> 2. I am hoping that the alarm message would contain information that > the logfile entries don't contain, such as what the would-be spammer > entered for the HELO and MAIL FROM. This information will be > absolutely essential if I am going to try to press the issue with an > ISP.
Well, you could grow old waiting for GTA to implement the Wish List. (Nothing against GTA, just speaking to the volume of issues there.) Maybe something like Snort (www.snort.org) would do what you want. You could probably write a rule to pick out SMTP not destined for your domain, and have it dump the entire contents of the packets. -- Alex Howansky Wankwood Associates http://www.wankwood.com/
