I'm dealing with viral emails that are from different email addresses and networks but are using the same "display name".
I'm looking to see if there's a way to block mail by the senders "display name" not email address
The mail server is running Sendmail under Linux
I know I can setup procmail rules, but for those to work the message needs to be accepted for delivery, however the end goal is to block the message before it's accepted.
ClamAV does detect the messages and when it does they're blocked however when a new version of the infected file is used it takes a couple of days before an updated signature detects it.
Client PC's are protected with AV which is detecting and blocking however stopping them entirely would be nice.