## Sites abused by spammers
## PSI relay machines
ipacl 38.8.210.2-rw 38.9.52.2-rw 38.8.188.2-rw 38.8.14.2-rw
# db1.datablast.net keeps being used as a relay for cyberpromo stuff.
ipacl 207.60.250.253-rw
# earthlink.net, who we don't talk to anyways. I'm tired of log chatter
# from them, and if it clogs up THEIR servers maybe they'll be inclined to
# do something about it.
ipacl 204.250.46.0/24-rw 204.119.177.0/24-rw
# worldnet.att.net suddenly has a huge spam problem.
#ipacl 204.127.131.0/24-rw
# ultra.syspac.com; not only do they relay but they don't put IP info in
# the Received: headers.
ipacl 204.96.14.5-rw
ipacl 206.103.79.93-rw		# popalex2.linknet.net
ipacl 203.2.75.38-rw		# kyoko.mpx.com.au, and they retry everything
ipacl 202.231.192.40-rw		# cola.bekkoame.or.jp
ipacl 205.138.224.216-rw	# mail.inreach.com
ipacl 131.111.24.1-rw		# emu.dpmms.cam.ac.uk and violates RFC 821
				# badly. (They are optimists)
ipacl 138.250.1.172-rw		# calisto.ccc.cranfield.ac.uk
ipacl 163.1.2.33-rw		# oxmail4.ox.ac.uk
ipacl 163.1.2.1-rw		# oxmail2.ox.ac.uk
ipacl 206.152.112.1-rw		# ns1.hgo.net
ipacl 207.176.194.10-rw		# m1.gtn.net
ipacl 208.24.33.53-rw		# services.aminvestnet.com

# All of enterprise.net, clueless and unable to stop spammers. Enough is
# enough.
ipacl 194.72.192.0/19-rw


## Spammers:
# Cyberpromo
#ipacl 207.124.161.0/24-rw	# bulksendit.com -- may be dead now, since
				# I think this is the IDCI circuit that went
ipacl 205.199.2.0/24:6-rw
ipacl 205.199.212.0/24:6-rw
ipacl 204.137.220.0/24-rw
ipacl 204.137.221.0/24-rw	# cybermirror1.com, 204.137.221.10
ipacl 204.137.222.0/24-rw	# temp.cyberpromo.com, 204.137.222.241.
