne\.jp|\d{1,3}\.net\d{9}\.t-com\.ne\.jp) /
  8183. describe DIRECTTCOMADSL directly received spam from T-COM ADSL Service (TOKAI NETWORK CLUB)
  8184. score DIRECTTCOMADSL 1.5
  8185.  
  8186. # 202.171.224.0 - 202.171.224.255
  8187. header DIRECTXEXONNET X-Spam-Relays-Untrusted =~ /^\[ ip=(?:14\.192\.(?:9[6-9]|1[01]\d|12[0-7])|202\.12\.22[4-7]|202\.171\.2(?:2[4-9]|3[01]))\.\d{1,3} /
  8188. describe DIRECTXEXONNET directly received spam from XEXONNET spammer's hosting service (see `host spamsrv1.hn.org`)
  8189. score DIRECTXEXONNET 3.5
  8190.  
  8191. # 220.100.222.0 - 220.100.229.255
  8192. header DIRECTBBEXCITE X-Spam-Relays-Untrusted =~ /^\[ ip=(219\.111\.(\d|[1-9]\d|1[01]\d|12[0-7])|220\.100\.22[2-9]|220\.156\.(9[6-9]|10[0-3]))\.\d{1,3} /
  8193. describe DIRECTBBEXCITE directly received spam from BB.excite
  8194. score DIRECTBBEXCITE 1.5
  8195.  
  8196. # 210.253.212.0 - 210.253.215.255
  8197. # 210.253.221.0 - 210.253.222.190
  8198. # header DIRECTITSCOM X-Spam-Relays-Untrusted =~ /^\[ ip=(?:210\.253\.(?:(?:21[2-5]|221)\.\d{1,3}|222\.(?:\d|[1-9]\d|1[0-8]\d|190))|\d{2,3}(?:\.\d{1,3}){3} rdns=(?:nttf\w+[0-9]\-[0-9]{3}|ote[a-z]{2}[0-9]{3})\.246\.ne\.jp) /
  8199. header DIRECTITSCOM X-Spam-Relays-Untrusted =~ /^\[ ip=(?:210\.253\.(?:(?:21[2-5]|221)\.\d{1,3}|222\.(?:\d|[1-9]\d|1[0-8]\d|190))|219\.110\.(?:[89]|\d\d|[12]\d\d)\.\d{1,3}|\d{2,3}(?:\.\d{1,3}){3} rdns=(?:nttf\w+[0-9]\-[0-9]{3}|ote[a-z]{2}[0-9]{3})\.246\.ne\.jp) /
  8200. describe DIRECTITSCOM directly received spam from its communications Inc.
  8201. score DIRECTITSCOM 1.5
  8202.  
  8203. header DIRECTSAINET_NET X-Spam-Relays-Untrusted =~ /^\[ ip=210\.236\.(?:3[2-9]|[45]\d|6[0-3])\.\d{1,3} /
  8204. describe DIRECTSAINET_NET directly received spam from SaiNet Corporation
  8205. score DIRECTSAINET_NET 1.5
  8206.  
  8207. # 211.132.16.0-211.132.31.255
  8208. # header DIRECTDORPHIN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:211\.132\.(1[6-9]|2\d|3[01])\.\d{1,3}|\d{2,3}(?:\.\d{1,3}){3} rdns=[a-z]{3}\d{2}-\d{4}\.din\.or\.jp) /
  8209. header DIRECTDORPHIN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:61\.122\.74|211\.132\.(?:1[6-9]|2\d|3[01]))\.\d{1,3}|\d{2,3}(?:\.\d{1,3}){3} rdns=[a-z]{3}\d{2}-\d{4}\.din\.or\.jp) /
  8210. describe DIRECTDORPHIN directly received spam from DOLPHIN INTERNATIONAL INC.
  8211. score DIRECTDORPHIN 1.5
  8212.  
  8213. header DIRECTWILLCOM X-Spam-Relays-Untrusted =~ /^\[ ip=\d{2,3}(?:\.\d{1,3}){3} rdns=P\d{12}\.ppp\.prin\.ne\.jp /
  8214. describe DIRECTWILLCOM directly received spam from WILLCOM
  8215. score DIRECTWILLCOM 1.5
  8216.  
  8217.  
  8218.  
  8219. # 203\.141\.(?:129\.(?!(4|34|38|45|58|68|83|98|110|122|143|161|176|201|209|220|225|231|244|252) )\d{1,3}|130\.(?!(15|30|35|36|60|66|69|121|122|123|124|125|126) )\d{1,3}|131\.(?!(0|1|2|3|4|5|6|7|58|180|194|195|196) )\d{1,3}|132\.(?!(8|24|41|55|59|64|98|100|101|130|139|160|170|193|196|217|229|238|241|249) )\d{1,3}|133\.(?!(4|13|16|33|34|41|43|55|73|74|75|168|199|208|232|234|242|248) )\d{1,3}|134\.(?!(6|33|41|55|67|72|80|88|91|103|105|114|127|133|145|150|171|172|178) )\d{1,3}|135\.(?!(20|21|98|99|100|101|102|113|114|115|116|117|118|119|120|121|122|123|124|125|126|210|212) )\d{1,3}|136\.(?!(\d|\d\d|1[01]\d|12[0-7]|160|193|219|225|230|235|242|244|247|250) )\d{1,3}|137\.(?!(5|40|42|44|60|90|99|109|114|116|132|133|146|185|191|198|201|202|204|211|219|242) )\d{1,3}|138\.(?!(10|31|43|45|50|51|57|69|72|91|94|100|148|171|187|200|211|216|220|221|228) )\d{1,3}|139\.(?!(31|34|56|77|101|117|122|126|129|131|150|156|157|165|178|182|183|185|187|193|197|207|227) )\d{1,3}|141\.(?!(\d|\d\d|1[01]\d|12[0-7]) )\d{1,3}|143\.(?:(4[89]|5\d|6[0-3]))|144\.(?!(17|30|36|41|44|47|52|54|63|66|68|79|88|103|107|115|127|150|169|179|180|189|195|203|218|224|225|230|232|235) )\d{1,3}|145\.(?!(82|84|146|248|249|250|251|252|253|254) )\d{1,3}|146\.(?!(8|11|88|102|128|138|139|140|150|186|187|190|191|197|198|208|238|246|250) )\d{1,3}|147\.(?!(19|24|30|65|66|67|68|69|122|124|125) )\d{1,3}|148\.(?!(1|2|5|18|25|57|58|59|60|61|62|96|97|98|99|100|101|102|103|186|187|188|189|199|200|212|219|229) )\d{1,3}|149\.(?!(18|20|36|106|107|113|114|115|116|117|118|134|137|153|194|212|226) )\d{1,3}|150\.(?!(58|59|130|131) )\d{1,3}|152\.(?!(16|17|33|34|44|46|50|58|64|66|72|74|114|118|120|121|125|132|136|175|198|199|202|210|230|243|246) )\d{1,3}|153\.(?!(1|2|3|4|5|6|33|34|35|36|37|38|65|66|67|68|106|169|170|171|172|173|174) )\d{1,3}|154\.(?!(3|143|186|188|210|249) )\d{1,3}|155\.(?!(6|18|23|34|46|57|83|85|133|156|162|178|193|202|212|219|245|252) )\d{1,3}|156\.(?!(23|49|74|79|122|143|152|197|217) )\d{1,3}|157\.(?!(27|80|82|119|124|142|154|163|205|213) )\d{1,3}|158\.(?!(2|5|16|17|22|28|39|47|48|56|65|84|92|97|98|108|118|119|128|149|163|168|183|199|200|208|210|214|216|219|225) )\d{1,3}|159\.(?!(18|20|49|50|51|52|53|54|122|155|158|170|182|191|193|200|205|212|215|219|240|252) )\d{1,3})
  8220.  
  8221. replace_tag INTERLINK_203_141 203\.141\.(?:129\.(?!(4|34|38|45|58|68|83|98|110|122|143|161|176|201|209|220|225|231|244|252) )\d{1,3}|130\.(?!(?:15|30|35|36|60|66|69|121|122|123|124|125|126) )\d{1,3}|131\.(?!(0|1|2|3|4|5|6|7|58|180|194|195|196) )\d{1,3}|132\.(?!(8|24|55|59|64|98|101|130|139|160|170|193|196|229|238|241|249) )\d{1,3}|133\.(?!(4|13|16|33|34|41|43|55|73|74|75|168|199|208|232|234|242|248) )\d{1,3}|134\.(?!(6|33|41|55|67|72|80|88|91|103|105|114|127|133|145|150|171|172|178) )\d{1,3}|135\.(?!(20|21|98|99|100|101|102|113|114|115|116|117|118|119|120|121|122|123|124|125|126|210|212|243) )\d{1,3}|136\.(?!(\d|\d\d|1[01]\d|12[0-7]|160|219|225|230|235|244|247|250) )\d{1,3}|137\.(?!(5|40|42|44|60|90|99|109|114|116|132|133|146|185|191|198|201|202|204|211|219|242) )\d{1,3}|138\.(?!(?:10|31|43|45|50|51|57|69|72|91|94|100|148|171|187|200|204|211|216|220|221|228) )\d{1,3}|139\.(?!(31|34|56|77|101|117|122|126|129|131|150|156|165|178|182|183|185|187|193|197|207|227|250) )\d{1,3}|141\.(?!(\d|\d\d|1[01]\d|12[0-7]) )\d{1,3}|143\.(?!(\d|[123789]\d|4[0-7]|6[4-9]|[12]\d\d) )\d{1,3}|144\.(?!(?:17|30|36|41|44|47|52|54|63|66|68|79|103|107|115|127|150|169|179|189|195|203|218|224|225|230|232) )\d{1,3}|145\.(?!(82|84|146|248|249|250|251|252|253|254) )\d{1,3}|146\.(?!(8|11|88|90|102|128|138|139|140|150|186|187|190|191|197|198|208|238|246|250) )\d{1,3}|147\.(?!(?:19|24|30|65|66|67|68|69|122|124|125) )\d{1,3}|148\.(?!(?:1|2|5|18|25|57|58|59|60|61|62|96|97|98|99|100|101|102|103|186|187|188|189|199|200|212|219|229) )\d{1,3}|149\.(?!(?:18|20|36|106|107|113|114|115|116|117|118|134|137|153|194|212|226) )\d{1,3}|150\.(?!(34|35|58|59|130|131|170) )\d{1,3}|152\.(?!(?:16|17|33|34|44|46|50|58|64|66|72|74|114|118|120|121|125|132|136|175|198|199|202|210|230|243|246) )\d{1,3}|153\.(?!(?:1|2|3|4|5|6|33|34|35|36|37|38|65|66|67|68|106|169|170|171|172|173|174) )\d{1,3}|154\.(?!(3|143|186|188|210|249) )\d{1,3}|155\.(?!(6|18|23|34|46|57|83|85|133|156|162|178|193|202|212|219|245|252) )\d{1,3}|156\.(?!(23|49|74|79|122|143|152|197|216|217) )\d{1,3}|157\.(?!(27|80|82|119|124|142|154|163|205|213) )\d{1,3}|158\.(?!(2|5|16|17|22|28|39|47|48|56|65|84|92|97|98|108|118|119|128|149|163|168|183|199|200|208|210|214|216|219|225) )\d{1,3}|159\.(?!(?:18|20|49|50|51|52|53|54|122|155|158|170|182|191|193|200|205|212|215|219|240|252) )\d{1,3})
  8222.  
  8223. replace_tag INTERLINK_203_143 203\.143\.(?:109\.(?!(69|9[789]|10[0124-9]|11[015-9]|120) )\d{1,3})
  8224.  
  8225. # 116\.58\.(170\.(?!(136) )\d{1,3}|172\.(?!(7) )\d{1,3}|178\.(?!(26|65|66|67|68|69|70) )\d{1,3})
  8226.  
  8227. # replace_tag INTERLINK_116_58 116\.58\.(?:167\.(?!(?:128|129|13\d|14[0-367]|150|186|193) )\d{1,3}|168\.(?!(2) )\d{1,3}|170\.(?!(?:136|144) )\d{1,3}|171\.(?!(203|204|241|242|243|244|249|250|251|252|253|254) )\d{1,3}|172\.(?!(7) )\d{1,3}|173\.(?!(5|37|170|171|172|173|174) )\d{1,3}|174\.(?!(?:130|210|241|242|243|244|245|246) )\d{1,3}|175\.(?!(?:195|196|197|225) )\d{1,3}|176\.(?!(?:10|117|126) )\d{1,3}|177\.(?!(?:190) )\d{1,3}|178\.(?!(26|65|66|67|68|69|70|113|114|193|194|195|196|197|198|206) )\d{1,3}|179\.(?!(?:19[2-9]|20[0-7]) )\d{1,3}|181\.(?!(210|211|213|236|238) )\d{1,3}|183\.(?!(?:145|154|155|179|18[0-3]|194|195|196|201|202|209|210|211|212|213|216|222) )\d{1,3}|184\.(?!(249|25\d) )\d{1,3}|185\.(?!(6[5-9|[789]\d|1[01]\d|12[0-7]|194|195|247|250|253|254) )\d{1,3}|186\.(?!(9[6-9]|1[01]\d|12[0-7]) )\d{1,3}|189\.(?!(?:145|146|147|148|158|161|163) )\d{1,3}|190\.(?!(?:129|130|131|132|134) )\d{1,3}|191\.(?!(?:14|3[2-9]|[45]\d|6[0-3]|13[012]) )\d{1,3})
  8228. replace_tag INTERLINK_116_58 116\.58\.(?:163\.115|167\.(?!(?:128|129|13\d|14[0-367]|150|186|193) )\d{1,3}|168\.(?!2 )\d{1,3}|170\.(?!(?:136|144) )\d{1,3}|171\.(?!(?:203|204|241|242|243|244|249|250|251|252|253|254) )\d{1,3}|172\.(?!7 )\d{1,3}|173\.(?!(?:5|37|170|171|172|173|174) )\d{1,3}|174\.(?!(?:130|210|241|242|243|244|245|246) )\d{1,3}|175\.(?!(?:195|196|197|225) )\d{1,3}|176\.(?!(?:10|117|126) )\d{1,3}|177\.(?!(?:190) )\d{1,3}|178\.(?!(?:26|65|66|67|68|69|70|113|114|193|194|195|196|197|198|206) )\d{1,3}|179\.(?!(?:19[2-9]|20[0-7]) )\d{1,3}|181\.(?!(?:210|211|213|236|238) )\d{1,3}|183\.(?!(?:145|154|155|179|18[0-3]|194|195|196|201|202|209|210|211|212|213|216|222) )\d{1,3}|184\.(?!(?:249|25\d) )\d{1,3}|185\.(?!(?:6[5-9|[789]\d|1[01]\d|12[0-7]|194|195|247|250|253|254) )\d{1,3}|186\.(?!(?:9[6-9]|1[01]\d|12[0-7]) )\d{1,3}|187\.(?!(?:3[6-9]|52|6[39]|70|10[02]|11[68]|14[89]|251) )\d{1,3}|189\.(?!(?:145|146|147|148|158|161|163) )\d{1,3}|190\.(?!(?:129|130|131|132|134) )\d{1,3}|191\.(?!(?:14|3[2-9]|[45]\d|6[0-3]|13[012]) )\d{1,3})
  8229.  
  8230. replace_tag INTERLINK_117_102 117\.102\.(?:178|19[2-9]|20\d|21[0-689]|22[012])\.\d{1,3}
  8231.  
