i can think of two good ways to do this:
1) create a new incoming mail policy ('blocklist' for instance)
A) in the creation page, there is a text box to enter new addresses.
B) enter your list delimited by either commas or line breaks, ie:
a@cisco.com
b@cisco.com
c@cisco.com
C) add this list as 'sender' addresses, commit
D) create a new incoming content filter with no match criteria and have a final action to drop or quarantine or something final.
E) enable this content filter on your new incoming mail policy
2) combine the match criteria and drop action into a single filter and stick that in your default mail policy
A) create a new dictionary and enter the same addresses in it as terms, just like you did above
B) create a new incoming content filter with your new dictionary as match criteria for the 'envelope sender' field
C) add an action to drop or quarantine as desired
D) enable this content filter on your existing incoming mail policy
i'd highly recommend reading through the list and seeing if anything is outdated and can be pruned out. this will save processing power. for instance, we can match bogusaddress@sillydomain.cn, bogusaddress@sillydomain.us, bogusaddress@sillydomain.uk, and bogusaddress@sillymisspelleddomain.com, all with a single REGEX rather than looking four separate times. so a bit of manual work upfront may save your box some valuable processing power in the future...
with the IronPort product, it's not really necessary to maintain large static lists like this, because SenderBase and IPAS scoring systems greatly reduce the number of false positives that drive lists like these.
let me know how that works.
andrew
