On Sun, Feb 14, 2010 at 03:41:16PM -0800, Tomas L. Byrnes wrote: > Threatstop users running the default TS blocklists on their firewalls > before the anti-spam systems see, typically, 15% to 25% reduction in > average SMTP traffic, and a reduction of peak SMTP traffic to 1/4 of > what it is without ThreatSTOP.
<chuckle> I'm waaaay past that. I've cut down the number of incoming connections by about 90% via judicious use of the DROP list, country blocks (see ipdeny.com), spammer-allocated blocks, etc. at the firewall. In one installation, I've gone the other way: all SMTP connections are blocked except those originating in North America (less those on the DROP list or in spammer-allocated blocks). The default-permit model for SMTP is on its way out, and it makes progressively less sense to spend ever-increasing resources to sustain it. But judicious study of inbound/outbound mail traffic is very necessary before trying something like this. (Then again: how could any postmaster possibly know how well they're doing unless they measure it? Sadly, very, very few actually do.) ---Rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
