Here's a list of the IPs with PTR getting anvilled in my first experience with anvil:
1. note that all aol IPs are .aol.com, and see the PTRs appearsing to aol. 2. the anvil victims are: subscribers, spam farms 0x503e3612.boanxx10.adsl-dhcp.tele.dk. 10.gd-aol.com. 109.fdaol.com. 11.gd-aol.com. 117.fdaol.com. 118.fdaol.com. 12.gd-aol.com. 16.Red-81-38-187.pooles.rima-tde.net. 200-171-21-188.dsl.telesp.net.br. 205-240-201-47.reverse.cablecolor.hn. 206-253-7-145.client.dsl.net. 209-128-108-153.BAYAREA.NET. 218-164-57-230.HINET-IP.hinet.net. 23.block7.mcsdschools.com. 24-196-225-110.cpe.ga.charter.com. 24.yhlaij.com. 31.gd-aol.com. 32.gd-aol.com. 33.gd-aol.com. 54.ctymail.com. 54.gd-aol.com. 55.ctymail.com. 55.gd-aol.com. 56.ctymail.com. 56.gd-aol.com. 57.ctymail.com. 62.61.132.156.generic-hostname.arrownet.dk. 64-60-135-74.cust.telepacific.net. 65-86-189-195.client.dsl.net. 66-114-254-10.quadramastersymbol.com. 66-114-254-11.quadramastersymbol.com. 66-114-254-13.quadramastersymbol.com. 66-114-254-14.quadramastersymbol.com. 66-114-254-15.quadramastersymbol.com. 66-52-93-70.stkn.mdsg-pacwest.com. 66-7-137-106.progressivedeals.com. 66-7-137-112.progressivedeals.com. 66-7-137-27.progressivedeals.com. 66.domain.tld. 67-108-25-122.hopebytheorange.com. 67-108-25-123.hopebytheorange.com. 68-190-200-15.rc-eres.charterpipeline.net. 69-2-71-146.wan.networktel.net. 69-60-98-33.mysavemoneynow.com. 69-60-98-42.bestemaildeals.net. 69-60-98-43.bestemaildeals.net. 69-60-98-72.optinadsolutions.com. 69-60-98-76.optinadsolutions.com. 69-60-98-81.optinadsolutions.com. 76.gd-aol.com. 80.178.81.238.forward.012.net.il. 88.gdaol.com. 89.gdaol.com. 8itchku.com. 93-7.200-68.tampabay.rr.com. 96-216-209.ftl-nj.webhostplus.com. 96.gd-aol.com. @ a213-22-145-10.netcabo.pt. adsl-159-185-1.bhm.bellsouth.net. adsl-206-138.webshoppe.net. adsl-206-140.webshoppe.net. adsl-208-191-254-41.dsl.ltrkar.swbell.net. adsl-221-207-15.mgm.bellsouth.net. adsl-64-108-73-177.dsl.klmzmi.ameritech.net. adsl-64-108-84-233.dsl.akrnoh.ameritech.net. adsl-64-108-98-162.dsl.wotnoh.ameritech.net. adsl-64-171-98-2.dsl.sndg02.pacbell.net. adsl-66-143-166-120.dsl.austtx.swbell.net. adsl-67-113-29-192.snfc21.pacbell.net. adsl-67-123-16-151.dsl.bkfd14.pacbell.net. adsl-67-67-250-34.dsl.wchtks.swbell.net. adsl-68-121-18-137.dsl.irvnca.pacbell.net. adsl-68-20-8-70.dsl.emhril.ameritech.net. adsl-68-75-18-216.dsl.wotnoh.ameritech.net. adsl-68-78-143-112.dsl.emhril.ameritech.net. adsl-68-91-131-199.dsl.okcyok.swbell.net. adsl-68-94-44-81.dsl.rcsntx.swbell.net. adsl2-5-143.du.simnet.is. ais1.americaninternetsurveys.com. ais2.americaninternetsurveys.com. ais3.americaninternetsurveys.com. alert.myweather.net. anetrelay1f-ext.authorize.net. ANeuilly-102-1-4-24.w80-11.abo.wanadoo.fr. apro4.com. at1.atuig.com. at4.atuig.com. atlas.netoes.com. aw38-29.allwest.net. bc16178.bendcable.com. bigvalue-sc.bigvaluenetwork.com. bin2ah0.com. blackbird.nmailer.com. bounce.winxpnews.com. bzq-218-107-218.red.bezeqint.net. bzq-80-59-216.red.bezeqint.net. c-24-126-26-235.we.client2.attbi.com. c-24-15-22-158.client.comcast.net. c-24-4-131-51.client.comcast.net. c-66-41-174-35.mn.client2.attbi.com. c-66-41-57-157.mn.client2.attbi.com. c-66-56-6-52.atl.client2.attbi.com. c-67-163-209-147.client.comcast.net. c68.117.143.85.mad.wi.charter.com. c68.187.107.90.ona.wi.charter.com. c68.187.112.254.ona.wi.charter.com. ca-dibar-cuda1-c2b-18.anhmca.adelphia.net. cable-208-4.godollo.fibernet.bacs-net.hu. CBL217-132-212-103.bb.netvision.net.il. ccm01.roving.com. cdm-208-180-152-8.bnvl.cox-internet.com. cha-gw-03-213245001092.chello.fr. chr160dhcp30.chrchv01.md.comcast.net. client-out-27.4luonlkfb7jnboiprae.com. cliente-217217118164.uBRsec01.supercable.es. cliff.myweather.net. close-1.closeout-special.com. com1.turnberrycommons.com. com2.turnberrycommons.com. com3.turnberrycommons.com. compulsive1.compulsivebuys.com. compulsive6.compulsivebuys.com. consumer-marketplace.com. cookeville-24-158-163-36.midtn.chartertn.net. cpe-66-189-100-104.ma.charter.com. cpe-66-74-186-141.socal.rr.com. cpe-68-115-189-030.suff.va.charter.com. cpe-68-186-242-61.ma.charter.com. cray2.dataswitch.com. d115.dhcp212-198-104.noos.fr. d57-36-204.home.cgocable.net. DI-604-2.cpe.alex.al.charter.com. dm217.damonmoore.lh.net. dolphin1.dolphindues.com. dolphin2.dolphindues.com. dolphin3.dolphindues.com. dolphin4.dolphindues.com. dotmail.dot.state.al.us. dsl-51.226.240.220.dsl.comindico.com.au. dsl-80-46-207-241.access.uk.tiscali.com. dukep0l30corp.corp.emc.com. dyn-81-167-36-176.ppp.tiscali.fr. earth.netoes.com. em1.proffiliates.com. exch1.westboundexchange.com. exch2.westboundexchange.com. exch3.westboundexchange.com. exch4.westboundexchange.com. exch5.westboundexchange.com. exchange.dot.state.al.us. fhweb4.ifollowup.com. fhweb5.ifollowup.com. financepages.com. ftp.gogocards.com. g3.gd67.com. gatekeeper.russellcorp.com. gcb13.lnk2c.com. gcb14.lnk2c.com. gemtap5.com. gogocards.com. golftransactions.com. gpagolf.com. groupwise1.duc.auburn.edu. gw-szwed.telsten.com. h-81-15-194-25.dolsat.pl. h20.n219-68-172.adsl.giga.net.tw. h24-69-208-81.cc.shawcable.net. h24-80-69-48.vn.shawcable.net. h24.200.39.162.ip.alltel.net. h58-210-68-58.seed.net.tw. h69-10-154-202.n-01.net. helium.wlu.ca. host-200-223-214-154.eunanet.com.br. host-81-15-139-98.kalisz.mm.pl. host.better-delivery.com. Host011.dealventura.com. Host014.discovertrends.com. Host018.finalbuy.com. host124.samplesdirect.net. host125.samplesdirect.net. host126.samplesdirect.net. host196-99.pool80181.interbusiness.it. host246.200-117-145.telecom.net.ar. host51.sampleclub.net. host81-133-149-25.in-addr.btopenworld.com. host81-137-165-105.in-addr.btopenworld.com. host82-46.pool8248.interbusiness.it. host85.chesmatv.com. inboxnewsletters.com. ink.webair.com. inotes.markivauto.com. ip-216-73-191-51.hqglobal.net. ip-28.net-81-220-233.bruay.rev.numericable.fr. ip-64-237-69-92.eatel.net. ip-