Hi Kevin,
Thanks for your reply. It is nice to see you again. :-)
>Are you dropping or rejecting messages to invalid recipients(drop uses an LDAP Sync source and reject uses a recipient validation source)?
I am dropping the messages.
>Recipient validation should only reject messages for users that don't exist at abc.com and it sounds like this is what you are seeing, but you have also enabled DHA attack functionality which is basically stating if an IP tries to send so many messages over a certain period of time to users that don't exist in the abc.com domain then start rejecting all messages from this IP for a certain time period. So once the IP is placed in the 'penalty box', regardless of what domain it wants to send messages to messages that from that IP are going to be rejected for whatever time you have configured. That make sense?
Yes, it looks reasonable. So, if I examine message audit log of abc.com, I should find DHA verdict there, shouldn't I? Let me check and I will post here.
>Have you possibly changed the default action to not reject or defer? That could maybe cause what you are seeing...
I will look whether I can do.
Thanks,
Nitass