> >I also have seen ones where [EMAIL PROTECTED] was forged by > >the source. All sorts of fun. > > How would you test for that? Data portion isn't in the logs - did you find > that with verbose logging turned on? My maillog is already 400+Meg/day, and
I know that one because I had them in my inbox. Since my gateway appends @cybertime.net there should never be anything with @imgate01.cybertime.net in existence. So I started killing it with a header check and nail a few here and there. > want it to leave the data header alone (except for of course the required > Received: additions, etc.), just like as I understand RFC2821 says it > should - not that I claim to always fully understand the sometimes cryptic > nuances of RFC specs... :-) And the RFCs have many times conflicted with themselves, or not accounted for the real world. Such is life. Have fun tinkering with your filtering! --Eric