  8232. replace_tag INTERLINK_203_152 203\.152\.(?:192\.(?!(?:16[0-7]|17[6-9]|1[89]\d|2[01]\d|22[0-3]|24[1-69]) )\d{1,3}|193\.(?!(6[4-7]|70|71|75|76|[89]\d|1[01]\d|12[0-7]|16[1-9]|17[0-4689]|188|190) )\d{1,3}|194\.(?!(90) )\d{1,3}|195\.(?!(\d|[1-5]\d|6[0-3]|16[26]|17[348]|18[78]|19[04-9]|2\d\d) )\d{1,3}|196\.(?!(?:17|54|1[3-8]\d|19[67]|209|21[0-3]|221) )\d{1,3}|197\.(?!(44|49|93|102|128|129|13\d|14[0-3]|19[4-79]|200|213|216) )\d{1,3}|198\.(?!(?:14|26|28|3[02-9]|[45]\d|6[0-3]|19[4-9]|2\d\d) )\d{1,3}|200\.(?!(5[789]|138|14[356]|19[3-9]|2[01]\d|22[012]) )\d{1,3}|201\.(?!(3|36|39|49|52|56|123|124|125) )\d{1,3}|202\.(?!(?:151|152) )\d{1,3}|203\.(?!(9|1[0-4]|2[678]|30|58|13[024]|169|17[0-4]|23[4-8]) )\d{1,3}|204\.(?!(24[1-9]|25[0-4]) )\d{1,3}|205\.(?!(?:10[5-9]|110|16[2349]|17[01]) )\d{1,3}|206\.(?!(99|107|120|121|123|126|147|149|153) )\d{1,3}|207\.(?!(?:130|16[1-9]|17[0-4]|18[5-9]|19[057]|202|210|222) )\d{1,3}|208\.(?!(22[5-9]|230) )\d{1,3}|210\.(?!(5|10|11|34|35|36|37|38|73|125|126) )\d{1,3}|211\.(?!([2-9]|[1-578]\d|6[0124-9]|9[0-5]|121|24[1-6]|25[012]) )\d{1,3}|212\.(?!(68|69|7\d|80|96|97|10[0-7]|11[3-8]|12[2-5]|1[678]\d|190|191|22[4-9]|23[0789]) )\d{1,3}|213\.(?!(7[3-8]|13[05]) )\d{1,3}|214\.(?!(2|13|26|30|6[678]|7[3-6]|252) )\d{1,3}|215\.(?!([1-9]|[12]\d|30|34|8[1-6]|10[5-9]|11[02-9]|12[0-7]|13[02-8]|15[89]|20[06]|23[46-9]|24[09]) )\d{1,3}|216\.(?!(3|8|32|46|6[5-9]|70|99|10[01]|13[0-5]|14[0-357]|150|16[89]|17[0-5]|20[89]|21\d|22[0-39]|230|24[23]) )\d{1,3}|217\.(?!(4[1-5]|17[6-9]|18\d|19[014-9]|20[0124-8]|22[127]|230|242|245|254) )\d{1,3}|218\.(?!(?:16|24|51|54|129|15[3-8]|19[5-9]|200|201|219|24[234]) )\d{1,3}|219\.(?!(?:11|2[789]|3[03-9]|4[0-6]|131|132|14[345]|19[3-9]|2[01]\d|220|23[34578]|24[23]) )\d{1,3}|220\.(?!(?:14|25|42|49|108|113|163|167|171|179|181|184|188|194|209|210) )\d{1,3}|221\.(?!(2|32|33|47|48|50|67|106|107|108|109|110|194|195|196|197|198|209|210|211|212|213|214) )\d{1,3}|222\.(?!([2-9]|1[0-4789]|2\d|30|5[789]|6[012]|81|90|13[0189]|140|141|1[678]\d|19[01]) )\d{1,3}|223\.(?!(5|29|36|49|55|193|195|208|209|21\d|22[0-3]) )\d{1,3})
  8233.  
  8234. # 202\.171\.(130\.(?!(3|11|16|48|63|92|93|100|103|104|106|120|129|130|131|132|133|134|135|136|137|138|139|140|141|142|143|144|145|146|147|148|149|150|151|152|153|154|155|156|157|158|161|162|163|164|165|166|170) )\d{1,3}|131\.(?!(195|196|197|198|234|235|242|243|250) )\d{1,3}|133\.(?!(28|41|42|62|76|95|101|192|193|194|195|196|197|198|199|200|201|202|203|204|205|206|207|228|229|230|231|235|236|237|248|250|252) )\d{1,3}|137\.(?!(?:36|47|64|65|66|67|68|69|70|71|74|161|162|163|164|165|166|209|210|211|212|213|214|216|217|218|219|220|222|241|242|243|244|245|246|247|248|249|250|251|252|253|254) )\d{1,3}|138\.(?!(33|34|35|36|37|38|42|43|44|45|46|132|144|169) )\d{1,3}|139\.(?!(9|18|29|130|131|132|134|135|136|139|140|142|143|144|145|146|147|148|149|150|151|152|154|155|156|157|209|210|211|212|213|214|232|236) )\d{1,3}|145\.(?!(118|119|136|141|181|185|186|187|188|189|190|227|228|229|232) )\d{1,3}|149\.(?!(210|211|212|218|219|220|221|222|233|234|235|236|237|238|242|243) )\d{1,3}|154\.(?!(16|34|74|75|76|77|114|116|118|121|162|186|187|211|212|213|214) )\d{1,3}|202\.171\.156\.(?!(30|34|48|51) )\d{1,3})
  8235.  
  8236. replace_tag INTERLINK_202_171 202\.171\.(?:128\.(?!(4|9|18|3[2-9]|[4-9]\d|1[01]\d|12[0-7]|162|20[89]|21\d|22[0-3]|24[2-9]|25\d) )\d{1,3}|129\.(?!(58|59|60|61|62) )\d{1,3}|130\.(?!(3|5|11|16|24|48|50|63|80|92|93|10[346]|12[09]|1[34]\d|15[0-8]|16[1-6]|170) )\d{1,3}|131\.(?!(?:195|196|197|198|234|235|242|243|250) )\d{1,3}|132\.(?!(?:13[189]|16[1-9]|17[0-47-9]|18\d|190|23[2-9]|24[1-9]|25\d) )\d{1,3}|133\.(?!(28|41|42|62|76|95|101|14[4-9]|15\d|19[2-9]|20\d|23[01567]|24[89]|25[02]) )\d{1,3}|134\.(?!(6[567]|70|1[3-8]\d|19[036-9]|200) )\d{1,3}|135\.(?!(25|26|27|12[2-6]|16\d|17[0-5]|190|202|248|249|25\d) )\d{1,3}|136\.(?!(6[6-9]|7[012]|13[0-4]|186|19[46-9]|20[0124-8]|21[0123568]|22[167]|23[02356]|25[12]) )\d{1,3}|137\.(?!(23|36|47|74|75|16[1-6]|21[1789]|220|24[1-9]|25\d) )\d{1,3}|138\.(?!(3[3-8]|4[2-6]|8\d|9[0-5]|132|144|169|21[01]|228|2[45]\d) )\d{1,3}|139\.(?!(9|21|29|30|96|97|98|99|1[01]\d|12[0-7]|13[0-69]|14[03-9]|15[124-7]|20[89]|21[0-5]) )\d{1,3}|140\.(?!(7|18|76|98|99|100|101|102|106|107|114|115|116|123|124|126|145|146|147|149|151|153|154|155|156|157|162|173) )\d{1,3}|141\.(?!(66|67|68|69|70|75|76|77|110|130|146|147|148|169|170|171|172|173|174|242|249|250|251|252|253|254) )\d{1,3}|142\.(?!(?:18|2[4-9]|3[0146]) )\d{1,3}|143\.(?!([1346]|18|97|98|99|1[013]\d|12[0-69]|14[012]|24[1-9]|25[04]) )\d{1,3}|144\.(?!(20|13[1-9]|14\d|15[0-8]|23[3-8]) )\d{1,3}|145\.(?!(?:118|119|136|141|18[15-9]|190|227|228|229|232) )\d{1,3}|146\.(?!(6[789]|[78]\d|9[0-4]|11[3-9]|12[0-6]|17[789]|18\d|190|22[689]|235|236|24[1-6]) )\d{1,3}|147\.(?!(?:1[27]|25|3[0128]|4[034]|53|60|90|129|13[0-4]|14[5-9]|15[0-8]) )\d{1,3}|148\.(?!(36|75|76|77|78|98|99|1[01]\d|12[0-6]|13[08]|16[1-6]|21[06]|221|225|238|24[1346-9]|25\d) )\d{1,3}|149\.(?!(?:128|129|13\d|14[0-3]|17[6-9]|18[0-3]|19[456]|21[0128]|220|222|23[3-8]|242|243) )\d{1,3}|150\.(?!(6[6-9]|70|71|72|87|88|89|9[0-4789]|10\d|110|131|249|250|251|253) )\d{1,3}|151\.(?!(22|9[6-9]|100|103|12[2-6]|138|139|14[015-9]|15[04-8]|178|179|18\d|19[03-9]|20[0-689]|220|221|222|23[4-7]|242|25[1-4]) )\d{1,3}|152\.(?!(?:117|118|120|212) )\d{1,3}|153\.(?!(?:113|114|116|117) )\d{1,3}|154\.(?!(2|16|34|74|75|76|77|114|116|118|121|162|186|187|211|212|213|214) )\d{1,3}|155\.(?!(3|24|50|121|122|123|124|125|126|135|136|137|139|140|141|142|143|145|146|147|148|149|151|162|163|164|165|166|170|171|220) )\d{1,3}|156\.(?!(30|34|48|51) )\d{1,3}|158\.(?!([12356]|10|11|29|5[0-4]|97|98|99|1[01345]\d|12[0-689]|208|209|21[0-5]) )\d{1,3}|159\.(?!(?:1[6-9]|2\d|30|31|7[2-9]|89|9[0-3]|19[3-9]|20[0-69]|210|211|214|253|254) )\d{1,3})
  8237.  
  8238.  
  8239. replace_tag INTERLINK_219_117 219\.117\.(?:192\.(?!(?:14|15|17|34|43|50|58|59|76|80|113|132|138|141|145|149|155|156|175|181|184|200|201|219|226|232|233|246) )\d{1,3}|193\.(?!(?:12|14|16|17|19|20|22|27|28|39|50|57|73|74|83|85|106|110|115|130|132|133|135|137|160|181|183|185|191|219|220|226|240|247) )\d{1,3}|194\.(?!(7|9|18|19|37|38|42|61|70|72|73|74|75|82|83|90|93|97|99|100|111|139|142|144|153|161|165|180|193|203|213|236|246|254) )\d{1,3}|195\.(?!(?:15|23|29|35|38|42|46|47|49|68|71|75|80|82|87|95|99|107|112|114|117|127|128|132|136|143|144|151|152|159|160|164|175|181|190|217|246) )\d{1,3}|196\.(?!(26|36|43|61|69|90|100|102|104|128|131|134|177|188|237|238) )\d{1,3}|197\.(?!(23|28|36|41|153|157|169|171|182|183|192|208|223|229|238|245|251) )\d{1,3}|198\.(?!(29|33|50|52|59|71|87|104|109|112|161|162|163|164|165|185|186|187|188|189|190|209|210|211|212|213|214) )\d{1,3}|199\.(?!(?:17|18|19|20|21|36|37|38|113|114|115|116|118|146|153|154|155|156|157|158|193|194|195|196|197) )\d{1,3}|200\.(?!(2|17|45|46|48|71|77|89|99|107|108|126|141|154|166|167|174|178|191|205|206|224|246|248|251) )\d{1,3}|201\.(?!(3|5|7|21|41|42|59|73|86|105|115|118|121|134|135|144|146|150|153|163|170|174|177|188|190|206|215|221|228|230|235|238|240|247|254) )\d{1,3}|202\.(?!(2|11|12|20|35|41|52|53|62|81|84|129|138|163|169|190|209|213|214|223|228|231|232|239) )\d{1,3}|203\.(?!(3|27|38|49|53|99|109|186|187|194) )\d{1,3}|204\.(?!(8|43|49|71|73|79|80|95|102|109|118|120|128|130|134|136|143|146|162|173|175|176|186|193|198|199|205|217|243|249|254) )\d{1,3}|205\.(?!(2|3|5|8|16|26|33|34|36|41|54|60|62|64|69|70|71|72|75|78|81|88|99|103|113|116|129|133|136|154|158|168|169|177|182|185|186|192|193|194|200|205|213|217|227|228|229|243|248) )\d{1,3}|206\.(?!(33|46|49|60|62|82|91|93|121|123|124|135|144|148|169|188|192|222) )\d{1,3}|207\.(?!(42|43|44|45|128|129|130|131|132|133|134|135|136|137|138|139|140|141|142|143|242|243|244|245|246|247) )\d{1,3}|208\.(?!(6|14|29|38|40|44|49|81|85|87|92|99|111|117|121|126|128|135|141|151|155|165|168|174|190|209|241) )\d{1,3}|209\.(?!(72|73|74|75|76|77|78|79|80|81|82|83|84|85|86|87|115|121|122|123|124|125|126|154|155|156|157|241|242|243|244|245|246|247) )\d{1,3}|210\.(?!(35|36|37|38|40|41|42|43|44|45|46|47|73|74|75|76|77|78|96|97|98|99|102|103|185|186|187|188|189|190|224|225|226|227|228|229|230|231|232|233|234|235|236|237|238|239|249|250|251|252|253|254) )\d{1,3}|211\.(?!(?:17|21|22|26|27|51|58|59|66|161|162|164|165|209|210|211|212|213|214|221|222) )\d{1,3}|212\.(?!(9|40|48|68|69|91|107|176|178|202|217|218) )\d{1,3}|213\.(?!(9|10|11|12|13|14|18|19|20|21|22|33|34|35|36|37|38|58|75|82|83|84|86|218|243) )\d{1,3}|214\.(?!(22|23|50|98|99|101|102|106|107|109|130|170|171|172|174) )\d{1,3}|215\.(?!(57|58|59|82|83|84|85|86|107|108|109|155|156) )\d{1,3}|216\.(?!(?:16|39|42|43|53|100|110|153|191|210|221|228|237|242|243|246) )\d{1,3}|217\.(?!(8|16|33|35|45|50|55|56|57|75|82|94|96|97|98|101|109|137|138|139|141|142|154|171|178|179|180|181|182|208|209|210|211|212|213|214|215|218) )\d{1,3}|218\.(?!(7|11|14|24|56|68|71|87|99|117|136|178|179|180|182|185|186|187|188|189|190) )\d{1,3}|219\.(?!(88|89|90|93|94|95|98|99|100|101|102|129|130|131|132|133|134|145|146|147|148|149|150|208|209|210|211|212|213|214|215|244|245) )\d{1,3}|220\.(?!(5|30|33|36|49|54|66|73|76|86|103|111|114|118|121|177|178|179|180|181|182|183|184|185|186|187|188|189|190|234|235|236) )\d{1,3}|221\.(?!(25|26|27|28|29|30|49|53|57|61|66|67|68|98|99|100|101|102|114|115|116|119|145|146|147|148|149|150|161|162|163|164|165|166|218|219|234|241|242|243|244|245|246) )\d{1,3}|222\.(?!(?:12|43|59|75|95|98|100|102|104|112|115|120|133|144|148|200|201|202|203|204|205|206|207|249|250) )\d{1,3}|223\.(?!(80|85|146|147|148|163|194|217|218|219|220|221|222) )\d{1,3}|224\.(?!(81|82|91|109|113|115|136|245) )\d{1,3}|225\.(?!(23|56|57|58|59|60|61|62|63|66|74|75|76|77|137|138|139|140|141|142|162|163|164|165|201|202|241|242|243|244|245|246) )\d{1,3}|226\.(?!(24|52|75|76|129|178|179|180|195|196|226|227|228|229|234|241|242|243|244|245|246) )\d{1,3}|227\.(?!(3|14|24|40|46|178|193|194|195|208|209|210|211|212|213|214|215|217|218|219|220|221|222|242|243|245) )\d{1,3}|228\.(?!(5|6|12|20|26|81|82|85|87|88|92|106|114|115|122|123|124|125|138|139|140|169|170|171|172|173|174|179|181|194|195) )\d{1,3}|229\.(?!(?:14|17|29|42|51|52|53|54|156|209|210|211|212|213|214|241|242|243|244|245|246|248|249|250|253) )\d{1,3}|230\.(?!(6|10|15|20|21|22|24|29|30|32|33|35|36|37|38|39|43|66|67|69|73|81|87|88|100|108|113|114|115|116|117|118|130|131|132|133|134|138|139|140|141|142|162|163|170|171|210|211|212|213|214|217|218|219|220|221|222|234|235|236|237|238) )\d{1,3}|231\.(?!(30|31|50|51|53|113|114|115|116|117|118|192|193|194|195|196|197|198|199|200|201|202|203|204|205|206|207|225|226|227|228|229|230|243|245|250) )\d{1,3}|232\.(?!(3|32|47|55|60|81|85|98|99|107|108|109|110|115|121|122|123|145|146|147|148|149|150|153|154|155|162|196|197|198|199|217|218) )\d{1,3}|233\.(?!(?:18|46|47|66|67|68|69|70|72|73|89|90|91|92|93|94|99|100|101|107|208|209|210|211|212|213|214|215|216|217|218|219|220|221|222|223|233|234|235|236|237|238) )\d{1,3}|234\.(?!(2|5|7|8|10|14|29|42|59|67|82|84|121|160|161|162|163|164|165|166|167|186) )\d{1,3}|235\.(?!(?:16|24|25|32|35|40|50|51|160|161|162|163|164|165|166|167|184|185|186|187|188|189|190|191|210|211|213) )\d{1,3}|236\.(?!(5|13|15|33|39|40|57|59|82|83|84|85|86|97|98|99|100|101|102|103|104|105|106|107|108|109|110|115|128|130|131|132|178|179|218|219|220|221|222|249|250|251|252|253|254) )\d{1,3}|237\.(?!(22|49|50|51|52|53|54|68|69|70|71|72|73|74|75|76|77|78|106|130|131|132|133|134|169|170|171|172|173|174|226|227|228|229|230) )\d{1,3}|238\.(?!(?:10|20|30|48|193|194|195|196|201|202|203|204|205|206) )\d{1,3}|239\.(?!(35|60|80|81|82|83|84|85|86|87|89|90|91|92|99|103|104|193|194|241|242|243|244|245|246) )\d{1,3}|240\.(?!(5|6|13|15|34|89|90|91|92|93|94|97|98|99|100|101|102|107|108|123|124|233|234|235|236|239) )\d{1,3}|241\.(?!(?:12|21|24|26|66|97|106|241|242|243|244|245|246) )\d{1,3}|242\.(?!(2|11|40|44|98|99|129|130|131|132|133|134|135|136|137|138|139|140|141|142|147|148|149|192|193|194|195|196|197|198|199|234|235|243) )\d{1,3}|243\.(?!(3|20|23|89|90|91|92|93|94|108|109|110|178|179|180|181|182|210|211|234|235|236|237) )\d{1,3}|244\.(?!(?:18|28|30|33|34|40|43|45|55|56|57|60|61|62|97|98|99|100|101|102|105|106|107|108|110|193|194|195|196|197|198|210|211|212) )\d{1,3}|245\.(?!(2|5|9|25|26|38|51|53|57|98|130|132|170|171|172|173|177|178|179|180|181|182|192|193|194|195|196|197|198|199|200|201|202|203|204|205|206|207|226|254) )\d{1,3}|246\.(?!(25|49|50|51|52|53|54|98|105|106|108|109|110|121|122|123|124|125|126|193|194|195|196|197|198|199|200|201|202|203|204|205|206|207|208|209|210|211|212|213|214|215|224|226|227|228|229|230|231|232|233|234|235|236|237|238|239|240|241|242|243|244|245|246|247|248|249|250|251|252|253|254|255) )\d{1,3}|247\.(?!(?:12|24|35|37|46|78|81|82|83|84|85|86|87|88|89|90|91|92|93|94|98|101|130|131|132|133|134|135|136|137|139|142|178|182|241|242|243|244|245|246) )\d{1,3}|248\.(?!(41|42|43|44|58|59|60|61|62|66|67|68|69|73|74|75|76|77|78|106|110|114|116|188|217|218|220|221|222|249|251|252) )\d{1,3}|249\.(?!(41|42|43|44|45|46|58|59|60|81|82|83|84|85|86|89|90|91|92|93|94|98|146|147|153|154|155|156|158|226|227|228) )\d{1,3}|250\.(?!(?:18|19|20|21|22|23|24|25|26|27|28|29|30|147|150|213|249|250|251|252|253|254) )\d{1,3}|251\.(?!(4|30|114|115|116|117|118|119|120|121|122|123|124|125|126|131|140|163|164|202|203|204|205|214) )\d{1,3}|252\.(?!(?:11|16|19|23|25|29|66|67|81|82|83|84|85|86|88|89|90|92|93|94|133|142|144|145|161|162|163|164|165|166|167|168|169|170|171|172|173|174|211|212|226|227|228|229|230) )\d{1,3}|253\.(?!(4|66|67|88|89|90|91|92|93|94|95|140|146|150|194|195|196|197|198|228|230|242|243|244|246|250|251|252|253|254) )\d{1,3}|254\.(?!(?:11|39|67|80|81|82|83|84|85|86|87|88|89|90|91|92|93|94|95|130|152|235) )\d{1,3}|255\.(?!(?:11|21|41|42|43|44|45|46|69|77|81|85|86|87|88|94|97|98|99|100|101|102|103|104|105|106|107|108|109|142|180|181|210|211|212|213|214|215|216|217|218|219|220|221) )\d{1,3})
  8240.  
