On 08/07/2014 07:01 AM, Philip Prindeville wrote:
On Aug 6, 2014, at 1:23 PM, Paul Stead <paul.st...@zeninternet.co.uk> wrote:
On 06/08/14 20:00, John Hardin wrote:
Can some fresh samples be posted to pastebin?
http://pastebin.com/yHiT2s3t
http://pastebin.com/DpxpJhtA
http://pastebin.com/DYx1ap31
:)
Uh… the hostname in all of these URL’s always resolves to 98.124.199.1.
I just use:
uri_block_cidr L_BLOCK_CIDR 98.124.199.1
body L_BLOCK_CIDR eval:check_uri_local_bl()
describe L_BLOCK_CIDR Block URI's pointing to bad CIDR's
score L_BLOCK_CIDR 7.5
and this nails it. See:
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7060
Suggesting to list any IP in the 98.124.192.0/18 net with a score of 7
is not very wise advice.
It will hit many thousand legitimate domains hosted on Enom.