On 2015-10-13, Boudewijn Dijkstra <sp4mtr4p.boudew...@indes.com> wrote: > Op Thu, 08 Oct 2015 11:06:45 +0200 schreef Markus Rosjat <ros...@ghweb.de>: >> Hi there, >> >> I have a spamd running in greylisting mode and maintain my own blacklist >> that I update manually. So far so good yesterday I just did a quite >> radical adding to my blacklist :) and I noticed my outgoing traffic >> jumped from around 500mb per day to 3,2gb per day. I checked the traffic >> with tcpdump and it was no strange traffic going on just my mailports >> and the 25 for the spamd. So my question is, could the radical adding of >> IPs cause this (and yeah its a lot because I added some ranges)? As far >> as I understand it when some IP is on a blacklist it get redirected to >> spamd right away by pf and then I get some traffic going on. If a IP is >> not on the blacklist and not known Greylisting jumps in an sends the >> server away to come back later to decide if it goes through or on the >> blacklist. So by adding a lot of possible spammer on a black list in the >> first place I generate traffic with them. >> >> Could someone confirm this ? > > Adding to a blacklist shouldn't increase traffic.
It's totally possible. Blacklist mode by default returns a temporary failure so a standard MTA would keep trying, whereas with greylisting or no spamd it would stop after the mail is accepted. And in stuttering mode you send one character per packet so there's one TCP header for each character.