  8241.  
  8242.  
  8243. # 61\.206\.(?:118\.(?!(27|40|42|43|63|81|89|103|105|122|132|133|137|140|171|172|185|224|234|236|241|243|244) )\d{1,3}|120\.(?!(?:13|16|30|49|55|74|86|94|116|119|135|136|142|148|165|171|180|222|239|246) )\d{1,3}|121\.(?!(?:1|21|26|28|32|37|39|41|49|53|58|59|114|177|178|179|180|181|182|209|210|211|212|213|214|215|216|217|218|219|220|221|222) )\d{1,3})
  8244. replace_tag INTERLINK_61_206 61\.206\.(?:112\.(?!(31|32|47|76|96|98|208|215) )\d{1,3}|113\.(?!(9|16|30|38|40|47|55|60|93|107|108|187|193|197|206|211|216|226|244) )\d{1,3}|114\.(?!(7|13|43|54|66|77|79|86|91|101|113|120|124|127|147|157|174|186|191|222|228) )\d{1,3}|115\.(?!([3568]|12|14|59|6[5-9]|70|83|105|106|128|129|13[0-589]|14[25-9]|150|155|163|169|17[0-4]|187|21[789]|220|23[4-8]) )\d{1,3}|116\.(?!(6|20|48|57|71|82|85|91|98|117|124) )\d{1,3}|117\.(?!(?:10|11|33|34|35|36|37|38|42|43|44|82|85|219|224|225|226|227|228|229|230|231) )\d{1,3}|118\.(?!(27|40|42|54|63|81|89|93|103|105|114|122|132|133|137|140|171|172|185|202|218|224|234|236|241|244) )\d{1,3}|119\.(?!(2|19|31|65|71|80|87|94|120|126|143|149|150|157|165|170|172|174|183|188|190|213|216|218|223) )\d{1,3}|120\.(?!(?:13|16|30|48|49|55|73|74|75|86|94|114|116|119|135|136|142|148|165|171|180|186|222|239|246|250) )\d{1,3}|121\.(?!(?:1|21|26|28|32|37|39|41|44|49|53|58|59|101|104|114|121|156|157|209|210|211|212|213|214|215|216|217|218|219|220|221|222) )\d{1,3}|123\.155)
  8245.  
  8246. replace_tag INTERLINK_210_48 210\.48\.(224\.(?!(?:19[3-9]|2[0-4]\d|25[012]) )\d{1,3}|22[57]\.\d{1,3}|226\.(?!(?:19[2-9]|2\d\d) )\d{1,3}|228\.(?!(?:19[3-9]|2[0-4]\d|25[012]) )\d{1,3}|229\.(?!(88|89|9[0-5]|22[5-8]|230|234|235) )\d{1,3}|230\.(?!(30|4[1-6]) )\d{1,3}|231\.(?!(90|91|92|14[5-9]|15[0-7]|177|180|182) )\d{1,3}|232\.(?!(42|80|81|82|83|84|85|86|87|90|19[2-9]|2[01]\d|22[0-36-9]|230|231) )\d{1,3}|233\.(?!(88|89|9\d|1[01]\d|12[0-7]|192|193|194|196|22[4-9]|2[345]\d|) )\d{1,3}|234\.\d{1,3}|235\.(?!(57|58|59|60|61|62|97|98|165|208|209|2[123]\d|249|250|254) )\d{1,3}|236\.(?!(89|90|91|92|94|211|22[014-9]|2[345]\d) )\d{1,3}|237\.(?!(?:16[0-5]|173|174|175) )\d{1,3}|238\.(?!(?:17|18|19|2[01246-9]|30|31) )\d{1,3}|239\.(?!(99|129|1[3-9]\d|2[0-3]\d|24[0-8]) )\d{1,3}|240\.(?!(?:1[678]\d|190|191) )\d{1,3}|243\.(?!(24[0-7]) )\d{1,3}|244\.(?!(?:128|129|1[345]\d) )\d{1,3}|24[125-8]\.\d{1,3}|249\.(?!(\d[1-5]\d|6[0-3]) )\d{1,3}|25[0-4]\.\d{1,3}|255\.(?!(\d[12]\d|3[0125-9|4[0158]|5[5-8]) )\d{1,3})
  8247.  
  8248. replace_tag INTERLINK_120_143 120\.143\.(?:12\.32|(?:19|26)\.\d{1,3}|(?:25|40)\.(?:1[3-9]\d|2\d\d)|5\.(?:\d|[1-4]\d))
  8249.  
  8250. replace_tag INTERLINK_122_202 122\.202\.(?:(?:1[69]|2[03])\.\d{1,3}|17\.(?!(\d|1[0-3]) )\d{1,3}|18\.(?!(148|17[89]|19[235-9]|20[0-7]) )\d{1,3}|21\.(?!(?:19|2[012]|10[01]) )\d{1,3}|22\.(?!(209|21[0-49]|22[012]) )\d{1,3})
  8251.  
  8252. replace_tag INTERLINK_123_50 123\.50\.(?:(?:19[289]|21[12359]|22[03])\.\d{1,3}|193\.(?!(2|3|4|6|8|9|1[02-79]|20) )\d{1,3}|194\.(?!(9[01489]|10\d|110) )\d{1,3}|195\.(?!(?:1[0189]|20|97|99|10[012]) )\d{1,3}|196\.(?!(\d|\d\d|1[01]\d|12[0-7]|18[01]|209|21[0-4]) )\d{1,3}|197\.(?!(?:13[01]) )\d{1,3}|200\.(?!(8\d|9[0-5]|162) )\d{1,3}|201\.(?!(3[345]) )\d{1,3}|202\.(?!(8|9|1[0-5]|3[46-9|4[05-9]|5[013458]|61|1[678]\d|19[01]|22[4-9]|23[01]) )\d{1,3}|203\.(?!(?:1|2|3|6) )\d{1,3}|204\.(?!(?:12[89]|13[0-7]|1[5-9]\d|2\d\d) )\d{1,3}|205\.(?!(21[89]|22[012]) )\d{1,3}|206\.(?!(?:1[3-9]\d|2\d\d) )\d{1,3}|207\.(?!(?:11[3458]|1[3-9]\d|2\d\d) )\d{1,3}|208\.(?!([2-9]|\d\d|1[01]\d|12[0-6]) )\d{1,3}|209\.(?!(?:1[3-9]\d|2\d\d) )\d{1,3}|210\.(?!(41|50|6[4-9]|7\d) )\d{1,3}|214\.(?!(\d|\d\d|1[01]\d|12[0-7]) )\d{1,3}|216\.(?!(?:1[3-9]\d|2\d\d) )\d{1,3}|217\.(?!(\d|\d\d|1[01]\d|12[0-7]|20[0-79]|226|23[067]) )\d{1,3}|218\.(?!([2-9]|\d\d|1[01]\d|12[0-6]|1[3-9]\d|2\d\d) )\d{1,3}|221\.(?!(?:129|13[035]|14[3-6]|15[89]|16[0-49]|200|25[34]) )\d{1,3}|222\.(?!(5[0-39]|60|61|75|76|90|91|162|164|17[078]) )\d{1,3})
  8253.  
  8254. replace_tag INTERLINK_202_61 202\.61\.(?:16\.(?!([2-5]|34|50|7[456]|99|12[46]|23[4-7]) )\d{1,3}|17\.(?!(?:18|19|20|21|49|5[0-4]|7[2-9]|82|86|98|99|132) )\d{1,3}|18\.(?!(?:16[2-6]) )\d{1,3}|19\.(?!(6[4-9]|7\d|10[4-9]|11[01]|129|13[0-4]|17[12]|194|20[1235]|22[5-9]|23[0-8]|24[1-4]) )\d{1,3}|20\.(?!(\d|1[0-5]|13[01]|17[0234]|18[67]|21[89]) )\d{1,3}|21\.(?!(?:19[3-7]|214) )\d{1,3}|22\.(?!([124568]|1[014789]|2[02]|9[6-9]|10\d|11[01]|12[239]|13[0189]|140|15[3467]|24[89]|25\d) )\d{1,3}|23\.(?!(5[0-4]|6[69]|7[345]|186) )\d{1,3}|24\.(?!(3[234]|4[67]|8[456]|9[01]|14[679]|17[6-9]|18\d|19[01]|21[89]|220) )\d{1,3}|25\.(?!(2|8[125]|18[0167]|254) )\d{1,3}|26\.(?!(7[67]|9[789]|10\d|110|14[56]|17[89|18[012]) )\d{1,3}|27\.(?!(?:1[0189]|2[04-9]|3[01]|114|12[1-6]|13[01]|14[5-9]|15[0-8]|16[246]|24[1236]) )\d{1,3}|28\.(?!(?:1[046-9]|2\d|3[01]|8[56]|125|17[6-9]|18[0-367]|19[4568]|24[0-7]) )\d{1,3}|29\.(?!(7[2-9]|134|155) )\d{1,3}|30\.(?!(?:18|19|22|4[2356]|17[1289]|18[012]|23[2-9]) )\d{1,3}|31\.(?!(?:1[03]|3[456]|4[345]|5[89]|6[68]|75|12[123]|14[4-9]|15[0145]|17[0128]|215|234) )\d{1,3})
  8255.  
  8256. # |\d{2,3}(\.\d{1,3}){3}\.static\.zoot\.jp
  8257.  
  8258. # header DIRECTINTERLINK X-Spam-Relays-Untrusted =~ /^\[ ip=((?:<INTERLINK_203_141>|<INTERLINK_116_58>|<INTERLINK_203_152>|<INTERLINK_202_61>|<INTERLINK_202_171>|<INTERLINK_210_48>|<INTERLINK_219_117>|<INTERLINK_61_206>)|<INTERLINK_123_50>|\d{2,3}(?:\.\d{1,3}){3} rdns=(\d{2,3}(\.\d{1,3}){3}\.user(\.\w{2}){0,1}\.il24\.net)) /
  8259. header DIRECTINTERLINK X-Spam-Relays-Untrusted =~ /^\[ ip=((?:<INTERLINK_203_141>|<INTERLINK_203_143>|<INTERLINK_116_58>|<INTERLINK_117_102>|<INTERLINK_203_152>|<INTERLINK_202_61>|<INTERLINK_202_171>|<INTERLINK_210_48>|<INTERLINK_219_117>|<INTERLINK_61_206>|<INTERLINK_120_143>|<INTERLINK_122_202>|<INTERLINK_123_50>)|\d{2,3}(?:\.\d{1,3}){3} rdns=(?:\d{2,3}(?:\.\d{1,3}){3}\.user(?:\.\w{2}){0,1}\.il24\.net|[^\[\]]+ helo=smtp1\.relaygogo\.info)) /
  8260. describe DIRECTINTERLINK directly received spam from INTERLINK
  8261. score DIRECTINTERLINK 1.5
  8262.  
  8263. header DIRECTLINKCLUB X-Spam-Relays-Untrusted =~ /^\[ ip=\d{2,3}(?:\.\d{1,3}){3} rdns=ad-\d{4}\.\w+\.ip-link\.ne\.jp /
  8264. describe DIRECTLINKCLUB directly received spam from LINKCLUB
  8265. score DIRECTLINKCLUB 1.5
  8266.  
  8267. # 222.150.0.0 - 222.150.255.255
  8268. # 220.99.128.0 - 220.99.255.255
  8269. # 60.34.0.0 - 60.35.255.255
  8270. # 60.36.0.0 - 63.36.167.255
  8271. # 60.36.192.0 - 60.36.255.255
  8272. # 60.41.0.0 - 60.42.255.255
  8273. # 60.43.0.0 - 60.43.62.255
  8274. # ??? 60.43.63.0 - 60.43.63.255
  8275. # 60.43.64.0 - 60.43.127.255
  8276. # 60.46.128.0 - 60.46.255.255
  8277. # 60.47.0.0 - 60.47.255.255
  8278. header DIRECTPLALA X-Spam-Relays-Untrusted =~ /^\[ ip=((219\.119\.137|220\.99\.(?:12[89]|1[3-9]\d|2\d\d))\.\d{1,3}|222\.150(?:\.\d{1,3}){2}) /
  8279. describe DIRECTPLALA directly received spam from Plala Networks Inc.
  8280. score DIRECTPLALA 1.5
  8281.  
  8282. # 222.225.0.0 - 222.225.255.255
  8283. # 210.189.129.0 - 210.189.130.255
  8284. # 210.189.130.128-210.189.130.255
  8285. header DIRECTPOWEREDCOM X-Spam-Relays-Untrusted =~ /^\[ ip=(?:210\.189\.130\.(?:12[89]|1[3-9]\d|2\d\d)|222\.225(?:\.\d{1,3}){2}|\d{2,3}(?:\.\d{1,3}){3} rdns=[a-z]{2}\d{1,3}\.opt2\.point\.ne\.jp) /
  8286. describe DIRECTPOWEREDCOM directly received spam from TEPCO-HIKARI(DREAM TRAIN INTERNET,Inc.)
  8287. score DIRECTPOWEREDCOM 1.5
  8288.  
  8289. # 202.69.224.0 - 202.69.239.255
  8290. # 124.40.0.0 - 124.40.63.255
  8291. # 8\.(12|32|41|6[78]|7[13]|81|1(3[24-9]|4[15]|50|6[27]|75|8[067])|2(0[0-49]|1[34]|2[0139]|3[24]|4[789]|50))
  8292. # NTT PC Communications
  8293. header DIRECTARCSTAR X-Spam-Relays-Untrusted =~ /^\[ ip=(?:27\.50\.112\.216|60\.32\.212\.20[0-7]|101\.110\.193\.29|111\.68\.240\.74|114\.160\.52\.(?:8\d|9[0-5])|118\.21\.(?:19[89]|2[01]\d|22[0-8])\.\d{1,3}|202\.229\.75\.1(?:0[4-9]|1[01])|202\.239\.126\.\d{1,3}|203\.138\.178\.235|221\.186\.177\.(?:8\d|9[0-5])|[^\[\]]+ helo=\w+\d{3,4}\.trialserver\.jp) /
  8294. describe DIRECTARCSTAR directly received spam from ARCSTAR (NTT COMMUNICATIONS CORPORATION)
  8295. score DIRECTARCSTAR 1.5
  8296.  
