What is everyone using for (ironport) anti-spam suspect and positive thresholds? We started at the default of suspect:50 and positive:90... and are slowly knocking it down.. right now its 48/71. Doesn't really seem to be blocking any more spam though, and not really putting any more into suspect either. The fact you can't see the scores is really annoying... it essentially becomes a guessing game.
Anyone using some considerably more aggresive thresholds?
I agree with you, Matt, it basically becomes a guessing game. We've installed (and are managing) some 40-odd boxes now, and found that a score of 55/85 is optimal - but I'm betting this depends heavily on the type of customers you deal with, the general profile of their mailflow, and the geographical location you're set in.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...