ipacl 204.137.223.0/24-rw	# answerme.cybermirror1.com, 204.137.223.15
ipacl 206.154.10.0/24-rw	# mci.savetrees.com, 206.154.10.40
ipacl 207.120.46.0/26:6-rw 	# auto-relay3.cybermirror1.com, 207.120.46.30
				# and now www.cyberpromo.com, same IP.
# access unlimited (ACUN), who hosted a Cyberpromo machine (and may still)
# and then got into the UCE/UBE business themselves.
ipacl 206.27.86.0/24-rw
# slutnet: nancynet/sallynet/etc
ipacl 205.199.4.0/24:6-rw
ipacl 205.198.78.0/23:6-rw
# LCGM, may they rot slowly et al.
ipacl 208.216.244.0/22-rw 208.197.13.0/24-rw 208.225.212.0/22-rw
# LLV et al. (llv.com and sixty zillion others)
ipacl 205.254.164.0/22-rw
ipacl 205.137.58.0/24-rw
# iemmc.org, which is being used to launder connections to people now.
ipacl 206.85.20.0/24-rw
# nettwerks.com, which hosts other people and otherwise mutates SMTP HELO's.
ipacl 207.212.160.0/24-rw
# we-deliver.net and Golfballs Unlimited. Fortunately for cohabitators, we
# have variable length subnet masks. Aren't we nice?
ipacl 208.211.205.64/27:6-rw
# t-1net.com, which appears to be tied to we-deliver.net.
ipacl 208.21.213.0/24:6-rw
# mailermachine.com
ipacl 208.144.211.0/24-rw
# jax-inter.net and phazer.com; they vary the SMTP HELOs et al
ipacl 204.254.251.0/24-rw
# isp-inter.net
ipacl 207.120.43.0/24:6-rw
# quantcom.com/cvcom.net/Quantum Communications et al
ipacl 209.14.30.0/24-rw
# Southwind Enterprises et al; see http://www.southwindent.com
ipacl 207.7.20.0/22-rw
ipacl 207.7.22.0/23-rw
# bubba.greatoffer.com, 205.177.251.11
ipacl 205.177.251.0/24-rw
# marketit.com
ipacl 151.196.87.0/24-rw
# hitsrus.com
ipacl 205.164.68.0/24-rw
ipacl 207.176.45.0/24-rw # 207.226.241.0/24-rw	# thehitman DNS subnets
# 1-global.com, at 204.157.168.3 (at least); also submitking et al.
ipacl 204.157.168.0/24-rw
# softcell.net
ipacl 38.216.110.0/24-rw
# camelot.net et al. Welcome to spammerville, please check your packets at the
# door.
ipacl 206.149.148.0/22-rw
# globalpac.com
ipacl 206.170.230.0/23-rw
# cyber-broadcasting.com
ipacl 209.29.173.0/24-rw
ipacl 209.112.1.0/24-rw
# webspinerz.com, well-known spammers who've hammered on us. Despite the
# names involved, they own this entire class C.
ipacl 208.193.38.0/24-rw
# 209.14.198.200 is gateway.pornosex.com, which has been hammering the
# SMTP server without doing anything. AGIS netblock, plus 209.14.198.12
# aka mail.webpromo.net. Sigh.
ipacl 209.14.198.0/24-rw
# 1stfamily.com et al, possibly linknet.net as well.
ipacl 208.15.229.0/24-rw
# tricreations.com et al. many domain names.
ipacl 207.156.166.0/24-rw
# telysis.com and asssociated things such as intersponse.com
ipacl 204.148.35.0/24-rw
# the charming people of 'Make It So', who like forging SMTP HELOs and making
# up new domains.
ipacl 208.12.112.0/23-rw
# 208.2.180.249 is funds2.owedmoney.com and are spammers. My mercy is scant.
ipacl 208.2.180.0/24-rw
# emailpromo.com
ipacl 206.185.22.0/24-rw
# poffice.com, provider of bulk email friendly services.
ipacl 206.85.231.0/24:6-rw
# The charming people behind seductress.com, aka Access Nevada.
# This agglomerates a bunch of networks on various places, like MCI (sigh).
ipacl 206.29.5.0/24-rw 206.29.6.0/24-rw 206.29.20.0/23-rw 206.29.24.0/23-rw
ipacl 206.96.32.0/23-rw 205.199.240.0/21-rw 207.168.90.0/24-rw
ipacl 207.168.92.0/24-rw 205.199.152.0/21-rw
# home of telysis.com, spammers.
ipacl 204.148.35.0/24-rw	# 206.222.107.0/24-rw
# owlsnest.com et al
ipacl 206.112.60.0/24-rw
# hello moneyworld; goodbye, moneyworld. see infotrek.net, helpnet.net, etc.
ipacl 207.12.78.0/24-rw
# babeview.com, aka Over The Air Equipment; this may be an old and now
# dead netblock, but NIC still lists it. We used to nail
# 207.247.16/24, but we'll hit just them specifically.
ipacl 207.247.16.208/28-rw
# infowatch.net
ipacl 209.25.84.0/24-rw
# kustom.on.ca
ipacl 204.101.226.0/24-rw
# spamrelay.grandbikes.com and what do you know, it relayed spam to us.
# no reaction, no tolerance: bye bye class C.
ipacl 208.219.218.0/24-rw	# 208.219.218.3-rw
# globalproper.com; associated with 1stchoice.com and globalfinc.com?
# they forged SMTP HELO's on .79, .101, and .105 at least. No more nice
# guy now, they get the whole class C.
ipacl 206.31.38.0/24-rw
# global-impact.com and gwh.net, hosted in icix.net? opsys.com?
ipacl 198.242.111.0/24-rw
# shoppingplanet.com, whee.
ipacl 205.164.70.0/23-rw
# maxpol.com; mail.maxpol.com == 207.139.145.7
ipacl 207.139.145.0/24-rw
# ientertain.com, WKP communications, etc.
ipacl 207.149.0.0/24-rw
# both world-services.com and netsurfers.net (the same people, just different
# IP blocks).
# see http://www.world-services.com/promotions/imarketing.htm, and note that
# they lie about how 'targeted' their email spamming is; a spamtrap address
# got stuff.
ipacl 209.25.85.0/24-rw 207.234.172.0/24-rw
# gzinc.com and netdetective.net, spammers. And on AGIS. Bye.