@bluehandle - you're doing it wrong. Yes, the filter as you have it will likely exclude all SMTP traffic because it's saying to ignore all traffic from the 10. subnet. The syntax of the IP filters is:
{+|-},{recipient},{sender}
You got the second part right however. You do want to have that +,*,* in there which tells the system to inspect everything else. Your IP filter in this case should be:
-,10.0.0.0/8,*;+,*,*
This says "ignore everything going to the 10. subnet...inspect everything else.
@stephane - it sounds like you misinterpreted what you read in the help (not that the help is always exceedingly clear). What I think you read was that in order to ignore the message (when using a recipient L7 filter), all recipients must match one of the filtered domains. So, if you do a L7 recipient filter like this:
-@domainA.com,-@domainB.com
...an email being inspected would have to be going only to recipients at domainA.com or domainB.com. If an email had recipients at domainA.com, domainB.com, AND domainC.com, it would get inspected.
On a L7 Sender filter, the same doesn't really apply, since an email can only have one sender. The same filter written above, used in a L7 Sender filter, would tell the system to igore any email from senders with a domainA.com or domainB.com email address.
Hope that helps.
~Keith