Steve,
If at all possible, I recommend blocking based on unknown user BEFORE
doing ANY content filtering of the message. But, if you must, it is also
a good strategy to block based on the sender's IP first. (I'm figuring
that you might need to do that since you are trying to reduce mail to
your iMail server and only your iMail server knows which recipient
addresses are legit and which are dictionary attack spams)
here are the dnsbls I recommend for outright blocking based on the
sender's IP:
zen.spamhaus.org
bl.spamcop.net
psbl.surriel.com
After RBL checking of the sender's IP, try to NOT do ANY content
filtering until AFTER spams sent to non-existent users are blocked. This
probably means that you should probably abandon using EWALL to call
sniffer and only use EWALL to block based on these RBLs... then send all
that is left to your iMail server.
You should then see if you can get iMail to call sniffer (even if
through another app... or another "instance" of eWall)... so that this
could be done AFTER the unknown users are eliminated by iMail.
The idea is that the first run EWall.. ONLY checking against RBLs.. but
not running sniffer or URI lookups or any other content filtering until
AFTER iMail has eliminated spams sent to unknown users. ...THEN see if
you can get iMail to "call" a second instance of eWall (or something
else) to THEN use sniffer and URI lookups.
Rob McEwen
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[email protected]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
