Bowie Bailey wrote: > What I do is have my MTA reject connections based on Zen. This way, SA > doesn't even have to look at those messages. Much simpler and cleaner.
It may still be reasonable to do the lookups for the SBL sublist - this one is OK to use for deep header scans, since they're (almost all) IP addresses or ranges owned or stolen by hard-core spammers. How reasonable is up to your local policy. And it's also useful for those users who insist on hosting their domain mail somewhere else, and forward mail to their account on your mail system. Your MTA lookup won't block spam on that path via Spamhaus lookup - but it's quite reasonable to bump the score to make sure any hits get tagged. -kgd
