Log subject of message on mailstore or MTA?

[number9]

We are having a bit of a problem with accounts being used for spam. We have a
few things in place to read the number of outgoing messages and alert us when a user goes over a certain number of messages in a unit of time, but now we would like to be able to
backtrack on the subject, so we can see if it is legit or not before we take any further action.

I have looked around the forum to no avail, and have looked at the advanced hacking papers (Advanced Hacking Articles - Zimbra :: Wiki) but it does not have any information on this. However, the Postfix FAQ says the following:

Quote:

Is it possible to have Postfix log the subject of a message along with the other information like To and From addresses?

You can get the subject logged by adding an entry to your header_checks file that always matches the Subject: header and uses a result of 'WARN.'

/^subject:/ WARN

Is that the way I should do it (although this may not keep during an upgrade)? Will that get logged (I get a bit confused about the log4j vs the syslog).

Any help on this would be appreciated.

Thanks.

[number9]

I went ahead and did what the postfix faq suggests on my test server. It does not seem to be working. Does anyone have any ideas on this? All I really want to do is log the subject of the message in the maillog on the mta server.

Thanks.