One word of advice - for the first little while when you are blocking the following set the action to either "encapsulate and forward to postmaster" or "mark subject". I prefer the "encapsulate" options because then you're not relying on your users to report what is and isn't legit spam. From my experience they can't be bothered and just delete it if it isn't legit and don't let you know if it is legit. If at all possible avoid using "send non-delivery report...". In our case its important that any potential clients or casual contacts know that their email has been bounced so we allow NDRs under some of the options.
I also recommend implementing only a few changes at a time. It has taken us 9 months (plus 1 month in the test phase before we went "live") to configure XWall so that it stops over 99% of all spam. It is very time intensive the first couple of months but now its down to no more than an hour a week plus the time I spend checking the logs.
First thing: Import your GAL into XWall and under Options ->spam on the Verify tab check the last box "check that the recipient e-mail address is in the address list". Don't forget that when you add a new mailbox you need to add the address and when you delete mailbox you need to delete the address.
Here is what we have:
1. Under Options ->Blocking
-Block as many level 1 attachments as you can
-Block any attachments related to a virus once the virus reaches a level 3 threat on Symantec's web site
-Block all exploits
-When blocking text also block links to web sites contained within spam emails (i.e.
-Under the header tab block the country extension (ie .br> is Brazil) for countries which shouldn't be sending you email. You'll find the full list here:
-Under the envelope tab we have all except the BCC option checked.
-Look up and block IP ranges for countries from which you receive only spam. Check the box that says "also look up IP addresses in the message header".
-Under email addresses block as many countries as you can (ie .br for Brazil) using the link above as a reference. Also block known domains (ie @gotlaughs.com)
Under Options ->spam
-Have the two free spam lists that are setup automatically in Xwall block the message transfer at the SMTP level
-Activate your Bayes filter (this probably stops 10% - 20% of the spam by itself). We use Gary Robinson's message with a threshold of 70.
-Under Envelope we have all except the BCC checked
Under Options ->system
-Remove the flags from inbound messages
-Make sure you allow relay only from reserverd IP addresses otherwise you will be an open relay.
Under Options ->Global Exclude we have all checked EXCEPT Attachment, Exploit, and Internal from. These we have taking effect even for addresses on the whitelist.
Hope this helps.
Cheers.