Spam escapes RBL 1

[SnoopFrogg]

I researched spam that a user received and found that the originating IP for the spam is listed in an RBL that I use in Connection Filtering. Is it normal for spam emails to escape the RBL lookup?

My server isn't operating at full capacity (processor sits under 10% and there's more than 1GB of physical memory available). I am using 11 RBLs. Also, if the RBL that the IP is listed in (xbl.spamhaus.org) is overburdened, could this be a reason for the spam getting through?

Many thanks in advanced.

[purple]
SnoopFrogg
MCSA+Security - Windows Server 2003
[/purple]

 

[xmsre]

It c ould be an issue with contacting the RBL provider or the response time from the RBL provider. You can set an explicit deny at the connection filter, and this will override what the RBL provider does or does not return. You can also set an explicit accept at this level to allow domains to send to you that have recently corrected the issue that caused them to be placed on the RBL, but have not yet been removed from the RBL. Connection filer rules override the RBL result.

http://support.microsoft.com/kb/823866/en-us