> > awk '/qmgr.*queue active/ { print $7 }' /var/log/maillog |\
> > cut -d "@" -f 2 | cut -d ">" -f 1 | sort -f | uniq -ic | sort -rfn \
> > | egrep -i " b\."
>
>It found three results. Two were spam and one was legit. The legit sender
>was (believe it or not) "[EMAIL PROTECTED]". I am not
>fluent in regexp. (The man page made my eyes glaze over.) Would your
>suggested filter have allowed or disallowed that particular address?
>
> > /@b\./ 554 ACL from_senders_bw
.... won't catch [EMAIL PROTECTED]
It will only catch @b.domain.tld
