Len Conrad wrote: > >>I'm using the following body check: >> >>/^UEsDBAoAAAAAA/ REJECT > > > nice work!! using that rule: > > Mgw1# egrep -ic "novarg zip" /var/log/maillog > 39 > > ... in under an hour. > > Len
As noted on the postfix-users list, the REJECT should be DISCARD due to the forged From:. Also, Wietse suggested: "If you really want to be safe, use HOLD instead of REJECT and then purge the hold queue once in a while." -- Chris Scott Host Orlando, Inc http://www.hostorlando.com/
