MTA-level IP blocking rejects messages originating from IP addresses contained in SophosLabs block lists and custom block lists. Enabling this option is recommended; it improves performance by blocking spam before it reaches more complex tests in the policy.
The IP Blocker performs both DNS and, optionally, reverse DNS (RDNS) checks. These additional checks, which make use of the Sophos Sender Genotype, are referred to as proactive protection control because they allow PureMessage to reject connections from servers with dynamic IP addresses.
If RDNS checking is enabled, PureMessage can block connections attempted by servers with dynamically assigned IP addresses. Many servers of this type are members of "botnets," which are collections of zombie computers that can be used to deliver spam. With proactive connection control, even new or unknown IP addresses that have not previously sent spam can be blocked.
For an explanation of SophosLabs IP address classifications, see the Sophos website.
RDNS checking can only be enabled from the command line. See the blocklist.conf man page for more information.
Messages are blocked based on the latest data from SophosLabs, and any IP addresses or fully qualified hostnames that have been specified in the IP Blocking Exception List and IP Blocking Exclusion List. For more about these lists, see "About PureMessage Default Lists" in the Manager Reference.
The Local Services: MTA IP Blocking page of the Local Services tab allows you to enable/disable IP blocking.
To set MTA IP blocking: