On Tue, Sep 17, 2002 at 08:35:03PM +0200, brad.knowles@skynet.be said: [snip]
Much more complex to implement and manage; doesn't scale well. The fewer decisions the anti-spam system has to make, the better it will work. If it only has to decide whether or not a specific IP/port combination has exceeded a certain threshold, it will run much more smoothly than if it's examining the contents of each packet.
Indeed, that will be a lot more scalable. But if you still have to look into each packet to see which ones are link encrypted (and therefore should be left alone) and which ones aren't (and therefore should be transparent proxied and/or traffic-shaped), that is quite a bit more work.
The question is how much abuse is too much? Is it okay to allow all open port 25 connections (traffic-shaped to low average bit-rates), or is any abuse too much?
Even the best solution will only approach 100% effectiveness as a limit. As in many things, it's a tradeoff - how much hassle are you willing to undergo for a steadily-diminishing return, 80/20 rule, etc. Personally, I'd be happy for 80% of the operators out there to implement the easiest 80% of things required to stop spam. If people would just take even the most basic of steps required to block spam, the picture would improve drastically for all of us. -- -= Scott Francis || darkuncle (at) darkuncle (dot) net =- GPG key CB33CCA7 has been revoked; I am now 5537F527 illum oportet crescere me autem minui