Craig Schmitt wrote: > DoPenaltyExtremeSMTP blocks early, based on the IP's score from previous > SMTP sessions. > > DoPenaltyExtreme blocks later (after the header is done), based on the IP's > score from previous and the current SMTP session. > > So, yes, both are useful as an IP might slip by DoPenaltyExtremeSMTP because > it's score from previous sessions doesn't exceed PenaltyExtreme, but get > caught later by DoPenaltyExtreme after the IP's score has been increased by > failed header checks. >
Good, thank you. That explains the difference very well. Could some of that information be added to the GUI some how? Right now, it's very hard to tell what the difference is between the two settings. Also, why would you want to have DoPenaltyExtremeSMTP enabled (block) and not have DoPenaltyExtreme enabled (block)? Which would be bring back to the question of what's the point of have both settings. Why not have the following instead? DoPenaltyExtreme block (early only) block (early and after headers) monitor ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
