>I ended going went with: >/^Subject:.*(\^|~|\`|\\)/
well, ok, for really weird stuff, but I think we also need one for 4 or 5 occurrence (not necessarily adjacent, which I already block) of the more common obfuscation symbols %=!*_,. etc I guess 5 of any of those in subject: would be enough, 4 if you wannt really BOFH. >Blocks about 15 a day here (on avg. receiving about 6-8 K msgs. at this point, we're chasing crumbs of incremental rejects, so nobody's expecting that these kinds of rules will produces 1000's of rejects. The Received: bogon filter is one that is proving to be very accurate and surprisingly bounteous for some sites. And once you catch IPs with these content violations, you can promote them to mta_clients_bw so they are permanently blocked even if they change tactics. Len
