# SANS Internet Storm Center top attack sources
#
# Source: http://isc.sans.org/sources.html "DO NOT USE AS BLOCKLIST"
# Source copyright (c) SANS Inst. / DShield. some rights reserved.
# Source released as Creative Commons ShareAlike License 2.5 "by-nc-sa"
# Therefore this derivative is also released under that license.
#
# Creative Commons ShareAlike License 2.5
# http://creativecommons.org/licenses/by-nc-sa/2.5/
#
# SpamAssassin rules compiled automatically by a script by Adam Katz
# (c) Adam Katz, http://khopesh.com/Anti-Spam
# Version 2010051914-83614fc74352b0f93a456785d1030484

# header	 KHOP_ISC     X-Spam-Relays-Untrusted =~ / (?:by|ip)=(?-xism:^(?:2(?:2(?:2.(?:1(?:3(?:3.182.194|6.188.101)|86.(?:25.17|42.59)|71.104.171|21.157.13)|2(?:1(?:5.230.4|6.28.21)9|36.46.141)|(?:45.112.22|73.218.6)1|33.155.116)|1.1(?:9(?:2.199.(?:35|49)|5.73.86)|30.140.116)|0.162.207.62)|1(?:8.(?:6(?:0.130.216|1.17.10)|3(?:.204.139|0.22.82)|204.73.195|15.221.82|8.245.123|75.79.18)|1.1(?:43.230.140|03.153.49)|9.23(?:8.238.225|5.116.79)|2.14.228.46|3.23.171.37)|0(?:0.(?:113.109.155|46.196.130|57.146.24)|2.159.18.194|3.171.30.41)|4.98.109.144)|1(?:2(?:1.(?:1(?:4.(?:104.228|213.86)|89.61.124|0.117.40)|246.75.163)|2.(?:22(?:5.100.154|7.164.71)|102.64.54)|4.(?:2(?:47.193.17|37.121.5)|89.194.16)2|3.30.181.185|5.230.73.196)|1(?:9.62.128.11[35]|8.123.9.91)|9(?:3.93.207.130|0.2.29.193)|09.1(?:11.103.62|22.192.21)|74.1(?:38.160.13|42.39.135)|89.30.150.65)|6(?:1.(?:1(?:6(?:4.151.131|7.27.235|3.75.59)|5(?:1.246.14|2.107.15)0|28.110.96|76.216.44)|23(?:5.46.146|7.159.25))|0.1(?:91.(?:146.254|234.226)|61.78.155|73.11.20)|2.220.21.146|9.73.159.118)|8(?:1.(?:214.244.107|107.48.182)|(?:0.50.136.12|2.85.64.18)6|8.(?:203.203.147|80.10.1)|7.106.9.145|9.115.39.8)|5(?:9.(?:1(?:51.119.180|20.8.93)|(?:39.66|44.87).30)|8.(?:215.75.62|53.128.61|60.10.10))|9(?:3.6(?:2.207.167|3.180.84)|1.212.12(?:7.10|.6)0|2.240.68.15[23])|7(?:(?:1.57.50.15|5.125.39.7)4|4.205.241.29)|38.229.1.72)$) /
# describe KHOP_ISC     Received through an IP in the ISC top 100 attackers
# tflags	 KHOP_ISC     nopublish # auto-generated rule

# header	 KHOP_ISC_LE  X-Spam-Relays-Untrusted =~ /^[^]]+ (?:by|ip)=(?-xism:^(?:2(?:2(?:2.(?:1(?:3(?:3.182.194|6.188.101)|86.(?:25.17|42.59)|71.104.171|21.157.13)|2(?:1(?:5.230.4|6.28.21)9|36.46.141)|(?:45.112.22|73.218.6)1|33.155.116)|1.1(?:9(?:2.199.(?:35|49)|5.73.86)|30.140.116)|0.162.207.62)|1(?:8.(?:6(?:0.130.216|1.17.10)|3(?:.204.139|0.22.82)|204.73.195|15.221.82|8.245.123|75.79.18)|1.1(?:43.230.140|03.153.49)|9.23(?:8.238.225|5.116.79)|2.14.228.46|3.23.171.37)|0(?:0.(?:113.109.155|46.196.130|57.146.24)|2.159.18.194|3.171.30.41)|4.98.109.144)|1(?:2(?:1.(?:1(?:4.(?:104.228|213.86)|89.61.124|0.117.40)|246.75.163)|2.(?:22(?:5.100.154|7.164.71)|102.64.54)|4.(?:2(?:47.193.17|37.121.5)|89.194.16)2|3.30.181.185|5.230.73.196)|1(?:9.62.128.11[35]|8.123.9.91)|9(?:3.93.207.130|0.2.29.193)|09.1(?:11.103.62|22.192.21)|74.1(?:38.160.13|42.39.135)|89.30.150.65)|6(?:1.(?:1(?:6(?:4.151.131|7.27.235|3.75.59)|5(?:1.246.14|2.107.15)0|28.110.96|76.216.44)|23(?:5.46.146|7.159.25))|0.1(?:91.(?:146.254|234.226)|61.78.155|73.11.20)|2.220.21.146|9.73.159.118)|8(?:1.(?:214.244.107|107.48.182)|(?:0.50.136.12|2.85.64.18)6|8.(?:203.203.147|80.10.1)|7.106.9.145|9.115.39.8)|5(?:9.(?:1(?:51.119.180|20.8.93)|(?:39.66|44.87).30)|8.(?:215.75.62|53.128.61|60.10.10))|9(?:3.6(?:2.207.167|3.180.84)|1.212.12(?:7.10|.6)0|2.240.68.15[23])|7(?:(?:1.57.50.15|5.125.39.7)4|4.205.241.29)|38.229.1.72)$) /
# describe KHOP_ISC_LE  Received through an IP in the ISC top 100 attackers
# tflags	 KHOP_ISC_LE  nopublish # auto-generated rule