When should I worry about performance tuning?
Chris H
bsd-lists at bsdforge.com
Wed Mar 29 23:53:08 UTC 2017
On Thu, 30 Mar 2017 08:20:55 +1100 (EST) Dave Horsfall <dave at horsfall.org>
wrote
> On Wed, 29 Mar 2017, Martin MATO wrote:
>
> > In the first case, you'll should prefer setting greylisting / tarpitting
> > at minimum, feeding a firewall table for blacklisting is a neverending
> > story (plus, there is some real chance blocking real MX relays).
>
> A judicious selection of DNSBLs and enforcement of RFC-compliance etc do
> the trick for me; I block several hundred attempts each day, with very few
> false positives and hardly any getting through (and I don't mind wasting
> SMTP cycles).
I'm currently blocking (filtering) several hundred/hr
>
> And was the OP really blocking only a few ports and allowing the rest?
Nope. Blocking all unused ports && filtering on the rest. :-)
> If so, that's backwards to good practice.
Indeed. I couldn't agree more.
--Chris
>
> --
> Dave Horsfall DTM (VK2KFU) "Those who don't understand security will
> suffer." _______________________________________________
> freebsd-pf at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
More information about the freebsd-pf
mailing list