Thank you to everybody that replied to my request. I knew I was not clear in my message... :-)) sorry about it.
I have 2 paid RBL (so I don't care about number of queries) at the frontier MTA. These RBLs reject a ton of connections and so the number of messages reaching SA is already reduced. Unfortunately, I can't greylist at the moment... well, actually I answer with a 4xx code with one of the paid RBL... it's not *me* that greylists but an external, official, specialized source. I know, borderline. Back to my request, I see two possibilities. A. In the logs of the frontier MTA I have the connection IPs of the messages that went through. A simple script can extract the IPs, |sort|uniq and then dig/nslookup and note if they are now listed. Unfortunately I don't know if the message was reported spam or quarantined later but it may be detected spam not for RBL B. On the backend, zimbra logs all the messages stored in the mailboxes. A bit more complex script can dump the not spam and not quarantined messages received in a time range in a specific dir and submit each one to SA, the production one or one dedicated to this job. In this way I will also check the URL RBLs. Using a different SA server allows us to use SA 4.0, or a different set of plugins and rules, or for example enabling only RBLs checks, adding the paid ones. Still don't know if all this is worth the effort. > >