hi,
gibt's noch schnee in tirol? in wien ist fast sommer ;-)
it's not possible. i spoke to a symantec technikan last week.
you're right tom. opt1 isn't monitorable, because the connection was dropped before.
opt4 could be monitored. siehe my posting on top.
opt1: Reject connections where no reverse DNS record exists for the connecting IP address
opt4: Reject messages where the domain provided in the MAIL FROM address has neither an 'A', nor an 'AAAA', nor an 'MX' record in DNS
regards,
eurass