Hi, Dňa 11. decembra 2023 16:52:43 UTC používateľ Tom Bartel via mailop <mailop@mailop.org> napísal:
>Starting March 1, 2024 we will allow up to 10,000 requests per user over a >30-day time period. After 10,000 requests, users must create a MyValidity >account to continue using this free service. You asked for feedback, here is my opinion about that limit with some real numbers. I have personal MTA, with <100 (usually not more than 50) incoming mails daily, thus 10 000 checks per 30 days seems OK. In last 30 days i see ~1 600 accepted mails (not IPs) and ~2 100 rejected mails/IPs and it is relative peaceful 30 days, I will skip MSA's login attempts counts here, where DBL can be usefull too, but for usual 30 days that limit will be enough too. But from time to time, i am target of extortion (or so) wave, it is about 3 000 unique IPs in 1-2 days. I am able to indentify allmost all of them at first attempt and fill IPs to firewall, thus only small percentage of them gets chance to repeat (connect multiple times), usually no more than 3 times per IP. Thus i will guess about 4 000 DBL requests per one that wave. That will result with only 2 (extortion) waves + usual connections per 30 days, and then my server becomes unprotected by this DBL... IMO if you really want to help with security of small (anonymous) MTAs, that limit should be applied only to NXDOMAIN (not listed)/good reputation responses, as no one attack's target is able to limit attack volume. regards -- Slavko https://www.slavino.sk/ _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
