Option to Drop Connection Immediately upon DNSBL or Blacklist IP Lookup Found
The IP Blacklist and DNSBL actions should have the option to drop the SMTP connection immediately after learning that the source IP is black listed. The reason to drop the connection immediately is to reduce the additional processing that is essentially wasted if the policy is to reject the email.
The Blacklist IPs and DNSBL should be examined ASAP after connection to minimize the time to decide to drop a listed connection. Dropping the listed connection ASAP reduces the chance of an SPAM or SMTP attack from overloading the SG.
I have verified with our developers that the tests are occurring after the RCPT command so that any domain exceptions that exist can be applied. We will consider having the tests occur earlier in the session when no domain exceptions exist for future versions of SecurityGateway.