Okay, I don't proclaim to be a procmail expert, so no laughing... I put the following in the procmailrc on one of our mailservers just now: :0: * > 80000 * ^Subject:.*(Install this patch immediately|Current Microsoft Critical Upgrade|Current Update) /home/tmp/fakepatch
Basically, looking at all messages above 80K in size, and then looking for 1 of 3 subject variants reported so far, and then if it all matches pushing the message into a message file for later review. I'd like to me able to see some of the bodies of the emails, in order to target the filter a little better. Any comments/suggestions/etc welcome. If this rule works (the particular server its on average 1 message every 3 seconds) I'll push it out to the larger/busier servers that handle the customer accounts (above 10K mailboxes total). I'm also working on a perl/cgi-based procmail manager (we have about a dozen email servers to maintain) that allows you to have 1 "master" procmail body that can be edited via html GUI and then sync'd to the remote boxes. -- Brian <[EMAIL PROTECTED]> _______________________________________________ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss