When should I worry about performance tuning?
Dave Horsfall
dave at horsfall.org
Wed Mar 29 23:22:11 UTC 2017
On Wed, 29 Mar 2017, Martin MATO wrote:
> In the first case, you'll should prefer setting greylisting / tarpitting
> at minimum, feeding a firewall table for blacklisting is a neverending
> story (plus, there is some real chance blocking real MX relays).
A judicious selection of DNSBLs and enforcement of RFC-compliance etc do
the trick for me; I block several hundred attempts each day, with very few
false positives and hardly any getting through (and I don't mind wasting
SMTP cycles).
And was the OP really blocking only a few ports and allowing the rest?
If so, that's backwards to good practice.
--
Dave Horsfall DTM (VK2KFU) "Those who don't understand security will suffer."
More information about the freebsd-pf
mailing list