> >Spammer has forged the reply to address to [EMAIL PROTECTED] and 20000
> >other variations 9999ndndn@ hhh88899@ etc
>
>Do they always contain four or more numbers in a row? If so, could you
>use check_sender_access with a regexp map that looks something like:
>
>/\d{4,}/ REJECT
if there is a fixed pattern in the header info ( mailq | less ), then you
can avoid the searching the body for the pattern. I had to cleanup one
attack where all the recipients were @hanmail.
In the set of basic IMGate files, I include the mailq-online.pl script to
get the mailq records on one line.
Len