  8297. # 210.172.128.0-210.172.191.255
  8298. header DIRECTINTERQ X-Spam-Relays-Untrusted =~ /^\[ ip=(?:157\.7\.44\.\d{1,3}|210\.157\.5\.234|210\.172\.(?:160.120|165.149|177.87)|211\.125\.90\.130|\d{2,3}(?:\.\d{1,3}){3} rdns=(?:\w+\.298\.jp|pharma-network\.com)) /
  8299. describe DIRECTINTERQ directly received spam from Global Media Online inc.
  8300. score DIRECTINTERQ 1.5
  8301.  
  8302. # 218.45.64.0-218.45.95.255
  8303. # header DIRECTEACCESS X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:218\.45\.(?!(?:78|87)\.)(?:6[4-9]|[78]\d|9[0-5])|218\.185\.166)\.\d{1,3}|\d{2,3}(?:\.\d{1,3}){3} rdns=218\.45\.(?!(?:78|87)\.)(?:6[4-9]|[78]\d|9[0-5])\.\d{1,3}\.eo\.eaccess\.ne\.jp) /
  8304. header DIRECTEACCESS X-Spam-Relays-Untrusted =~ /^\[ ip=(?:123\.230(?:\.\d{1,3}){2}|(?:218\.45\.(?!(?:78|87)\.)(?:6[4-9]|[78]\d|9[0-5])|218\.185\.166)\.\d{1,3}|\d{2,3}(?:\.\d{1,3}){3} rdns=218\.45\.(?!(?:78|87)\.)(?:6[4-9]|[78]\d|9[0-5])\.\d{1,3}\.eo\.eaccess\.ne\.jp) /
  8305. describe DIRECTEACCESS directly received spam from eAccess Co.,Ltd.
  8306. score DIRECTEACCESS 1.5
  8307.  
  8308. # 211.9.208.0-211.9.223.255
  8309. header DIRECTCPI X-Spam-Relays-Untrusted =~ /^\[ ip=(?:115\.146\.(\d|[1-5]\d|6[0-3])\.\d{1,3}|122\.200\.(?:19[2-9]|2\d\d)\.\d{1,3}|211\.9\.(2(08|09|10|15|16)\.(?:11|133)|211\.(9|11|133)|21[2345789]\.11|215\.195|220\.(7|75|83|91|99|107|131|147|155\163|171|179|187|195|227|243)|221\.(?:11|19|27|99|107|115|147|179)|222\.(?:133|197|221|229)|223\.130)) /
  8310. describe DIRECTCPI directly received spam from CPI Incorporation
  8311. score DIRECTCPI 1.5
  8312.  
  8313. header DIRECTPROX X-Spam-Relays-Untrusted =~ /^\[ ip=(?:210\.143\.9[6-9]\.\d{1,3}|210\.166\.(?:215\.63|217\.167|221\.158)) /
  8314. describe DIRECTPROX directly received spam from PROX SYSTEM DESIGN
  8315. score DIRECTPROX 1.5
  8316.  
  8317. # 202.51.8.0 - 202.51.15.255
  8318. header DIRECTCLARA X-Spam-Relays-Untrusted =~ /^\[ ip=(?:119\.18\.221\.131|202\.(?:45\.(?:161\.192|165\.128)|51\.10\.130)|\d{2,3}(?:\.\d{1,3}){3} rdns=(?:www\.air[wW]ork\.jp|ms\.savaway\.jp)) /
  8319. describe DIRECTCLARA directly received spam from Clara Online, Inc.
  8320. score DIRECTCLARA 1.5
  8321.  
  8322. # 203.82.128.0 - 203.82.159.255
  8323. header DIRECTSAVVIS X-Spam-Relays-Untrusted =~ /^\[ ip=(?:203\.82\.141\.105|\d{2,3}(?:\.\d{1,3}){3} rdns=mail05\.jp\.betrend\.com) /
  8324. describe DIRECTSAVVIS SAVVIS Communications
  8325. score DIRECTSAVVIS 1.5
  8326.  
  8327. header DIRECTATTGNS X-Spam-Relays-Untrusted =~ /^\[ ip=(?:210\.(?:88\.(?:[4-9]|1[0125]|3[2-9]|4[0-35]|6[6-9]|14[89]|1[567]\d|18[4-7]|218|22[0256]|23[6-9]|24[0235-9]|25\d)|89\.1(?:0[014-9]|1[036]))\.\d{1,3}|\d{2,3}(?:\.\d{1,3}){3} rdns=slip(?:-\d{1,3}){4}\.to\.jp\.prserv\.net) /
  8328. describe DIRECTATTGNS directly received spam from AT&T GNS
  8329. score DIRECTATTGNS 1.5
  8330.  
  8331.  
  8332. # 61.14.128.0 - 61.14.191.255
  8333. # 125.252.64.0 - 125.252.127.255
  8334. # 122.152.128.0 - 122.152.191.255
  8335. header DIRECTASIANETCOM X-Spam-Relays-Untrusted =~ /^\[ ip=(?:202\.147\.63\.184|(?:61\.14\.1(?:2[89]|[3-8]\d|9[01])|122\.152\.1(?:2[89]|[3-8]\d|9[01])|125\.252\.(?:6[4-9]|[7-9]\d|1[01]\d|12[0-7]))\.\d{1,3}|\d{2,3}(?:\.\d{1,3}){3} rdns=ip(?:-\d{1,3}){4}\.asianetcom\.net) /
  8336. describe DIRECTASIANETCOM directly received spam from Asia Netcom Corporation
  8337. score DIRECTASIANETCOM 1.5
  8338.  
  8339.  
  8340. header DIRECTSYSTEMDESIGN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:210\.252\.63\.133|\d{2,3}(?:\.\d{1,3}){3} rdns=www\.otegami\.com) /
  8341. describe DIRECTSYSTEMDESIGN directly received spam from SYSTEMDESIGN
  8342. score DIRECTSYSTEMDESIGN 1.5
  8343.  
  8344. # 211\.19\.100\.5[346]
  8345. # 237\.(39|114|208)|238\.127
  8346. # 211\.19\.100\.(6|1[2348]|38|[4-9]\d)
  8347. # header DIRECTWAKWAK X-Spam-Relays-Untrusted =~ /^\[ ip=(?:61\.45\.(?:36\.2\d\d|3[79]\.\d{1,3})|61\.115\.(?:72\.(?:57|195|2\d\d)|74\.\d{1,3}|112\.\d{1,3}|114\.\d{1,3}|1(?:1[35-9]|2[345])\.\d{1,3})|61\.205\.(?:22[67]|23[23678])\.\d{1,3}|211\.19\.10[01]\.\d{1,3}|219\.103\.(?:210\.(?:84|135|18[234]|2(?:37|4[07]))|211\.11)) /
  8348. header DIRECTWAKWAK X-Spam-Relays-Untrusted =~ /^\[ ip=(?:61\.45\.(?:36\.2\d\d|3[79]\.\d{1,3})|61\.115\.(?:72\.(?:57|195|2\d\d)|74\.\d{1,3}|112\.\d{1,3}|114\.\d{1,3}|1(?:1[35-9]|2[345])\.\d{1,3})|61\.125\.31\.(?:6[4-9]|7[01])|61\.205\.(?:22[67]|23[23678])\.\d{1,3}|211\.19\.10[01]\.\d{1,3}|219\.103\.(?:210\.(?:84|135|18[234]|2(?:37|4[07]))|211\.11)) /
  8349. describe DIRECTWAKWAK directly received spam from XePhion(NTT-ME Corporation)
  8350. score DIRECTWAKWAK 1.5
  8351.  
  8352. header DIRECTMEDIAWARS X-Spam-Relays-Untrusted =~ /^\[ ip=210\.233\.74\.16[46] /
  8353. describe DIRECTMEDIAWARS directly received spam from MEDIAWARS
  8354. score DIRECTMEDIAWARS 1.5
  8355.  
  8356. header DIRECTBITDRIVE X-Spam-Relays-Untrusted =~ /^\[ ip=(202\.94\.(?:129\.36|153\.(85,197))|210\.175\.240\.81|211\.9\.45\.148|218\.42\.156\.1(?:7[6-9]|8\d|9[01])|219\.118\.172\.16[0-7]) /
  8357. describe DIRECTBITDRIVE directly received spam from BIT-DRIVE(Sony Corporation)
  8358. score DIRECTBITDRIVE 1.5
  8359.  
  8360. header DIRECTXREA X-Spam-Relays-Untrusted =~ /^\[ ip=(?:125\.53\.(?:24\.140|25\.(\d|[1-5]\d|6[0-3]))|210\.196\.169\.(?:19[2-9]|2[01]\d|22[0-3])|219\.101\.229\.15\d) /
  8361. describe DIRECTXREA directly received spam from XREA(DIGIROCK,INC.)
  8362. score DIRECTXREA 1.5
  8363.  
  8364. header DIRECTMEDEXCG X-Spam-Relays-Untrusted =~ /^\[ ip=(?:210\.166\.235\.(?:1[0-24-9]|[23]\d|4[013]|5[4-7]|61|7[6-9]|8[01])|211\.13\.(?:204\.65|217\.133|221\.\d{1,3})) /
  8365. describe DIRECTMEDEXCG directly received spam from Media Exchange Co., Inc.
  8366. score DIRECTMEDEXCG 1.5
  8367.  
  8368. # [^\[\]]+ \] \[ ip=219\.106\.190\.102 /
  8369. header DIRECTADVANSCOPE X-Spam-Relays-Untrusted =~ /^\[ ip=61\.121\.224\.\d{1,3} /
  8370. describe DIRECTADVANSCOPE directly received spam from advanscope.inc
  8371. score DIRECTADVANSCOPE 1.5
  8372.  
  8373. header DIRECTDIGIROCK X-Spam-Relays-Untrusted =~ /^\[ ip=(?:202\.172\.(?:2[4-9]|3[01])\.\d{1,3}|219\.163\.200\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])) /
  8374. describe DIRECTDIGIROCK directly received spam from DigiRock, Inc.
  8375. score DIRECTDIGIROCK 1.5
  8376.  
  8377. header __CORESERVER X-Spam-Relays-Untrusted =~ /^\[ ip=\d{2,3}(?:\.\d{1,3}){3} rdns=[^ \[\]]+ helo=\w+\.coreserver\.jp /
  8378.  
  8379. meta DIGI_CORE DIRECTDIGIROCK && __CORESERVER
  8380. score DIGI_CORE 3.5
  8381.  
  8382.  
  8383. header DIRECTCOMMUFA X-Spam-Relays-Untrusted =~ /^\[ ip=(?:14\.192\.(?:(?:3[257]|4[035])\.\d{1,3}|47\.(?:\d|[12]\d|3[01]))|210\.173\.156\.223) /
  8384. describe DIRECTCOMMUFA directly received spam from Chubu Telecommunications Co.,Inc Sakae 2-2-5, Naka-ku, Nagoya-shi,460-0008 Japan
  8385. score DIRECTCOMMUFA 1.5
  8386.  
  8387. header DIRECTEMOBILE X-Spam-Relays-Untrusted =~ /^\[ ip=(60\.254\.(?!(?:193\.2(09|21|22)|209\.174) )(?:19[2-9]|2\d\d)|114\.(4[89]|5[01])\.\d{1,3}|117\.55\.(?!1\.88 )(\d|\d\d|1[01]\d|12[0-7])|119\.72\.\d{1,3})\.\d{1,3} /
  8388. describe DIRECTEMOBILE directly received spam from eMobile Ltd.
  8389. score DIRECTEMOBILE 1.5
  8390.  
  8391. # 106\.187\.(?:37\.30|47\.104|49\.141)|
  8392. # LINODE
  8393. # 121.104.0.0 - 121.111.255.255
  8394. header DIRECTKDDI X-Spam-Relays-Untrusted =~ /^\[ ip=(?:106\.187\.(?:37\.(?!(?:[79]|15|36|4[249]|5[29]|65|76|8[35]|99|10[04569]|11[18]|128|133|140|15[08]|164|209|212|23[24]|24[14]) )\d{1,3}|42\.241|47\.(?!(?:1[19]|2[249]|3[012]|4[268]|54|61|7[17]|8[36]|94|108|112|126|13[389]|142|169|170|189|215|22[125679]|23[37]|252) )\d{1,3}|49\.(?!(?:12|23|43|53|74|99|100|11[078]|128|16[389]|17[17]|18[2458]|19[4589]|20[57]|211) )\d{1,3}|88\.(?!(?:5|1[24]|2[17]|50|63|73|9[17]|114|12[69]|134|15[127]|16[13]|17[1589]|18[2357]|19[25]|236|24[25]|253) )\d{1,3}|96\.87|100\.45)|121\.111\.245\.(?:\d|[1-5]\d|6[0-3])|122\.200\.224\.163|119\.27\.60\.212|124\.109\.144\.1(?:3[3-9]|4[1-589]|5[234679]|6[16])|(?:211\.10\.13[12]|218\.225\.82)\.\d{1,3}) /
  8395. describe DIRECTKDDI directly received spam from KDDI CORPORATION
  8396. score DIRECTKDDI 1.5
  8397.  
  8398. # SOFTBANK TELECOM
  8399. # header DIRECTSBIDC X-Spam-Relays-Untrusted =~ /^\[ ip=(?:61\.115.199\.(?:12[89]|1[3-9]\d|2\d\d)|61\.196\.225\.(?:1[6-9]|2\d|3[01])|61\.209\.(?:201\.(?:12[89]|1[3-9]\d|2\d\d)|230\.\d{1,3})|61\.213\.14\.(?:12[89]|1[3-9]\d|2\d\d)|202\.218\.36\.(?:19[2-9]|2\d\d)|210\.146\.(?:(?:1[67]|22)\.\d{1,3}|128\.(?:12[89]|1[3-9]\d|2\d\d))|210\.169\.(?:166\.(?:12[89]|1[3-9]\d|2\d\d)|223\.\d{1,3}|251\.1(?:[678]\d|9[01]))|210\.175\.(?:(?:40|83|115|124)\.\d{1,3}|112\.(?:\d|\d\d|1[01]\d|12[0-7]))|211\.13\.237\.(?:[789]|[1-5]\d|6[012])|219\.101\.150\.25|219\.127\.118\.71) /
  8400. header DIRECTSBIDC X-Spam-Relays-Untrusted =~ /^\[ ip=(?:61\.115.199\.(?:12[89]|1[3-9]\d|2\d\d)|61\.196\.148\.(?:6[4-9]|7[01])|61\.196\.150\.(?:9[6-9]|10\d|1[01])|61\.196\.225\.(?:1[6-9]|2\d|3[01])|61\.209\.(?:201\.(?:12[89]|1[3-9]\d|2\d\d)|230\.\d{1,3})|61\.213\.14\.(?:12[89]|1[3-9]\d|2\d\d)|202\.218\.36\.(?:19[2-9]|2\d\d)|210\.146\.(?:(?:1[67]|22)\.\d{1,3}|210\.175\.35\.\d{1,3}|128\.(?:12[89]|1[3-9]\d|2\d\d))|210\.169\.(?:157\.(?!(?:5|51|67|11[567]|13[12]|147|155|170|187|19[78]|25[012]) )\d{1,3}|160\.(?!(?:3|1[19]|27|35|5[012]|67|91|115|123|13[19]|147|17[19]|187|21[19]|227|243|25[1-4]) )\d{1,3}|161\.(?!(?:43|83|219|227) )\d{1,3}|162\.(?!(?:3|19|53|179|162) )\d{1,3}|163\.(?!99 )\d{1,3}|165\.(?!(?:[13-8]|1[014]|21|89|9[0-4]|11\d|12[123]|22[5-9]|230|165) )\d{1,3}|166\.(?:12[89]|1[3-9]\d|2\d\d)|(?:16[47]|223)\.\d{1,3}|251\.1(?:[678]\d|9[01]))|210\.175\.(?:(?:40|83|115|124)\.\d{1,3}|112\.(?:\d|\d\d|1[01]\d|12[0-7]))|211\.8\.15[2-5]\.\d{1,3}|211\.13\.237\.(?:[789]|[1-5]\d|6[012])|219\.101\.137\.(?:19[2-9]|2\d\d)|219\.101\.150\.25|219\.127\.118\.71) /
  8401. describe DIRECTSBIDC directly received spam from SOFTBANK IDC Corp.
  8402. score DIRECTSBIDC 1.5
  8403.  
  8404. header DIRECTNTTMEDIAS X-Spam-Relays-Untrusted =~ /^\[ ip=219\.124\.(?:3[2-9]|4[0-6])\.\d{1,3} /
  8405. describe DIRECTNTTMEDIAS directly received spam from NTT Medias.
  8406. score DIRECTNTTMEDIAS 1.5
  8407.  
  8408. # header DIRECTK_OPTICOM X-Spam-Relays-Untrusted =~ /^\[ ip=58\.188\.(?!(96\.(2[24]|80|150|229)|97\.(73|174)|98\.(40|104|215)|102\.(83|22[69])) )\d{1,3}\.\d{1,3} /
  8409. header DIRECTK_OPTICOM X-Spam-Relays-Untrusted =~ /^\[ ip=(?:58\.188\.(?!(96\.(2[24]|80|150|229)|97\.(73|174)|98\.(40|104|215)|102\.(83|22[69])) )\d{1,3}\.\d{1,3}|218\.251\.116\.65) /
  8410. describe DIRECTK_OPTICOM directly received spam from K-Opticom Corporation
  8411. score DIRECTK_OPTICOM 1.5
  8412.  
