Why are you not blocking with blacklists at the border, ie: MTA.
Given its 0 resources for your MTA, with anti spam checking on SA often
using significant resources (depending on traffic/number of tests/rules
etc), its best to stop it getting to SA in the first place.
SA also has this by-defa
I need to refresh my brain on using blacklists with SA, before looking
more deeply into why this got through.
Today a email slipped through with a very low score that was clearly
phishy. A url in question, posing as another, hits no less that 6
blacklists. I was going to look at clamav that
