Recently we were faced with a spam attack on one of our MxScan gateway filters. This small gateway server was running in a virtualized environment with Microsoft Virtual Server and 386MB of ram allocated to it. It was setup to serve a few of our internal domains. The daily incoming transaction volume for this server was around 25k messages on a normal day.

However, during one of the "spam waves" this daily volume shot up to more than 100k messages per day. Quite a bit for a small Virtual Server to handle. However, with a little bit of fine tuning I will share with you how you can setup MxScan and MailEnable to deal with a higher amount of daily messages.

In a standard MxScan installation, the assumption is that MxScan will take care of all the AntiSpam needs, however with a high volume deployment the following changes should be made. The changes are as follows :

1. If at all possible catch all should be disabled for as many domains as possible. Having catch all enabled would normally lead to an increase volume of messages mainly because of backscatter (invalid bounces from forged email addresses)

2. Enable SPF in MailEnable and set it to Reject mail which fail SPF and not to check connections from local IP addresses (Note: SPF is not available in MailEnable Standard)

3. Enable the DNS Blacklisting in MailEnable and setup zen.spamhaus.org and bl.spamcop.net as the RDNS Blacklist servers. What this does is to drop the message during the SMTP session before it even gets delivered to MxScan. Valid senders should get a bounced message during the SMTP session, this will not cause outscatter.

4. Because both Zen and Spamcop has been enabled at the MailEnable level you can disable the Zen and Spamcop blacklist severs in MxScan so that a redundant lookup is avoided for better performance.