  8413. header DIRECTJCN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:111\.90\.(?:\d|\d\d|1[01]\d|12[0-7])\.\d{1,3}|118\.8[37](?:\.\d{1,3}){2}|182\.50\.(?:19[2-9]|2[0-3]\d)\.\d{1,3}|202\.72\.7[1-9]\.\d{1,3}|218\.225\.9[2-5]\.\d{1,3}) /
  8414. describe DIRECTJCN directly received spam from JAPAN CABLENET LIMITED
  8415. score DIRECTJCN 1.5
  8416.  
  8417. header DIRECTDOMIRU X-Spam-Relays-Untrusted =~ /^\[ ip=(?:153\.120\.208\.(?:9[89]|10[0-6])|(?:180\.131\.(?:6[4-9]|[789]\d|1[01]\d|12[0-7])|182\.236\.(?!(?:15\.\d{1,3}|24\.\d{1,3}|25\.11|32\.\d{1,3}) )(?:\d|[1-5]\d|6[0-3])|210\.229\.8[45])\.\d{1,3}) /
  8418. describe DIRECTDOMIRU directly received spam from CRUST co.,Ltd.
  8419. score DIRECTDOMIRU 1.5
  8420.  
  8421. header DIRECTMIRAI X-Spam-Relays-Untrusted =~ /^\[ ip=210\.172\.19[2-5]\.\d{1,3} /
  8422. describe DIRECTMIRAI directly received spam from Mirai Communication Network Inc.
  8423. score DIRECTMIRAI 1.5
  8424.  
  8425. header DIRECTPREMIERE X-Spam-Relays-Untrusted =~ /^\[ ip=202\.43\.10[4-7]\.\d{1,3} /
  8426. describe DIRECTPREMIERE directly received spam from PREMIERE INC
  8427. score DIRECTPREMIERE 1.5
  8428.  
  8429. header DIRECTJETINTERNET X-Spam-Relays-Untrusted =~ /^\[ ip=203\.79\.(?:4[89]|5\d|6[0-3])\.\d{1,3} /
  8430. describe DIRECTJETINTERNET directly received spam from JETINTERNET Corporation
  8431. score DIRECTJETINTERNET 1.5
  8432.  
  8433. # 203.135.231.43 110.54.43.65
  8434. # CSF-NET
  8435. header DIRECTQTNET X-Spam-Relays-Untrusted =~ /^\[ ip=(?:61\.44\.2[45]\d|110\.54\.(?:\d|\d\d|10\d|11[1-9]|12[0-6])|114\.141\.3[2-9]|203\.135\.(?:19[2-79]|2[01235]\d|24[1-9]))\.\d{1,3} /
  8436. describe DIRECTQTNET directly received spam from Kyushu Telecommunication Network Co., Inc.
  8437. score DIRECTQTNET 1.5
  8438.  
  8439. header DIRECTIPCORE X-Spam-Relays-Untrusted =~ /^\[ ip=(?:111\.92\.24[4-7]\.\d{1,3}|210\.255\.85\.1(?:7[6-9]|8\d|9[01])) /
  8440. describe DIRECTIPCORE directly received spam from Ip Core Corporation
  8441. score DIRECTIPCORE 1.5
  8442.  
  8443. # header DIRECTTSUKAERUNET X-Spam-Relays-Untrusted =~ /^\[ ip=119\.82\.(?:2[57]\.\d{1,3}|24\.(?!(?:[89]|1[013479]|2[02379]|3[1679]|4[689]|5[56]|6[1478]|7[01348]|8[034568]|9[1234678]|1(?:0[01246789]|1[1238]|2[02345679]|3[239]|4[12345789]|5[1236]|6[278]|7[067]|8[124568]|9[01235])|2(?:0[012568]|1[0235679]|2[0123456789]|3[178]|4[02468]|5[01])) )\d{1,3}|26\.(?!(?:3|1[046789]|2[2367]|3[12]|4[48]|5[37]|6[2389]|7[0489]|8[459]|92|1(?:0[04579]|1[013578]|2[1-5789]|3[0123568]|4[0138]|5[1245689]|6[0124-9]|7[13789]|8[0-689]|9[0124689])|2(?:0[0-8]|1[2478]|2[0235689]|3[234689]|4[2389])) )\d{1,3}|28\.(?!(?:[68]|1[0145]|58|1(?:0[0135]|1[03-8]|2[01245789]|3[0-4679]|4[26789]|5[02378]|6[1235679]|7[135-9]|82|97)|2(?:03|18|3[89]|44)) )\d{1,3}|29\.(?!(?:[689]|1[369]|2[148]|3[01356]|48|5[24]|6[57]|7[48]|8[013789]|9[1257]|1(?:0[03456789]|1[589]|2[23]|3[03]|4[03568]|5[089]|6[02379]|7[036]|8[357]|9[3589])|2(?:0[03459]|1[23567]|2[01]|3[018]|4[057]|5[14])) )\d{1,3}|30\.(?!(?:61|72|1(?:29|39|4[016]|5[57]|6[0156]|73|95)|2(?:0[12456789]|1[12349]|2[019]|3[0348]|4[046]|5[234])) )\d{1,3}|31\.(?!(?:1(?:0[125]|13|2[0579]|4[1389]|5[03678]|6[125]|7[02357]|9[356])|2(?:00|12|23)) )\d{1,3}) /
  8444. header DIRECTTSUKAERUNET X-Spam-Relays-Untrusted =~ /^\[ ip=(?:27\.112\.(?:106\.(?!(?:[56]0|10[28]|11[56]|171|20[02]|211|225|248) )\d{1,3}|109\.(?!(?:68|9[89]|249|252) )\d{1,3}|110\.(?!(?:30|92|115|123|14[45]|16[789]|201) )\d{1,3}|111\.(?!(?:67|13[5-8]|14[16]|15[2368]|18[78]|238) )\d{1,3})|119\.82\.(?:2[57]\.\d{1,3}|24\.(?!(?:[89]|1[013479]|2[02379]|3[1679]|4[689]|5[56]|6[1478]|7[01348]|8[034568]|9[1234678]|1(?:0[01246789]|1[1238]|2[02345679]|3[239]|4[12345789]|5[1236]|6[278]|7[067]|8[124568]|9[01235])|2(?:0[012568]|1[0235679]|2[0123456789]|3[178]|4[02468]|5[01])) )\d{1,3}|26\.(?!(?:3|1[046789]|2[2367]|3[12]|4[48]|5[37]|6[2389]|7[0489]|8[459]|92|1(?:0[04579]|1[013578]|2[1-5789]|3[0123568]|4[0138]|5[1245689]|6[0124-9]|7[13789]|8[0-689]|9[0124689])|2(?:0[0-8]|1[2478]|2[0235689]|3[234689]|4[2389])) )\d{1,3}|28\.(?!(?:[68]|1[0145]|58|1(?:0[0135]|1[03-8]|2[01245789]|3[0-4679]|4[26789]|5[02378]|6[1235679]|7[135-9]|82|97)|2(?:03|18|3[89]|44)) )\d{1,3}|29\.(?!(?:[689]|1[369]|2[148]|3[01356]|48|5[24]|6[57]|7[48]|8[013789]|9[1257]|1(?:0[03456789]|1[589]|2[23]|3[03]|4[03568]|5[089]|6[02379]|7[036]|8[357]|9[3589])|2(?:0[03459]|1[23567]|2[01]|3[018]|4[057]|5[14])) )\d{1,3}|30\.(?!(?:61|72|1(?:29|39|4[016]|5[57]|6[0156]|73|95)|2(?:0[12456789]|1[12349]|2[019]|3[0348]|4[046]|5[234])) )\d{1,3}|31\.(?!(?:1(?:0[125]|13|2[0579]|4[1389]|5[03678]|6[125]|7[02357]|9[356])|2(?:00|12|23)) )\d{1,3})) /
  8445. describe DIRECTTSUKAERUNET directly received spam from Tsukaeru.net, Web Hosting Company, Japan
  8446. score DIRECTTSUKAERUNET 1.5
  8447.  
  8448. header DIRECTCRMSTYLE X-Spam-Relays-Untrusted =~ /^\[ ip=(?:113\.39\.92\.(?:5[6-9]|6[012])|210\.168\.111\.2(?:1[6-9]|2[012])) /
  8449. describe DIRECTCRMSTYLE directly received spam from Synergy Marketing, Inc.
  8450. score DIRECTCRMSTYLE 1.5
  8451.  
  8452. header DIRECTADVANTAGE24 X-Spam-Relays-Untrusted =~ /^\[ ip=202\.167\.230\.136 /
  8453. describe DIRECTADVANTAGE24 directly received spam from Advantage 24 K.K. 4-9-8 Ebisu Shibuya-ku, 150-0013, part of EQUINIX
  8454. score DIRECTADVANTAGE24 1.5
  8455.  
  8456. # 61.115.199.128-61.115.199.255
  8457. # 219.101.160.0 - 219.101.160.255
  8458. header DIRECTFASTNET X-Spam-Relays-Untrusted =~ /^\[ ip=(?:61\.115\.199\.(?:12[89]|1[3-9]\d|2\d\d)|219\.101\.160\.\d{1,3}) /
  8459. describe DIRECTFASTNET directly received spam from Fastnet corp
  8460. score DIRECTFASTNET 1.5
  8461.  
  8462. header DIRECTSOUKI X-Spam-Relays-Untrusted =~ /^\[ ip=221\.115\.124\.1(?:2[89]|3\d|4[0-3]) /
  8463. describe DIRECTSOUKI directly received spam from SOUKI INC.
  8464. score DIRECTSOUKI 1.5
  8465.  
  8466. header DIRECTSHIZUOKAUNIV X-Spam-Relays-Untrusted =~ /^\[ ip=133\.70\.180\.156 /
  8467. describe DIRECTSHIZUOKAUNIV directly received spam from National University Corporation Shizuoka University
  8468. score DIRECTSHIZUOKAUNIV 1.5
  8469.  
  8470. header DIRECTBEKKOAME X-Spam-Relays-Untrusted =~ /^\[ ip=202\.210\.1(?:2[89]|[3-8]\d|9[01])\.\d{1,3} /
  8471. describe DIRECTBEKKOAME directly received spam from BEKKOAME INTERNET, INC.
  8472. score DIRECTBEKKOAME 1.5
  8473.  
  8474. header DIRECTARUZE X-Spam-Relays-Untrusted =~ /^\[ ip=211\.133\.138\.179 /
  8475. describe DIRECTARUZE directly received spam from Aruze Corpration
  8476. score DIRECTARUZE 1.5
  8477.  
  8478. header DIRECTINTERCEPT X-Spam-Relays-Untrusted =~ /^\[ ip=(?:14\.192\.5[6-9]|103\.246\.7[2-5]|116\.66\.1(?:7[6-9]|8\d|9[01]))\.\d{1,3} /
  8479. describe DIRECTINTERCEPT directly received spam from Intercept,Inc.
  8480. score DIRECTINTERCEPT 1.5
  8481.  
  8482.  
  8483. header DIRECTNAGOYAUNIV X-Spam-Relays-Untrusted =~ /^\[ ip=133\.6\.(?:76\.51|155\.161) /
  8484. describe DIRECTNAGOYAUNIV directly received spam from National University Corporation Nagoya University
  8485. score DIRECTNAGOYAUNIV 1.5
  8486.  
  8487. header DIRECTTOHOUNIV X-Spam-Relays-Untrusted =~ /^\[ ip=202\.16\.213\.124 /
  8488. describe DIRECTTOHOUNIV directly received spam from The TOHO University
  8489. score DIRECTTOHOUNIV 1.5
  8490.  
  8491. header DIRECTSINSHUUNIV X-Spam-Relays-Untrusted =~ /^\[ ip=160\.252\.188\.249 /
  8492. describe DIRECTSINSHUUNIV directly received spam from Shinshu University
  8493. score DIRECTSINSHUUNIV 1.5
  8494.  
  8495. # 61.209.230.0-61.209.230.255 (256)
  8496. # 210.146.22.0-210.146.22.255 (256)
  8497. # 210.151.32.0-210.151.32.255 (256)
  8498. # 210.175.40.0-210.175.40.255 (256)
  8499. # 210.175.112.0-210.175.112.127 (128)
  8500. # 211.8.56.0-211.8.63.255 (2048)
  8501. # header DIRECTWINSCOMM X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:61\.209\.230|210\.(?:146\.22|151\.32|175\.(?:40|62))|211\.8\.(?:5[6-9]|6[0-3]))\.\d{1,3}|210\.175\.(?:112\.(?:\d|\d\d|1[01]\d|12[0-7])|115\.\d{1,3})) /
  8502. header DIRECTWINSCOMM X-Spam-Relays-Untrusted =~ /^\[ ip=(?:(?:61\.209\.23[01]|210\.(?:146\.22|151\.32|175\.(?:40|62|115))|211\.8\.(?:5[6-9]|6[0-3]))\.\d{1,3}|(?:210\.175\.112|211\.8\.127)\.(?:\d|\d\d|1[01]\d|12[0-7])) /
  8503. describe DIRECTWINSCOMM directly received spam from WINS COMMUNICATIONS CO., LTD.
  8504. score DIRECTWINSCOMM 1.5
  8505.  
  8506. header DIRECTBIT_ISLE X-Spam-Relays-Untrusted =~ /^\[ ip=112\.137\.190\.207 /
  8507. describe DIRECTBIT_ISLE directly received spam from Bit-isle
  8508. score DIRECTBIT_ISLE 1.5
  8509.  
  8510. header DIRECTG_EMEDIA X-Spam-Relays-Untrusted =~ /^\[ ip=211\.120\.51\.12 /
  8511. describe DIRECTG_EMEDIA directly received spam from G-eMedia
  8512. score DIRECTG_EMEDIA 1.5
  8513.  
  8514. header DIRECTABLENET X-Spam-Relays-Untrusted =~ /^\[ ip=(?:111\.87\.90\.(?:\d|\d\d|1[01]\d|12[0-7])|210\.146\.28\.(?:12[89]|1[3-9]\d|2\d\d)) /
  8515. describe DIRECTABLENET directly received spam from ABLENET Corporation
  8516. score DIRECTABLENET 1.5
  8517.  
  8518. header DIRECTTOYOHASHICBN X-Spam-Relays-Untrusted =~ /^\[ ip=(?:202\.53\.11[6-9]|202\.216\.136\.131|210\.1\.14[567]\.\d{1,3}) /
  8519. describe DIRECTTOYOHASHICBN directly received spam from TOYOHASHI CABLE NETWORK INC.
  8520. score DIRECTTOYOHASHICBN 1.5
  8521.  
  8522. # 112.137.190.192-112.137.190.255
  8523. header DIRECTPIPEDBITS X-Spam-Relays-Untrusted =~ /^\[ ip=112\.137\.190\.(?:19[2-9]|2\d\d) /
  8524. describe DIRECTPIPEDBITS directly received spam from PIPED BITS Co., Ltd.
  8525. score DIRECTPIPEDBITS 1.5
  8526.  
  8527. header DIRECTRISE X-Spam-Relays-Untrusted =~ /^\[ ip=27\.116\.4[0-3]\.\d{1,3} /
  8528. describe DIRECTRISE directly received spam from Rise Inc.
  8529. score DIRECTRISE 1.5
  8530.  
  8531. header DIRECTVFLETS X-Spam-Relays-Untrusted =~ /^\[ ip=183\.177\.167\.\d{1,3} /
  8532. describe DIRECTVFLETS directly received spam from Marubeni Access Solutions Inc.
  8533. score DIRECTVFLETS 1.5
  8534.  
  8535. # 203.142.198.48
  8536. header DIRECTKAGOYA X-Spam-Relays-Untrusted =~ /^\[ ip=(?:103\.3\.49\.214|124\.248\.149\.11|133\.18\.1\.46|203\.142\.(?:19[2346-9]\.\d{1,3}|2(?:0[013-689]|1[01])\.\d{1,3}|195\.(?!82 )\d{1,3}|202\.(?!6 )\d{1,3}|207\.(?!(?:4[89]|5\d|6[01289]|7[0235]|16[0-7]|17[1-9]|18[039]) )\d{1,3})) /
  8537. describe DIRECTKAGOYA directly received spam from Kagoya Japan Corporation
  8538. score DIRECTKAGOYA 1.5
  8539.  
  8540. header DIRECTFUTURESPIRITS X-Spam-Relays-Untrusted =~ /^\[ ip=219\.99\.169\.\d{1,3} /
  8541. describe DIRECTFUTURESPIRITS directly received spam from Future Spirits Co.,Ltd.
  8542. score DIRECTFUTURESPIRITS 1.5
  8543.  
  8544. # 211.120.51.0-211.120.51.127
  8545. # 211.133.138.128-211.133.138.255
  8546. header DIRECTYAHOOJP X-Spam-Relays-Untrusted =~ /^\[ ip=(?:202\.218\.36\.(?:19[2-9]|2\d\d)|210\.140\.(?:6[89]|70)\.\d{1,3}|210\.168\.50\.(?:\d|\d\d|1[01]\d|12[0-7])|211\.120\.51\.(?:\d|\d\d|1[01]\d|12[0-7])|211\.133\.138\.(?:12[89]|1[3-9]\d|2\d\d)) /
  8547. describe DIRECTYAHOOJP directly received spam from Yahoo Japan Corporation
  8548. score DIRECTYAHOOJP 1.5
  8549.  
