Len Conrad: > > To speed up postscreen, is there any advantage in, eg, harvesting > high-volume pregreet or dnsbl IPs into a blacklist that would be > more efficient than pregreet or dnsbl dropping?
High-volume pregreet - yes, as long as you use a fast database.
High-volume DNSBL - maybe. The DNS server already does caching.
Future postscreen options could be to move "bad" clients to a
temporary blacklist that is queried by postscreen itself or
perhaps by a kernel-based packet filter.
Wietse
