On Thu, 30 Mar 2017 08:20:55 +1100 (EST) Dave Horsfall <[email protected]> wrote
> On Wed, 29 Mar 2017, Martin MATO wrote: > > > In the first case, you'll should prefer setting greylisting / tarpitting > > at minimum, feeding a firewall table for blacklisting is a neverending > > story (plus, there is some real chance blocking real MX relays). > > A judicious selection of DNSBLs and enforcement of RFC-compliance etc do > the trick for me; I block several hundred attempts each day, with very few > false positives and hardly any getting through (and I don't mind wasting > SMTP cycles). I'm currently blocking (filtering) several hundred/hr > > And was the OP really blocking only a few ports and allowing the rest? Nope. Blocking all unused ports && filtering on the rest. :-) > If so, that's backwards to good practice. Indeed. I couldn't agree more. --Chris > > -- > Dave Horsfall DTM (VK2KFU) "Those who don't understand security will > suffer." _______________________________________________ > [email protected] mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "[email protected]" _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
