On Wed, 4 Apr 2007, guenther wrote: > Also, since you are specifically aiming at *large* mail, keep in > mind that there usually is a max size for mail to be scanned at > all. IMHO SA is not the best candidate for this kind of "gathering > logs".
Agreed. You might be better served just by analysing your MTA logs - you should be able to calculate user_name, total_outbound_bytes information fairly easily from that using just a simple perl script. And if you add a "net impact" analysis of message_bytes * number_of_message_recipients then abuse will stand out more clearly... -- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ [EMAIL PROTECTED] FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- Gun Control is nothing more than an attempt to return to feudalism, where the peasants are helpless and must humbly petition their lord and master to protect them from bandits and thieves (when they can get around to it), and where the lords and masters can abuse the peasants whenever they like without fear of effective resistance. ----------------------------------------------------------------------- 9 days until Thomas Jefferson's 264th Birthday