  8550. header DIRECTCYBERNET X-Spam-Relays-Untrusted =~ /^\[ ip=113\.212\.137\.\d{1,3} /
  8551. describe DIRECTCYBERNET directly received spam from CYBERNET
  8552. score DIRECTCYBERNET 1.5
  8553.  
  8554. # inetnum: 49.156.161.0 - 49.156.161.255
  8555. # netname: gbjho4sd8-com
  8556. # descr: gbjho4sd8-com
  8557. # irt: IRT-ACE-JP
  8558. # address: Diabuilding 8F, Building 2
  8559. # address: 1-28-38 Shinkawa
  8560. # address: Chuo-ku Tokyo Japan
  8561. header DIRECTACE X-Spam-Relays-Untrusted =~ /^\[ ip=(?:49\.156\.1(?:[678]\d|9[01])|111\.223\.(?:19[2-9]|2[01]\d|22[0-3])|113\.212\.1(2[89]|[345]\d))\.\d{1,3} /
  8562. describe DIRECTACE directly received spam from Ace, Inc. Diabuilding 8F, Building 2 1-28-38 Shinkawa Chuo-ku Tokyo Japan
  8563. score DIRECTACE 1.5
  8564.  
  8565. # header DIRECTRAT X-Spam-Relays-Untrusted =~ /^\[ ip=27\.96\.(?:3[2-9]|[45]\d|6[0-3])\.\d{1,3} /
  8566. header DIRECTRAT X-Spam-Relays-Untrusted =~ /^\[ ip=27\.96\.(?:3[2-9]|[45]\d|6[0-3])\.255 /
  8567. describe DIRECTRAT directly received spam from RAT Co.,Ltd.
  8568. score DIRECTRAT 1.5
  8569.  
  8570. header DIRECTSEEDS X-Spam-Relays-Untrusted =~ /^\[ ip=(?:210\.171\.136\.(?!12 )\d{1,3}|219\.127\.118\.(?!(?:\d|[1-5]\d|6[012]|76|80|1[3-9]\d|2\d\d))\d{1,3}) /
  8571. describe DIRECTSEEDS directly received spam from Seeds Corp.
  8572. score DIRECTSEEDS 1.5
  8573.  
  8574. header DIRECTREDSPEED X-Spam-Relays-Untrusted =~ /^\[ ip=(?:27\.100\.(?:2[89]|3[01])|119\.82\.15[2-9]|124\.248\.14[45]|180\.222\.(?:3[2-9]|[45]\d|6[0-3])|202\.231\.(?:19[2-9]|2\d\d)|203\.142\.2(?:0[89]|1[0-4]))\.\d{1,3} /
  8575. describe DIRECTREDSPEED directly received spam from Redspeed Networks Co., Ltd.
  8576. score DIRECTREDSPEED 1.5
  8577.  
  8578. header DIRECTPARKCITY X-Spam-Relays-Untrusted =~ /^\[ ip=(?:123\.98\.2(?:2[4-9]|3\d)|203\.124\.(?:6[4-9]|[78]\d|9[0-5])|210\.135\.2(?:1[6-9]|2[0-3]))\.\d{1,3} /
  8579. describe DIRECTPARKCITY directly received spam from Parkcitynet(MUSASHINO-MITAKA CABLETELEVISION Inc.)
  8580. score DIRECTPARKCITY 1.5
  8581.  
  8582. # CCNW-NET CHUBU CABLE NETWORK COMPANY,INCORPORATED
  8583. header DIRECTCCNET X-Spam-Relays-Untrusted =~ /^\[ ip=(?:202\.79\.13[06-9]|202\.137\.188)\.\d{1,3} /
  8584. describe DIRECTCCNET directly received spam from COMMUNITY NETWORK CENTER INC.
  8585. score DIRECTCCNET 1.5
  8586.  
  8587. header DIRECTGENESIS X-Spam-Relays-Untrusted =~ /^\[ ip=(?:124\.109\.1(?:0[89]|1[01])|175\.45\.1(?:6[89]|7[0-5]))\.\d{1,3} /
  8588. describe DIRECTGENESIS directly received spam from GENESIS co.,ltd
  8589. score DIRECTGENESIS 1.5
  8590.  
  8591. header DIRECTMARUBENI X-Spam-Relays-Untrusted =~ /^\[ ip=1\.21\.12\.\d{1,3} /
  8592. describe DIRECTMARUBENI directly received spam from Marubeni Access Solutions Inc.
  8593. score DIRECTMARUBENI 1.5
  8594.  
  8595. header DIRECTOKAYAMANET X-Spam-Relays-Untrusted =~ /^\[ ip=202\.70\.2(?:2[4-9]|[345]\d)\.\d{1,3} /
  8596. describe DIRECTOKAYAMANET directly received spam from OKAYAMA NETWORK INC.
  8597. score DIRECTOKAYAMANET 1.5
  8598.  
  8599. header DIRECTGREENNET X-Spam-Relays-Untrusted =~ /^\[ ip=(?:110\.50\.(?:9[6-9]|1[01]\d|12[0-7])|115\.187\.(?:6[5-9]|7\d))\.\d{1,3} /
  8600. describe DIRECTGREENNET directly received spam from GreenNet Co.,Ltd.
  8601. score DIRECTGREENNET 1.5
  8602.  
  8603. header DIRECTMICS X-Spam-Relays-Untrusted =~ /^\[ ip=211\.133\.23[2-9]\.\d{1,3} /
  8604. describe DIRECTMICS directly received spam from Mics Network Corporation
  8605. score DIRECTMICS 1.5
  8606.  
  8607. # header DIRECTMEDIAEX X-Spam-Relays-Untrusted =~ /^\[ ip=211\.13\.217\.183 /
  8608. header DIRECTMEDIAEX X-Spam-Relays-Untrusted =~ /^\[ ip=211\.13\.217\.(?:[69]|1[01239]|2[3567]|3[013579]|4[019]|5[01]|[6789]0|1(?:0[06]|1[05]|2[08]|3\d|4[012]|6[03-689]|7[0289]|8[1235]|9[06])|2(?:0[035]|1[0-3]|3[04]|4[89]|5[0-3])) /
  8609. describe DIRECTMEDIAEX directly received spam from Media Exchange Co., Inc.
  8610. score DIRECTMEDIAEX 1.5
  8611.  
  8612. header DIRECTFUJITSUNAGANO X-Spam-Relays-Untrusted =~ /^\[ ip=221\.121\.182\.75 /
  8613. describe DIRECTFUJITSUNAGANO directly received spam from FUJITSU NAGANO SYSTEMS ENGINEERING LIMITED
  8614. score DIRECTFUJITSUNAGANO 1.5
  8615.  
  8616. header DIRECTNIPPONRAD X-Spam-Relays-Untrusted =~ /^\[ ip=163\.43\.129\.(?!(?:19|2[036]|3[458]|4[37]|5[1239]|6[24]|7[0234]|85|9[02]|1(?:06|1[039]|3[125]|4[258]|5[12368]|7[4-8]|8[1247]|9[348])|2(?:0[058]|1[589]|0[0134])) )\d{1,3} /
  8617. describe DIRECTNIPPONRAD directly received spam from Nippon RAD Inc.
  8618. score DIRECTNIPPONRAD 1.5
  8619.  
  8620. header DIRECTADACHI X-Spam-Relays-Untrusted =~ /^\[ ip=(?:117\.53\.(?:\d|[12]\d|3[01])|219\.105\.(?:9[6-9]|1[01]\d|12[0-7]))\.\d{1,3} /
  8621. describe DIRECTADACHI directly received spam from Cable television Adachi Corp.
  8622. score DIRECTADACHI 1.5
  8623.  
  8624. # It seems that the company is a virtual company.
  8625. header DIRECTDOUBLECAST X-Spam-Relays-Untrusted =~ /^\[ ip=101\.0\.(?:[89]|[12]\d|3[01])\.\d{1,3} /
  8626. describe DIRECTDOUBLECAST directly received spam from Double Cast Inc.
  8627. score DIRECTDOUBLECAST 1.5
  8628.  
  8629. # header DIRECTMIYAZAKICT X-Spam-Relays-Untrusted =~ /^\[ ip=101\.0\.(?:[89]|[12]\d|3[01])\.\d{1,3} /
  8630.  
  8631. # 116.89.240.0 -
  8632. # 116.89.244.144 - 116.89.244.159
  8633. # LINK Co. Ltd
  8634. header DIRECTIMPACT X-Spam-Relays-Untrusted =~ /^\[ ip=(?:103\.23\.2(?:4[89]|5\d)\.\d{1,3}|116\.89\.(?:24[0-367]\.\d{1,3}|244\.(?:\d|\d\d|1[0-5]\d))) /
  8635. describe DIRECTIMPACT directly received spam from IMPACT COLTD 2F Haruyama Bldg, 2-31-4 Nishihara, Shibuya-ku, Tokyo, Japan
  8636. score DIRECTIMPACT 1.5
  8637.  
  8638. header DIRECTNCPNET X-Spam-Relays-Untrusted =~ /^\[ ip=103\.10\.(?:6[89]|7[01])\.\d{1,3} /
  8639. describe DIRECTNCPNET directly received spam from New Culture Production Inc.
  8640. score DIRECTNCPNET 1.5
  8641.  
  8642. header DIRECTREINCA X-Spam-Relays-Untrusted =~ /^\[ ip=103\.28\.18[4-7]\.\d{1,3} /
  8643. describe DIRECTREINCA directly received spam from REINCARNATION COLTD 2-23-4, Minami-Nagasaki, Toshima-ku, Tokyo
  8644. score DIRECTREINCA 1.5
  8645.  
  8646. header DIRECTI2TS X-Spam-Relays-Untrusted =~ /^\[ ip=1\.0\.(?:1[6-9]|2\d|3[01])\.\d{1,3} /
  8647. describe DIRECTI2TS directly received spam from i2ts,inc. 2-16-9,TK Building 2F,Kabukichou,Shinjukuku,Tokyo 160-0021
  8648. score DIRECTI2TS 1.5
  8649.  
  8650. # header DIRECTAMAZON X-Spam-Relays-Untrusted =~ /^\[ ip=1\.0\.(?:1[6-9]|2\d|3[01])\.\d{1,3} /
  8651.  
  8652. header DIRECTBEACONNC X-Spam-Relays-Untrusted =~ /^\[ ip=113\.130\.15\.1(?:3[2-9]|[4-8]\d|90) /
  8653. describe DIRECTBEACONNC directly received spam from BeaconNC, Inc. 7-7-29 Nishishinjyuku Shinjyuku-ku Tokyo Nishishinjuku Bldg. 6F
  8654. score DIRECTBEACONNC 1.5
  8655.  
  8656. # CCNET-NET
  8657. header DIRECTCNCI X-Spam-Relays-Untrusted =~ /^\[ ip=(?:116\.58\.1(?:4[5-9]|5[013-7])|122\.49\.23[2-8]|202\.137\.1(8[4-8]|9[01]))\.\d{1,3} /
  8658. describe DIRECTCNCI directly received spam from COMMUNITY NETWORK CENTER INC. 1-3-10, Higashisakura, Higashi-ku, Nagoya-shi, Aichi, 461-0005, JAPAN
  8659. score DIRECTCNCI 1.5
  8660.  
  8661. # deleted 2016.11.14 by [yoh]
  8662. # Thanks to: Kimura-san from Nucleus Corp.
  8663. # header DIRECTYMIRLINK X-Spam-Relays-Untrusted =~ /^\[ ip=210\.171\.14\.\d{1,3} /
  8664. # describe DIRECTYMIRLINK directly received spam from Ymirlink Inc.
  8665. # score DIRECTYMIRLINK 1.5
  8666.  
  8667. header DIRECTAPEIRON X-Spam-Relays-Untrusted =~ /^\[ ip=182\.160\.(?:19[2-9]|2\d\d)\.\d{1,3} /
  8668. describe DIRECTAPEIRON directly received spam from APEiRON.Inc
  8669. score DIRECTAPEIRON 1.5
  8670.  
  8671. #irt: IRT-ONECOLTD-JP
  8672. #address: 1-11-22,Nakamoto,Higashinari-ku, Oosaka-shi Oosaka-hu 537-0022
  8673. #bmta17-2.mta-rdns.biz
  8674. header DIRECTIDCLLC X-Spam-Relays-Untrusted =~ /^\[ ip=103\.(?:244\.10[4-7]|248\.(?:6[89]|7[01]))\.\d{1,3} /
  8675. describe DIRECTIDCLLC directly received spam from Italian Cultural Institute Building 4F Ksfloor 2-1-30 Kudan-minami, Chiyoda-ku, Tokyo 102-0074(Virtual Office)
  8676. score DIRECTIDCLLC 1.5
  8677.  
  8678.  
  8679. # thrown away due to spammer escaped 2015.08.15 by [yoh]
  8680. #
  8681. #- #irt: IRT-IMPERIALCOLTD-JP
  8682. #- #address: 309-1, Kubo, Higashi-ku, Okayama-shi Okayama 704-8102
  8683. #- header DIRECTIMPERIAL X-Spam-Relays-Untrusted =~ /^\[ ip=103\.252\.52\.\d{1,3} /
  8684. #- describe DIRECTIMPERIAL directly received spam from 309-1, Kubo, Higashi-ku, Okayama-shi Okayama 704-8102
  8685. #- score DIRECTIMPERIAL 1.5
  8686.  
  8687. #irt: IRT-MSTLLC-JP
  8688. #address: 3-17-10-901, Tsukiji,, Chuo-ku Tokyo 104-0045
  8689. header DIRECTMSTLLC X-Spam-Relays-Untrusted =~ /^\[ ip=(?:43\.242.13[2-5]|103\.27\.18[4-7])\.\d{1,3} /
  8690. describe DIRECTMSTLLC directly received spam from 3-17-10-901, Tsukiji,, Chuo-ku Tokyo 104-0045
  8691. score DIRECTMSTLLC 1.5
  8692.  
  8693. header DIRECTRAKUSUNET X-Spam-Relays-Untrusted =~ /^\[ ip=180\.211\.84\.2(?:2[5-9]|[345]\d) /
  8694. describe DIRECTRAKUSUNET directly received spam from RAKUS Co.,Ltd
  8695. score DIRECTRAKUSUNET 1.5
  8696.  
  8697.  
  8698.  
  8699. # thrown away due to spammer escaped 2015.08.15 by [yoh]
  8700. #- #irt: IRT-GOLDSPARKLLC-JP
  8701. #- #address: 6F, 3-14-19, Shibaura,, Minato-ku, Tokyo 108-0023
  8702. #- header DIRECTGOLDSPARK X-Spam-Relays-Untrusted =~ /^\[ ip=103\.243\.1(?:8[89]|9[01])\.\d{1,3} /
  8703. #- describe DIRECTGOLDSPARK directly received spam from 6F, 3-14-19, Shibaura,, Minato-ku, Tokyo 108-0023
  8704. #- score DIRECTGOLDSPARK 1.5
  8705.  
  8706.  
  8707. #irt: IRT-JP-POSTSECURE
  8708. header DIRECTPOSTSECURE X-Spam-Relays-Untrusted =~ /^\[ ip=121\.200\.22[0-3]\.\d{1,3} /
  8709. describe DIRECTPOSTSECURE directly received spam from 1-2-1 Kinshi Sumida-ku Tokyo
  8710. score DIRECTPOSTSECURE 1.5
  8711.  
  8712. # inetnum: 103.6.44.0 - 103.6.47.255
  8713. # netname: B-net
  8714. # descr: B-net LLC
  8715. # descr: 3-17-2,shibuya,Shibuya-ku,Tokyo 150-0002,Japan
  8716. # inetnum: 103.20.38.0 - 103.20.38.255
  8717. # netname: YELLOWCAP3
  8718. # descr: 17-12sibuyazyonson Bld.401, Sakuragaokacho, Shibuya-ku
  8719. # inetnum: 103.255.0.0 - 103.255.0.255
  8720. # netname: SLFLLC-JP
  8721. # descr: Yazawa Building 4F, 3-1-9, Shibuya,
  8722. header DIRECTBNTYLWSLF X-Spam-Relays-Untrusted =~ /^\[ ip=103\.(?:6\.4[4-7]|20\.(?:[89]|1[01]|3[6-9]|7[2-5])|255\.[0-3])\.\d{1,3} /
  8723. describe DIRECTBNTYLWSLF directly received spam from B-net LLC/YELLOWCAP/SLFLLC
  8724. score DIRECTBNTYLWSLF 1.5
  8725.  
  8726. #inetnum: 103.251.159.0 - 103.251.159.255
  8727. #netname: SKYBLUEPOINTLLC-JP
  8728. #descr: 7-15-17 7-F, Roppongi
  8729. header DIRECTSKYBLUE X-Spam-Relays-Untrusted =~ /^\[ ip=103\.251\.15[6-9]\.\d{1,3} /
  8730. describe DIRECTSKYBLUE directly received spam from SKYBLUEPOINTLLC 7-15-17 7-F, Roppongi, Minato-ku Tokyo 106-0032
  8731. score DIRECTSKYBLUE 1.5
  8732.  
  8733. #inetnum: 103.31.140.0 - 103.31.143.255
  8734. #netname: NINEINC-JP
  8735. #descr: Nine Inc
  8736. header DIRECTNINEINC X-Spam-Relays-Untrusted =~ /^\[ ip=103\.31\.14[0-3]\.\d{1,3} /
  8737. describe DIRECTNINEINC directly received spam from NINEINC 4-7-24, Suwa,Zyounan-ku, Oosaka 536-0021
  8738. score DIRECTNINEINC 1.5
  8739.  
  8740. #inetnum: 103.12.224.0 - 103.12.227.255
  8741. #netname: BMC-JP
  8742. #descr: 2-10-36-502,Shimanouchi
  8743. header DIRECTBMCJP X-Spam-Relays-Untrusted =~ /^\[ ip=103\.12\.22[4-7]\.\d{1,3} /
  8744. describe DIRECTBMCJP directly received spam from BMCCOLTD 2-10-36-502,Shimanouchi,Chuo-ku,Oosaka,542-0082,Japan
  8745. score DIRECTBMCJP 1.5
  8746.  
  8747. #inetnum: 103.228.60.0 - 103.228.60.255
  8748. #netname: YORKLLC-JP
  8749. #descr: Dorumi Gotanda 407, 2-9-7 Nishigotanda
  8750. header DIRECTYORKLLC X-Spam-Relays-Untrusted =~ /^\[ ip=103\.228\.6[0-3]\.\d{1,3} /
  8751. describe DIRECTYORKLLC directly received spam from YORKLLC Dorumi Gotanda 407, 2-9-7 Nishigotanda, Shinagawa-ku Tokyo 141-0031
  8752. score DIRECTYORKLLC 1.5
  8753.  
  8754. #inetnum: 103.227.8.0 - 103.227.11.255
  8755. #netname: ACTIVELLC-JP
  8756. #descr: Tanakakoma Building 2F, 8-5-32, Akasaka
  8757. header DIRECTACTIVELLC X-Spam-Relays-Untrusted =~ /^\[ ip=103\.227\.(?:[89]|1[01])\.\d{1,3} /
  8758. describe DIRECTACTIVELLC directly received spam from Active LLC Tanakakoma Building 2F, 8-5-32, Akasaka, Minato-ku Tokyo 107-0052
  8759. score DIRECTACTIVELLC 1.5
  8760.  
  8761. #inetnum: 103.253.78.0 - 103.253.78.255
  8762. #netname: SUNRISELLC-JP
  8763. #descr: Central Building 703, 1-27-8, Ginza,
  8764. header DIRECTSUNRISELLC X-Spam-Relays-Untrusted =~ /^\[ ip=103\.253\.7[6-9]\.\d{1,3} /
  8765. describe DIRECTSUNRISELLC directly received spam from SUNRISE LLC Central Building 703, 1-27-8, Ginza,, Chuo-ku, Tokyo 104-0061
  8766. score DIRECTSUNRISELLC 1.5
  8767.  
  8768. #inetnum: 103.240.116.0 - 103.240.116.255
  8769. #netname: BLUEEYESLLC-JP
  8770. #descr: Mimosa Building 3F, 2-11-10, Minamiotsuka
  8771. header DIRECTBLUEEYESLLC X-Spam-Relays-Untrusted =~ /^\[ ip=103\.240\.11[6-9]\.\d{1,3} /
  8772. describe DIRECTBLUEEYESLLC directly received spam from Blue Eyes LLC Mimosa Building 3F, 2-11-10, Minamiotsuka, Toshima-ku Tokyo 170-0005
  8773. score DIRECTBLUEEYESLLC 1.5
  8774.  
  8775. #inetnum: 103.234.72.0 - 103.234.72.255
  8776. #netname: BACL-JP
  8777. #descr: 1-6-9, Awajimachi, Chuo-ku
  8778. header DIRECTBACLJP X-Spam-Relays-Untrusted =~ /^\[ ip=103\.234\.7[2-5]\.\d{1,3} /
  8779. describe DIRECTBACLJP directly received spam from Business Associate Co Ltd 1-6-9, Awajimachi, Chuo-ku, Osaka-shi, Osaka, 541-0047
  8780. score DIRECTBACLJP 1.5
  8781.  
  8782. #inetnum: 103.232.15.0 - 103.232.15.255
  8783. #netname: PROGRESSLLC-JP
  8784. #descr: Neomet Aoyama 3F, 2-7-13, Shibuya
  8785. header DIRECTPROGRESS X-Spam-Relays-Untrusted =~ /^\[ ip=103\.232\.1[2-5]\.\d{1,3} /
  8786. describe DIRECTPROGRESS directly received spam from Progress LLC Neomet Aoyama 3F, 2-7-13, Shibuya, Shibuya-ku Tokyo 150-0002
  8787. score DIRECTPROGRESS 1.5
  8788.  
  8789. #inetnum: 103.235.15.0 - 103.235.15.255
  8790. #netname: MSLLC-JP
  8791. #descr: O's Gotenyama 302, 1-12-2, Honmachi
  8792. header DIRECTMSLLC X-Spam-Relays-Untrusted =~ /^\[ ip=103\.235\.1[2-5]\.\d{1,3} /
  8793. describe DIRECTMSLLC directly received spam from MS-LLC O's Gotenyama 302, 1-12-2, Honmachi, Fuchu-shi Tokyo 183-0027
  8794. score DIRECTMSLLC 1.5
  8795.  
  8796. #inetnum: 103.242.7.0 - 103.242.7.255
  8797. #netname: GIGABITLINELLC-JP
  8798. #descr: 1-31-8-1F, Minamiotsuka,
  8799. header DIRECTGIGABITLINE X-Spam-Relays-Untrusted =~ /^\[ ip=103\.242\.[4-7]\.\d{1,3} /
  8800. describe DIRECTGIGABITLINE directly received spam from GIGABIT LINE LLC 1-31-8-1F, Minamiotsuka,, Toshima-ku Tokyo 170-0005
  8801. score DIRECTGIGABITLINE 1.5
  8802.  
  8803. # inetnum: 103.240.252.0 - 103.240.252.255
  8804. # inetnum: 103.240.255.0 - 103.240.255.255
  8805. # netname: IKNETLLC-JP
  8806. # descr: Nagasakido Bldg.6F, 3-10-14, Shibuya
  8807. header DIRECTIKNETLLC X-Spam-Relays-Untrusted =~ /^\[ ip=103\.240\.25[2-5]\.\d{1,3} /
  8808. describe DIRECTIKNETLLC directly received spam from IKnet LLC Nagasakido Bldg.6F, 3-10-14, Shibuya
  8809. score DIRECTIKNETLLC 1.5
  8810.  
  8811. # inetnum: 103.232.200.0 - 103.232.200.255
  8812. # inetnum: 103.232.203.0 - 103.232.203.255
  8813. # netname: VIOLETPURPLELLC-JP
  8814. # descr: Lime Heights 206, 4-5-13, Komagawa, Higashisumiyoshi-ku,
  8815. header DIRECTVIOLETPURPLE X-Spam-Relays-Untrusted =~ /^\[ ip=103\.232\.20[0-3]\.\d{1,3} /
  8816. describe DIRECTVIOLETPURPLE directly received spam from Violet Purple LLC Lime Heights 206, 4-5-13, Komagawa, Higashisumiyoshi-ku, Osaka-shi, Osaka 546-0043
  8817. score DIRECTVIOLETPURPLE 1.5
  8818.  
  8819. #inetnum: 103.241.64.0 - 103.241.65.255
  8820. #inetnum: 103.241.67.0 - 103.241.67.255
  8821. #netname: AMBITIOUSINC-JP
  8822. #address: Aoyama 3-8-2, Minato-ku Tokyo 105-0000
  8823. header DIRECTAMIBITIOUS X-Spam-Relays-Untrusted =~ /^\[ ip=103\.241\.6[4-7]\.\d{1,3} /
  8824. describe DIRECTAMIBITIOUS directly received spam from AMIBITIOUSINC Aoyama 3-8-2, Minato-ku Tokyo 105-0000
  8825. score DIRECTAMIBITIOUS 1.5
  8826.  
  8827.  
  8828. #inetnum: 106.185.82.0 - 106.185.83.255
  8829. #inetnum: 106.185.84.0 - 106.185.85.255
  8830. #netname: EXPERIAN-NET
  8831. #descr: Experian Japan Co., Ltd
  8832. # header DIRECTEXPERIAN X-Spam-Relays-Untrusted =~ /^\[ ip=106\.(?:184\.1[67]|185\.8[2-5])\.\d{1,3} /
  8833. # describe DIRECTEXPERIAN directly received spam from Experian Japan Co., Ltd
  8834. # score DIRECTEXPERIAN 1.5
  8835.  
  8836. #inetnum: 103.225.144.0 - 103.225.147.255
  8837. #netname: MYHOUSELLC-JP
  8838. header DIRECTMYHOUSE X-Spam-Relays-Untrusted =~ /^\[ ip=103\.225\.14[4-7]\.\d{1,3} /
  8839. describe DIRECTMYHOUSE directly received spam from Myhouse LLC Shinjuku Daikan Plaza B-406, 7-10-17, Nishishinjuku,, Shinjuku-ku, Tokyo 106-0023
  8840. score DIRECTMYHOUSE 1.5
  8841.  
  8842. #inetnum: 103.30.72.0 - 103.30.75.255
  8843. #netname: FLUSHNET
  8844. header DIRECTFLUSHNET X-Spam-Relays-Untrusted =~ /^\[ ip=103\.30\.7[2-5]\.\d{1,3} /
  8845. describe DIRECTFLUSHNET directly received spam from FLUSHNET 9F, Shinjuku 5th Hayama Bldg., 5-11-30 Shinjuku, Shinjuku-ku, Tokyo 160-0022 JAPAN
  8846. score DIRECTFLUSHNET 1.5
  8847.  
  8848. #inetnum: 103.240.12.0 - 103.30.15.255
  8849. #netname: LAURELCORPORATION
  8850. header DIRECTLAUREL X-Spam-Relays-Untrusted =~ /^\[ ip=103\.240\.1[2-5]\.\d{1,3} /
  8851. describe DIRECTLAUREL directly received spam from LAURELCORPORATION Okubo 2-4-1, Shinjuku-ku Tokyo 169-0072
  8852. score DIRECTLAUREL 1.5
  8853.  
  8854. #inetnum: 103.249.212.0 - 103.249.212.255
  8855. #netname: SILVERGLASSLLC-JP
  8856. header DIRECTSILVERGLASS X-Spam-Relays-Untrusted =~ /^\[ ip=103\.249\.21[2-5]\.\d{1,3} /
  8857. describe DIRECTSILVERGLASS directly received spam from SILVERGLASS LLC 2F Fukuda Building, 1-8-9 Uchikanda, Chiyoda-ku Tokyo 101-0047
  8858. score DIRECTSILVERGLASS 1.5
  8859.  
  8860.  
  8861. #inetnum: 103.225.52.0 - 103.225.55.255
  8862. #netname: MAINZLLC-JP
  8863. header DIRECTMAINZ X-Spam-Relays-Untrusted =~ /^\[ ip=103\.225\.5[2-5]\.\d{1,3} /
  8864. describe DIRECTMAINZ directly received spam from Mainz LLC 1-4-16, Meguro, Meguro-ku Tokyo 153-0063
  8865. score DIRECTMAINZ 1.5
  8866.  
  8867.  
  8868. #inetnum: 103.230.24.0 - 103.230.27.255
  8869. #netname: YSISLANDLLC-JP
  8870. header DIRECTYSISLAND X-Spam-Relays-Untrusted =~ /^\[ ip=103\.230\.2[4-7]\.\d{1,3} /
  8871. describe DIRECTYSISLAND directly received spam from Ys Island LLC Shiko Building 4F-B, 3-13-4, Ginza,, Chuo-ku, Tokyo 104-0061
  8872. score DIRECTYSISLAND 1.5
  8873.  
  8874.  
  8875. #inetnum: 103.240.0.0 - 103.240.3.255
  8876. #netname: M10SENSECOLTD-JP
  8877. header DIRECTM10SENSE X-Spam-Relays-Untrusted =~ /^\[ ip=103\.240\.[0-3]\.\d{1,3} /
  8878. describe DIRECTM10SENSE directly received spam from R10sense CoLtd 3F Handa BLDG. 2-7-5 Ichiban-cho Aoba-ku Sendai City Miyagi 980-0811
  8879. score DIRECTM10SENSE 1.5
  8880.  
  8881.  
  8882. #inetnum: 103.19.116.0 - 103.19.119.255
  8883. #netname: RAPIDSQUARE
  8884. header DIRECTRAPIDSQUARE X-Spam-Relays-Untrusted =~ /^\[ ip=103\.19\.11[6-9]\.\d{1,3} /
  8885. describe DIRECTRAPIDSQUARE directly received spam from Rapidsquare LLC 4F Fuji Shinjuku Building, 5-11-13 Shinjuku, Shinjuku-ku Tokyo 160-0022
  8886. score DIRECTRAPIDSQUARE 1.5
  8887.  
  8888.  
  8889. #inetnum: 103.61.232.0 - 103.61.235.255
  8890. #netname: INFRANET-JP
  8891. header DIRECTINFRANET X-Spam-Relays-Untrusted =~ /^\[ ip=103\.61\.23[2-5]\.\d{1,3} /
  8892. describe DIRECTINFRANET directly received spam from INFRANET 7-15-8, Ginza, Chuo-ku, Tokyo 104-0061
  8893. score DIRECTINFRANET 1.5
  8894.  
  8895.  
  8896. #inetnum: 43.231.244.0 - 43.231.247.255
  8897. #netname: NETCRUISE-JP
  8898. header DIRECTNETCRUISE X-Spam-Relays-Untrusted =~ /^\[ ip=43\.231\.24[4-7]\.\d{1,3} /
  8899. describe DIRECTNETCRUISE directly received spam from NETCRUISE 4-41-16-103Z,yoyogi,shibuya-ku,Tokyo
  8900. score DIRECTNETCRUISE 1.5
  8901.  
  8902.  
  8903. #inetnum: 103.18.228.0 - 103.18.229.255
  8904. #netname: NEXTAGEINC-JP
  8905. header DIRECTNEXTAGE X-Spam-Relays-Untrusted =~ /^\[ ip=103\.18\.2(?:2[89]|3[01])\.\d{1,3} /
  8906. describe DIRECTNEXTAGE directly received spam from NEXTAGEINC 3-44-5 Kibou Bld., Shimorenjaku, Mitaka-shi, Tokyo, 181-0013
  8907. score DIRECTNEXTAGE 1.5
  8908.  
  8909.  
  8910. #inetnum: 103.244.216.0 - 103.244.219.255
  8911. #netname: MSCOOKCOLTD-JP
  8912. header DIRECTMSCOOK X-Spam-Relays-Untrusted =~ /^\[ ip=103\.244\.21[6-9]\.\d{1,3} /
  8913. describe DIRECTMSCOOK directly received spam from MSCOOK CoLtd 3F Handa BLDG. 2-7-5 Ichiban-cho Aoba-ku Sendai City Miyagi 980-0811
  8914. score DIRECTMSCOOK 1.5
  8915.  
  8916.  
  8917. #inetnum: 103.252.136.0 - 103.252.139.255
  8918. #netname: HRC-JP
  8919. header DIRECTHRC X-Spam-Relays-Untrusted =~ /^\[ ip=103\.244\.21[6-9]\.\d{1,3} /
  8920. describe DIRECTHRC directly received spam from HIRAKAWA Realty Corp 1-8-26 RANZAN Bld.2F, Jingumae, Shibuya-ku Tokyo 150-0001
  8921. score DIRECTHRC 1.5
  8922.  
  8923.  
  8924. #inetnum: 103.25.252.0 - 103.25.255.255
  8925. #netname: ET355-HK
  8926. header DIRECTET355HK X-Spam-Relays-Untrusted =~ /^\[ ip=(?:103\.25\.25[2-5]|122\.115\.76)\.\d{1,3} /
  8927. describe DIRECTET355HK directly received spam from Eric Tam Kamiyacho Central Place 1F,4-3-13, Toranomon, Minato-ku,Tokyo
  8928. score DIRECTET355HK 1.5
  8929.  
  8930.  
  8931. #inetnum: 103.56.96.0 - 103.56.99.255
  8932. #netname: TOKYOCOMLLC-JP
  8933. header DIRECTTOKYOCOMLLC X-Spam-Relays-Untrusted =~ /^\[ ip=103\.56\.9[6-9]\.\d{1,3} /
  8934. describe DIRECTTOKYOCOMLLC directly received spam from Tokyocom LLC 1-13-2 Higashiueno, Taitoku Tokyo
  8935. score DIRECTTOKYOCOMLLC 1.5
  8936.  
  8937.  
  8938. #inetnum: 103.13.16.0 - 103.13.17.255
  8939. #irt: IRT-IF-NET-JP
  8940. header DIRECTIFNETJP X-Spam-Relays-Untrusted =~ /^\[ ip=103\.13\.1[67]\.\d{1,3} /
  8941. describe DIRECTIFNETJP directly received spam from Koji Suzuki Oota-machi 4-47, Naka-ku, Yokohama-shi, Kanagawa-ken
  8942. score DIRECTIFNETJP 1.5
  8943.  
