I'm trying to figure out how to handle a case that I have here with Spam Quarantine and invalid-recipient.
Basically, when a mail is sent to an invalid recipient , my ironport boxes drops it (using smtp routes to /dev/null) for non existing aliases.
But when this particular piece of mail contains spam, it get to spam quarantine before being dropped. And now, my spam quarantine is containing 1.5M emails and sending more than 180k mail notificication to most of the time invalid user.
Is there ways besides ldap recipient checking to drop this kind of messages ?
I checked the Trace message option, and it looks like the website sending this DHA have bad reputation. They are in my Throttled policy.
What is the recommended setting for invalid recipient per hour for this kind of policy. Obviously, i'd like to drop the maximum amount of email coming from this IP