>Do I then need to do a reverse lookup test and reject on all messages?
no >Also, most of the stuff seems to be coming from the domain below: >Reports 0x50a1019a.odnxx7.adsl-dhcp.tele.dk. mta_clients_bw.map: adsl-dhcp.tele.dk 554 ACL mta_clients_bw that'll block out 1000's of ip's that adsl lines. this is the kind of blocking that I mentioned here in early Jan: in pcre:mta_clients_bw.regexp: /(docsis|dsl|client|dhcp|pool|cpe|host|cust|dial|access|in\-addr|arpa|cable|nombres|upc\-[a-z]|user|bri\-).*\..*\./ 554 ACL mta_clients_dul ... would have blocked your attackers. Len
