> also, same trick to exclude -i "proto=smtp" since legit mail servers will > nearly always send HELO for proto=ESMTP
zegrep -ic 'reject.*from unknown\[.*4tuple.*proto=smtp' maillog.0.gz 14990 zegrep -ic 'reject.*4tuple.*proto=smtp' maillog.0.gz 52167 15k proto=smtp with no PTR of 52k 4tuple/proto=smtp Ever thought of requiring ESMTP ? Or is that a bad idea?
