On Wed, 29 Mar 2017, Martin MATO wrote: > In the first case, you'll should prefer setting greylisting / tarpitting > at minimum, feeding a firewall table for blacklisting is a neverending > story (plus, there is some real chance blocking real MX relays).
A judicious selection of DNSBLs and enforcement of RFC-compliance etc do the trick for me; I block several hundred attempts each day, with very few false positives and hardly any getting through (and I don't mind wasting SMTP cycles). And was the OP really blocking only a few ports and allowing the rest? If so, that's backwards to good practice. -- Dave Horsfall DTM (VK2KFU) "Those who don't understand security will suffer." _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