  8944.  
  8945. #inetnum: 43.246.128.0 - 43.246.131.255
  8946. #netname: NATOMA-JP
  8947. header DIRECTNATOMAJP X-Spam-Relays-Untrusted =~ /^\[ ip=43\.246\.1(?:2[89]|3[01])\.\d{1,3} /
  8948. describe DIRECTNATOMAJP directly received spam from Natoma Limited 2-5-10, Sonezaki, Kita-ku, Osaka-shi Osaka 530-0057
  8949. score DIRECTNATOMAJP 1.5
  8950.  
  8951.  
  8952. #inetnum: 103.245.228.0 - 103.245.231.255
  8953. #irt: IRT-RIPPLELLC-JP
  8954. header DIRECTRIPPLELLC X-Spam-Relays-Untrusted =~ /^\[ ip=103\.245\.2(?:2[89]|3[01])\.\d{1,3} /
  8955. describe DIRECTRIPPLELLC directly received spam from Yasuko Osaki 1-4-14, Akasaka, Minato-ku Tokyo 107-0052
  8956. score DIRECTRIPPLELLC 1.5
  8957.  
  8958.  
  8959. #inetnum: 103.41.136.0 - 103.41.139.255
  8960. #irt: IRT-GAMECOLTD-JP
  8961. header DIRECTGAMECOLTD X-Spam-Relays-Untrusted =~ /^\[ ip=103\.41\.13[6-9]\.\d{1,3} /
  8962. describe DIRECTGAMECOLTD directly received spam from Game CoLtd Esakacho2-6-10,Fukidashi, Osaka
  8963. score DIRECTGAMECOLTD 1.5
  8964.  
  8965.  
  8966. #inetnum: 45.113.172.0 - 45.113.175.255
  8967. #inetnum: 103.53.96.0 - 103.53.99.255
  8968. #irt: IRT-FREEASYINC-JP
  8969. header DIRECTFREEASYINC X-Spam-Relays-Untrusted =~ /^\[ ip=(?:45\.113\.17[2-5]|103\.53\.9[6-9])\.\d{1,3} /
  8970. describe DIRECTFREEASYINC directly received spam from freeasy inc. Kudankita Watanabe Bldg. 1-14-12 Kudankita, Chiyoda-ku Tokyo 102-0073
  8971. score DIRECTFREEASYINC 1.5
  8972.  
  8973.  
  8974. #inetnum: 103.228.198.0 - 103.228.198.255
  8975. #irt: IRT-SPACEGRYLLC-JP
  8976. header DIRECTSPACEGRYLLC X-Spam-Relays-Untrusted =~ /^\[ ip=103\.228\.19[6-9]\.\d{1,3} /
  8977. describe DIRECTSPACEGRYLLC directly received spam from Space-gryLLC Higashikanda Bulding 307, 3-21-5, Kandasakumacho,, Chiyoda-ku, Tokyo 101-0025
  8978. score DIRECTSPACEGRYLLC 1.5
  8979.  
  8980.  
  8981. #inetnum: 103.231.39.0 - 103.231.39.255
  8982. #netname: Net-BCP-JP
  8983. #irt: IRT-PSWDS-PH
  8984. header DIRECTNETBCPJP X-Spam-Relays-Untrusted =~ /^\[ ip=103\.231\.3[89]\.\d{1,3} /
  8985. describe DIRECTNETBCPJP directly received spam from UNIT1 Hi-YIELD BLDG, 152 F.BLUMENTRITT ST., CORNER R.PASCUAL ST, BRGY BATIS, SANJUAN CITY METRO MANI
  8986. score DIRECTNETBCPJP 1.5
  8987.  
  8988.  
  8989. #inetnum: 45.115.32.0 - 45.115.35.255
  8990. #netname: ACCESS-M-JP
  8991. #irt: IRT-ACCESS-M-JP
  8992. header DIRECTACCESSMJP X-Spam-Relays-Untrusted =~ /^\[ ip=45\.115\.3[2-5]\.\d{1,3} /
  8993. describe DIRECTACCESSMJP directly received spam from ACCESS-M-JP Nishi-Nakajima 4-13-5, Yodogawa-Ku, Osaka-Shi, Osaka 532-0011
  8994. score DIRECTACCESSMJP 1.5
  8995.  
  8996.  
  8997. #inetnum: 103.192.228.0 - 103.192.231.255
  8998. #netname: FOXINC-JP
  8999. #irt: IRT-FOXINC-JP
  9000. header DIRECTFOXINCJP X-Spam-Relays-Untrusted =~ /^\[ ip=103\.192\.2(?:2[89]|3[01])\.\d{1,3} /
  9001. describe DIRECTFOXINCJP directly received spam from FOXINC-JP 4-25,Miyamachi,Omiya-ku, Saitama
  9002. score DIRECTFOXINCJP 1.5
  9003.  
  9004.  
  9005. #inetnum: 43.230.52.0 - 43.230.55.255
  9006. #inetnum: 43.231.188.0 - 43.231.191.255
  9007. #inetnum: 43.251.184.0 - 43.251.187.255
  9008. #irt: IRT-HOPE-NET-JP
  9009. header DIRECTHOPENETJP X-Spam-Relays-Untrusted =~ /^\[ ip=43\.(?:230\.5[2-5]|231\.1(?:8[89]|9[01])|251\.18[4-7])\.\d{1,3} /
  9010. describe DIRECTHOPENETJP directly received spam from HOPE-NET-JP Miyagi 1-35-7, Urasoe, Okinawa, Japan 901-2126
  9011. score DIRECTHOPENETJP 1.5
  9012.  
  9013.  
  9014. #inetnum: 103.57.4.0 - 103.57.7.255
  9015. header DIRECTEXPRT X-Spam-Relays-Untrusted =~ /^\[ ip=103\.57\.[4-7]\.\d{1,3} /
  9016. describe DIRECTEXPRT directly received spam from Expert Incorporated 6-12-1 Nishi-shinjuku, Shijuku-ku, Tokyo, 160-0023, Japan
  9017. score DIRECTEXPRT 1.5
  9018.  
  9019.  
  9020. #inetnum: 103.51.80.0 - 103.51.83.255
  9021. header DIRECTOAKLEAF X-Spam-Relays-Untrusted =~ /^\[ ip=103\.51\.8[0-3]\.\d{1,3} /
  9022. describe DIRECTOAKLEAF directly received spam from Oak leaf LLC 2-18 Burieiidabasi6F, Agebacho,, Shinjuku-ku Tokyo 162-0824
  9023. score DIRECTOAKLEAF 1.5
  9024.  
  9025. header DIRECTDIXCL X-Spam-Relays-Untrusted =~ /^\[ ip=153\.122\.(?:0\.(?:\d|\d\d|1[0-4]\d|210)|1\.(?:95|169)|2\.2(?:3[2-9]|[45]\d)|3\.(?:\d|\d\d|1[01]\d|165)|44\.(?:\d|\d\d|1[0-3]\d|4[0-7])|45\.177|61\.(?:28|15[0-3])) /
  9026. describe DIRECTDIXCL directly received spam from DIX Co., Ltd. 10F CERULEAN TOWER, 26-1, Sakuragaoka-cho, Shibuya-ku, Tokyo 150-8512, Japan
  9027. score DIRECTDIXCL 1.5
  9028.  
  9029.  
  9030. header DIRECTUNKNOWN X-Spam-Relays-Untrusted =~ /^\[ ip=(?!(?:127\.0\.0\.1|192\.168(?:\.\d{1,3}){2}|172\.(?:1[6-9]|2\d|3[01])(?:\.\d{1,3}){2}|10(?:\.\d{1,3}){3}))\d{2,3}(?:\.\d{1,3}){3} rdns= /
  9031. describe DIRECTUNKNOWN directly received spam from suspicious dynamic IP
  9032. score DIRECTUNKNOWN 0.3
  9033.  
  9034.  
  9035. meta ___DYNAMICIP (DIRECTYOURNET || DIRECTINTERSPIN || DIRECTDION || DIRECTODN || DIRECTINFOSPHERE || DIRECTSONETDYN || DIRECTOCNDYN || DIRECTVECTANTDYN || DIRECTHI_HO || DIRECTUSENBROAD || DIRECTBBTEC || DIRECTINFOWEB || DIRECTDTI || DIRECTBIGLOBE || DIRECTALPHANET || DIRECTUNETSURF || DIRECTEDITNET || DIRECTDSNETWORKS || DIRECTGERAGERA || DIRECTGMOACCESS || DIRECTIIJ4U || DIRECTVIPLT || DIRECTVOICETOWN || DIRECTSST_BB || DIRECTASAHINET || DIRECTTCOMADSL || DIRECTXEXONNET || DIRECTBBEXCITE || DIRECTITSCOM || DIRECTSAINET_NET || DIRECTDORPHIN || DIRECTWILLCOM || DIRECTHYPERBOX || DIRECTINTERLINK || DIRECTLINKCLUB || DIRECTPLALA || DIRECTPOWEREDCOM || DIRECTARCSTAR || DIRECTINTERQ || DIRECTEACCESS || DIRECTCPI || DIRECTPROX || COMBZMAIL_JP || TOKU_NET || BARBWIRE || DIRECTSAKURAWEB || LOLIPOP || SOHO || CSIDENET || NICNAME || DATAHOTEL_JP || EXCITEWEB || DIRECTCLARA || DIRECTSAVVIS || DIRECTATTGNS || DIRECTASIANETCOM || DIRECTSYSTEMDESIGN || DIRECTWAKWAK || DIRECTMEDIAWARS || DIRECTBITDRIVE || DIRECTXREA || DIRECTMEDEXCG || DIRECTADVANSCOPE || DIRECTDIGIROCK || DIRECTCOMMUFA || DIRECTEMOBILE || DIRECTKDDI || DIRECTSBIDC || DIRECTNTTMEDIAS ||DIRECTK_OPTICOM || DIRECTJCN || DIRECTDOMIRU || DIRECTMIRAI || DIRECTPREMIERE || DIRECTJETINTERNET || DIRECTQTNET || DIRECTIPCORE || DIRECTTSUKAERUNET || DIRECTCRMSTYLE || DIRECTADVANTAGE24 || DIRECTFASTNET || DIRECTSOUKI || DIRECTSHIZUOKAUNIV || DIRECTBEKKOAME || DIRECTARUZE || DIRECTINTERCEPT || DIRECTNAGOYAUNIV || DIRECTTOHOUNIV || DIRECTWINSCOMM || DIRECTBIT_ISLE || DIRECTG_EMEDIA || DIRECTABLENET || DIRECTTOYOHASHICBN || DIRECTPIPEDBITS || DIRECTRISE || DIRECTVFLETS || DIRECTKAGOYA || DIRECTFUTURESPIRITS || DIRECTYAHOOJP || DIRECTCYBERNET || DIRECTSINSHUUNIV || DIRECTACE || DIRECTRAT || DIRECTSEEDS || DIRECTREDSPEED || DIRECTPARKCITY || DIRECTCCNET || DIRECTGENESIS || DIRECTMARUBENI || DIRECTOKAYAMANET || DIRECTGREENNET || DIRECTMICS || DIRECTMEDIAEX ||DIRECTFUJITSUNAGANO || DIRECTNIPPONRAD || DIRECTADACHI || DIRECTDOUBLECAST || DIRECTIMPACT || DIRECTNCPNET || DIRECTREINCA || DIRECTI2TS || DIRECTBEACONNC || DIRECTCNCI || DIRECTAPEIRON || DIRECTIDCLLC || DIRECTMSTLLC || DIRECTRAKUSUNET || DIRECTPOSTSECURE || DIRECTBNTYLWSLF || DIRECTSKYBLUE || DIRECTNINEINC || DIRECTBMCJP || DIRECTYORKLLC || DIRECTACTIVELLC || DIRECTSUNRISELLC || DIRECTBLUEEYESLLC || DIRECTBACLJP || DIRECTPROGRESS || DIRECTMSLLC || DIRECTGIGABITLINE || DIRECTIKNETLLC || DIRECTVIOLETPURPLE || DIRECTAMIBITIOUS || DIRECTMYHOUSE || DIRECTFLUSHNET || DIRECTLAUREL || DIRECTSILVERGLASS || DIRECTMAINZ || DIRECTYSISLAND || DIRECTM10SENSE || DIRECTRAPIDSQUARE || DIRECTINFRANET || DIRECTNETCRUISE || DIRECTNEXTAGE || DIRECTMSCOOK || DIRECTHRC || DIRECTET355HK || DIRECTTOKYOCOMLLC || DIRECTIFNETJP || DIRECTNATOMAJP || DIRECTRIPPLELLC || DIRECTGAMECOLTD || DIRECTFREEASYINC || DIRECTSPACEGRYLLC || DIRECTNETBCPJP || DIRECTACCESSMJP || DIRECTFOXINCJP || DIRECTHOPENETJP || DIRECTEXPRT || DIRECTOAKLEAF || DIRECTDIXCL || FORGEDHELOYAHOO || ___KOREATAIWANCHINA || WAVEB_US || HOPONE_US || IWEBGROUP_US || SPCS_US || GNAXNET_US || PSINET_US || AKANOC_US || AMAZON_EC_US || ALTAWAY_US || GMO_US || DIGITALOCEAN_US || ROOTLEVELTECH_US || CORPCOLO_US || NTTECH_US || UNITEDLAYER_US || EONIX_US || WISHCOM_US || OTHER_FOOTSTOOL || BUGGYRECIEVED )
  9036. # && ! RCVD_IN_DNSWL_NONE
  9037.  
  9038. #
  9039. #
  9040.  
  9041. replace_rules DIRECTYOURNET DIRECTINTERSPIN DIRECTDION DIRECTODN DIRECTINFOSPHERE DIRECTSONETDYN DIRECTOCNDYN DIRECTVECTANTDYN DIRECTHI_HO DIRECTUSENBROAD DIRECTBBTEC DIRECTINFOWEB DIRECTDTI DIRECTBIGLOBE DIRECTALPHANET DIRECTUNETSURF DIRECTEDITNET DIRECTDSNETWORKS DIRECTGERAGERA DIRECTVOICETOWN DIRECTSAKURAWEB DIRECTHYPERBOX DIRECTGMOACCESS DIRECTIIJ4U DIRECTASAHINET DIRECTVIPLT DIRECTSST_BB DIRECTTCOMADSL DIRECTXEXONNET DIRECTBBEXCITE DIRECTITSCOM DIRECTSAINET_NET DIRECTDORPHIN DIRECTWILLCOM DIRECTINTERLINK DIRECTLINKCLUB DIRECTPLALA DIRECTUNKNOWN DIRECTPOWEREDCOM DIRECTARCSTAR DIRECTINTERQ DIRECTEACCESS DIRECTCPI VALIDEZWEB VALIDVODAFONE DIRECTPROX DIRECTCLARA DIRECTSAVVIS DIRECTATTGNS DIRECTASIANETCOM DIRECTSYSTEMDESIGN DIRECTWAKWAK ONLY1HOPDIRECT ONLY1HOPDIRECTARIN ONLY1HOPDIRECTRIPE ONLY1HOPDIRECTLACNIC ONLY1HOPDIRECTAFRINIC CNCGROUP ___GOOMAIL_CNCGROUP ___INFOSEEK_WEBMAIL_CNCGROUP ___HOTMAIL_CNCGROUP ARIN RIPE_NCC LACNIC AFRINIC VAAN_KR ___GOOMAIL_VAAN_KR ___INFOSEEK_WEBMAIL_VAAN_KR
  9042.  
  9043.  
  9044. header REVDNSUNKNOWN Received =~ /\(\[(?!(?:127\.0\.0\.1|192\.168(?:\.\d{1,3}){2}|172\.(?:1[6-9]|2\d|3[01](?:\.\d{1,3}){2}|10(?:\.\d{1,3}){3})))\d{2,3}(?:\.\d{1,3}){3}\]\)/
  9045. describe REVDNSUNKNOWN some MTA doesn't tell result of reverse dns lookup failure.
  9046. score REVDNSUNKNOWN 0.2
  9047.  
  9048.  
  9049. header COMBZSENDER X-Sender =~ /CombzMailSender/
  9050. score COMBZSENDER 0.5
  9051. header COMBZMSGID MESSAGEID =~ /^<2\d+\.\d+\.qmail\@[a-z]\d+(\.ps){0,1}\.combzmail\.jp>/
  9052. score COMBZMSGID 0.5
  9053. # header COMBZMAGAZINEID exists: MagazineId
  9054. # score COMBZMAGAZINEID 0.5
  9055.  
  9056.  
  9057. #
  9058. # - include private configuration file
  9059. # You can write your private settings into separated file.
  9060. # Ex. spamcop_from_address, spamcop_to_address, ...
  9061. # Relative path begins from ~/.spamassassin/ .
  9062. # 2005.10.09 by [yoh]
  9063. # replaced 2011.04.17 by [yoh]
  9064. # http://hibari.2ch.net/test/read.cgi/unix/1124772932/429
  9065.  
  9066. include private_prefs
RAW Paste Data