On Aug 6, 2014, at 11:20 PM, Axb <axb.li...@gmail.com> wrote: > On 08/07/2014 07:01 AM, Philip Prindeville wrote: >> >> On Aug 6, 2014, at 1:23 PM, Paul Stead <paul.st...@zeninternet.co.uk> wrote: >> >>> >>> On 06/08/14 20:00, John Hardin wrote: >>>> Can some fresh samples be posted to pastebin? >>>> >>> http://pastebin.com/yHiT2s3t >>> http://pastebin.com/DpxpJhtA >>> http://pastebin.com/DYx1ap31 >>> >>> :) >> >> >> Uh… the hostname in all of these URL’s always resolves to 98.124.199.1. >> >> I just use: >> >> uri_block_cidr L_BLOCK_CIDR 98.124.199.1 >> body L_BLOCK_CIDR eval:check_uri_local_bl() >> describe L_BLOCK_CIDR Block URI's pointing to bad CIDR's >> score L_BLOCK_CIDR 7.5 >> >> and this nails it. See: >> >> https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7060 > > Suggesting to list any IP in the 98.124.192.0/18 net with a score of 7 is not > very wise advice.
I’m listing a /32. Where do you get a /18 prefix? -Philip > > It will hit many thousand legitimate domains hosted on Enom. >
