> 4tuple is fine, but if it is only one path out of smtpd restrictions. > "OK" in any restriction before 4tuple restriction will not show up in 4tuple.
Thanks for the reminder. In my case I don't have any "OK's" anywhere in any acess maps at this point. (I'm an ISP and primarily let users decide with declude what to delete. I reject at IMGATE very loosly but am starting to increase my rejections since the sobig onslaught. With barely any restrictions I'm rejecting about 80% (over 300k per day)) So for me it works for finding legit mailers :)
