John Hinton wrote: >> Yes... most of them. Just the new PITA. Anyway... I still can't seem to figure out how to log the IP addresses for this attack. << I'd use iptables to log connections on that port and then time-correlate with the log entries from saslauthd. Best, --- Les Bell [http://www.lesbell.com.au] Tel: +61 2 9451 1144