Date: Thu, 30 Mar 2017 08:20:55 +1100 (EST) From: Dave Horsfall <dave@horsfall.org> To: FreeBSD PF List <freebsd-pf@freebsd.org> Subject: re: When should I worry about performance tuning? Message-ID: <alpine.BSF.2.20.1703300814440.63087@aneurin.horsfall.org> In-Reply-To: <404620925.34894.1490821068262.JavaMail.www@wwinf1g03> References: <ee6734e6caa6591c051c1d4ff66e9937@ultimatedns.net> <404620925.34894.1490821068262.JavaMail.www@wwinf1g03>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 29 Mar 2017, Martin MATO wrote: > In the first case, you'll should prefer setting greylisting / tarpitting > at minimum, feeding a firewall table for blacklisting is a neverending > story (plus, there is some real chance blocking real MX relays). A judicious selection of DNSBLs and enforcement of RFC-compliance etc do the trick for me; I block several hundred attempts each day, with very few false positives and hardly any getting through (and I don't mind wasting SMTP cycles). And was the OP really blocking only a few ports and allowing the rest? If so, that's backwards to good practice. -- Dave Horsfall DTM (VK2KFU) "Those who don't understand security will suffer."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.20.1703300814440.63087>