1) Anything that calls log() has to refrain from adding a newline to the log message (virus/exe_filter had a newline when showing what message line matched the filter), or else the continuation line might be captured by the wrong log (in this case, it will show up in the "accepted" log even though the message was rejected).
2) The pattern matching in multilog is very simplistic, so it is not possible to filter the log lines unless the prefix character is completely unique (i.e. is never going to be in any log message); I wound up using the left single quote (`) character, since the exclamation point by itself would mean the "Queued!" messages would show up in the "rejected" log.
3) Some failures are not failures:
2005-04-07 16:25:55.351751500 23061 Could not print [221 b.mx.rlpgbooks.com closing connection. Have a wonderful day.]: Connection reset by peer
This is a log() call from TcpServer, usually from when spamware gets bored and drops the line before getting the final ACK from the server. Technically, it is a failure (and the rest of the lines are logged in the "reject" log), but this line will appear in the "accept" log.
4) Spammers are scum - while testing I discovered that some spammers on a blacklist would try a dozen or more addresses before giving up; I'm going to change dnsbl to return DENY_DISCONNECT instead of DENY, since once you are on a configured blacklist, no message will be accepted (except postmaster and abuse, which should have been already whitelisted).
5) There are a few plugins which still use numbers instead of LOGXXXX constants (I'll work my way through them).
John