wv-68-119-157-024.charterwv.net. ip503c4b57.speed.planet.nl. jasper.he.net. jupiter.netoes.com. La03mail23.powerfulquotes.com. la03mail27.powerfulquotes.com. laplandc2.laptoplane.wayport.net. list.burpee.com. list.worldnex.net. localhost. lsanca1-ar43-4-35-217-077.lsanca1.dsl-verizon.net. lsanca1-ar6-4-62-200-038.lsanca1.elnk.dsl.genuity.net. lsanca2-ar29-4-41-064-075.lsanca2.elnk.dsl.genuity.net. lsmav2i.gtwy.uscourts.gov. lucia.doctorspreferred.com. lyris.ttla.com. m1.entertainmentupdates.com. m131.eyonkers.com. m139.zazinga.com. m140.zazinga.com. m141.zazinga.com. m83.efunseek.com. m85.efunseek.com. maia.netoes.com. mail.aliantbank.com. mail.communicomm.com. mail.everton.com. mail.gardenwiz.net. mail.gogocards.com. mail.indok.hu. mail.lakemartinrealty.com. mail.skycasters.net. mail.solartanthru.com. mail0.citigroup.com. mail01.shoptimize.com. mail06-02.myfavoritemail.com. mail1.zanada.net. mail12.quickinspirations.com. mail13.quickinspirations.com. mail16.quickinspirations.com. mail17.quickinspirations.com. mail2.gophercentral.com. mail3.openandsmile.com. mail3044.flowgo.com. mail3045.flowgo.com. mail3047.flowgo.com. mail3048.flowgo.com. mail3049.flowgo.com. mail3050.flowgo.com. mail3051.flowgo.com. mail3052.flowgo.com. mail3054.flowgo.com. mail3055.flowgo.com. mail3056.flowgo.com. mail3057.flowgo.com. mail3058.flowgo.com. mail3059.flowgo.com. mail3060.flowgo.com. mail3062.flowgo.com. mail3063.flowgo.com. mail3068.flowgo.com. mail3073.flowgo.com. mail3074.flowgo.com. mail3075.flowgo.com. mail3079.flowgo.com. mail3080.flowgo.com. mail3081.flowgo.com. mail3082.flowgo.com. mail3083.flowgo.com. mail3089.flowgo.com. mail781.emergencyemailnetwork.net. mail8.travelocity.com. mail8.zanada.net. mail87.mydailyoffer.com. mailer122.gossipflash.com. mailer125.gossipflash.com. mailer126.gossipflash.com. mailer150.yourbigvote.com. mailer151.yourbigvote.com. mailer153.yourbigvote.com. mailer154.yourbigvote.com. mailer155.yourbigvote.com. mailer4.qc88.com. mailer40.smilepop.com. mailer43.smilepop.com. mailer48.smilepop.com. mailer5.qc88.com. mailer52.smilepop.com. mailer67.dailyripple.com. mailer75.dailyripple.com. mailrtr2.mailzone.edeltacom.com. mars.netoes.com. megs15.100mwh.com. mercury.netoes.com. mgw1.meiway.com. mk07.one-2.net. modemcable232.148-131-66.mc.videotron.ca. mta1.joimailertoo.com. mta1.primary.ddc.dartmail.net. mta2.joimailertoo.com. mta2.realage.com. mx.thecreek.coldwatercreek.com. mx03.keen.com. mx1.ligareltd.com. mx1.luckydogfreebies.com. mx10.topofferz.net. mx14.trafficinsulator.com. mx2.ligareltd.com. mx3.ligareltd.com. mx63.rewards-center.net. mx65.rewards-center.net. mx73.rewards-center.net. mx8.topofferz.net. mxsf05.cluster1.charter.net. mxsf11.cluster1.charter.net. ned3cat.com. neptune.netoes.com. newd19.sm66.com. newd3.sm66.com. newd523.cw69.com. news.seqnet.net. newsmax.sparklist.com. ns.company-formation-house.co.uk. ns1.digswas.com. ns2.6gused.com. ns2.atenoah.com. ns2.celtkey.com. ns2.dukesix.com. ns2.ohcart.com. offd13.cw69.com. offd14.cw69.com. offd15.cw69.com. offd17.cw69.com. ool-4353092a.dyn.optonline.net. out004.tpca.net. out1.pirmail.com. out2.pirmail.com. overdrive.list-city.net. p136.travelocity.com. p2056-ipad201sapodori.hokkaido.ocn.ne.jp. p4020-adsao12honb5-acca.tokyo.ocn.ne.jp. p5080D838.dip.t-dialin.net. p508B4711.dip0.t-ipconnect.de. p508BF3D4.dip.t-dialin.net. p50918694.dip0.t-ipconnect.de. p6115-ipad24osakakita.osaka.ocn.ne.jp. p78.travelocity.com. pa100.gostyn.sdi.tpnet.pl. pacific15.optinmailbox.com. pb215.siedlce.sdi.tpnet.pl. pcp03862095pcs.glst3401.nj.comcast.net. pcp04024001pcs.whtmrs01.md.comcast.net. pcp06931623pcs.nrockv01.md.comcast.net. pcp08501606pcs.nash01.tn.comcast.net. permission-server.com. pluto.netoes.com. POLLY.cpe.alex.al.charter.com. pool-141-154-215-63.bos.east.verizon.net. pool-141-154-42-29.bos.east.verizon.net. pool-68-161-217-58.ny325.east.verizon.net. potbunker.com. ppp-68-89-169-168.dsl.hstntx.swbell.net. prodnet02.parago.com. pswmail-02.listeneremail.net. quickresponder.biz. rbn1-216-180-75-78.adsl.hiwaay.net. rbn2-216-180-114-8.adsl.hiwaay.net. regal4.regaladvantage.com. regal5.regaladvantage.com. resav2i.gtwy.uscourts.gov. rkk.tsi.net.pl. rly-ip04.mx.aol.com. rrba-161-23.telkomadsl.co.za. rs1.webcomm.us. rwcrmhc12.comcast.net. s5.mglide.com. s85n92.syd.eastlink.ca. sale-1.salestonight.com. sater.inway.net. saturn.netoes.com. sender1.clubmom.com. server.netjam.net. server10.enter7.com. sicm.lyris.net. smtp-live.theinsiders.com. smtp.ediets.com. smtp01.fastlane-loans.net. smtp05.fastlane-loans.net. smtp1.ediets.com. smtp9.my-bonus-center.com. spirean.com. spr2-warr2-3-0-cust173.manc.broadband.ntl.com. theoutdoorwire.com. this.ptr.is.named.in.honor.of.arin.nac.net. tj158.internetdsl.tpnet.pl. tpd19.techpowerupyourdotcom.com. track.specialdailydeals4u.com. track4.air-mails.com. treets0.ibsys.com. treetso.ibsys.com. Trishia.cpe.alex.al.charter.com. U134195.ppp.dion.ne.jp. unknown.servercentral.net. uranus.netoes.com. user81-55.chestnut.utoronto.ca. venus.netoes.com. vg1.emv7.net. weather.internetpro.net. web12908.mail.yahoo.com. web3.cybergolf.com. wheretogonext.com. www.gogocards.com. www.golftransactions.com. www.gpagolf.com. www.potbunker.com. www.theoutdoorwire.com. www.wheretogonext.com. xa231.neoplus.adsl.tpnet.pl. your-pa86z1i3g7.cpe.alex.al.charter.com. ywndp.your-world-news.com. zd6.scbxprs.com. zesty2.zesty.ws. zeus.netoes.com. As a result of the above, I have list aol.com and myweather.net in the anvil exceptions, but... upon looking at the maillog, it obvious than tons of msgs from aol.com and myweather.net, AFTER these IPs were anvilled. How does that happen? When an IP stops connectting for <time_unit> ( 30 mins), it get de-anvilled, and so the next <threshold> of msgs from that IP get accepted until/if they hit the threshold again. Very cool, dynamic behavior. anvil looks like a huge addition to postfix's tools. Len
