> the moment and don't have any to copy and display. I setup ZEN from > spamhouse to do recipient filtering, maybe that will help. I really > prefer to drop messages for invalid recipients, but with all the > migrations we are doing the LDAP lookups weren't keeping up, and my > filter refuses to look at secondary SMTP addresses...
/me wonders how a DNS BL can possibly do recipient filtering. We've configured our Ironport and its LDAP recipient validation to return a SMTP "tempfail" 4xx code to the sender if the LDAP query times out. Typically, a sending MTA will retry in a "backoff" style algorithm which lowers the incoming load on the gateway infrastructure. This way the recipient validation is ensured and no mail is lost. Hopefully your gateway supports this kind of configuration. Don't forget, LDAP queries can be directed at the GC port also. ~JasonG
