>Looking at pflogsum output, it looks like my header check for one of the
>latest virii is working (<x> substituted for real to address):
>
> header
> 1 Subject: Re: Movies; from=<[EMAIL PROTECTED]> to=<x>
> 1 Subject: Re: Movies; from=<[EMAIL PROTECTED]> to=<x>
> 1 Subject: Re: Document; from=<[EMAIL PROTECTED]> to=<x>
> 1 Subject: Re: Movies; from=<[EMAIL PROTECTED]> to=<x>
> 1 Subject: Re: Movies; from=<[EMAIL PROTECTED]> to=<x>
from_senders_bw.map works too:
boss.com 554 ACL You Are All Diseased
As does SAV automatically, since the MX for boss.com is dead.
Here's SAV rejects from a yahoo MTA today:
# grep -i "yahoo.*big@boss" /var/log/maillog | wc -l
606
Len
