Op Tue, 13 Oct 2015 20:55:27 +0200 schreef Stuart Henderson
<s...@spacehopper.org>:
On 2015-10-13, Boudewijn Dijkstra <sp4mtr4p.boudew...@indes.com> wrote:
Op Thu, 08 Oct 2015 11:06:45 +0200 schreef Markus Rosjat <ros...@ghweb.de>:
Hi there,
I have a spamd running in greylisting mode and maintain my own blacklist
that I update manually. So far so good yesterday I just did a quite
radical adding to my blacklist :) and I noticed my outgoing traffic
jumped from around 500mb per day to 3,2gb per day. I checked the traffic
with tcpdump and it was no strange traffic going on just my mailports
and the 25 for the spamd. So my question is, could the radical adding of
IPs cause this (and yeah its a lot because I added some ranges)? As far
as I understand it when some IP is on a blacklist it get redirected to
spamd right away by pf and then I get some traffic going on. If a IP is
not on the blacklist and not known Greylisting jumps in an sends the
server away to come back later to decide if it goes through or on the
blacklist. So by adding a lot of possible spammer on a black list in the
first place I generate traffic with them.
Could someone confirm this ?
Adding to a blacklist shouldn't increasetraffic.
It's totally possible. Blacklist mode by default returns a temporary failure
so a standard MTA would keep trying, whereas with greylisting or no spamd
it would stop after the mail is accepted. And in stuttering mode you send
one character per packet so there's one TCP header for each character.
Retries do indeed increase outgoing traffic, but assuming 'normal' SMTP
conversations, 'normal' outgoing mail bodies and 'normal' spammers, the
increase in outgoing application-layer traffic should barely be noticeable.
If the OP was measuring IP bytes, then yes there might be a significant
increase. By how much, mostly depends on the number and ratio of
incoming/outgoing SMTP conversations, I think.
--
(Remove the obvious prefix to reply privately.)
Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
