David Diggles <da...@elven.com.au> writes: >>But why are you synproxying for spamd? > > Why shouldn't I?
The synproxy was added way back as a way to protect back ends that were less intelligent about connection setup and IIRC even had one or more known SYN-related vulnerabilities, so we had a way to only pass valid, completed connections. In relation to spamd, it doesn't add any security, but carries with it the slight overhead of the syn proxying. > These guys do in their example. > https://calomel.org/spamd_config.html I'd ask them the same question. It rarely if ever makes sense to pile on options just because they're available. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.