Hi, We're seeing an increasing number of quarantined mail resulting from compromised desktops being listed in RCVD_IN_SBLXBL. This in turn leads to an increase in the number of calls to the helpdesk with "where's my mail".
This is typically the first Received header in the email, so not something that is being rejected at the SMTP level. Is there some way to reject this mail at the SMTP level before it's accepted, or something spamassassin/amavis can do after it's received to notify the sender, without it becoming a backscatter issue to make my job easier? I'm already using postscreen with zen to block at the SMTP level. Thanks, Alex
