[Dshield] Blocking Country Access

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Thu Feb 22 13:24:26 GMT 2007

On Wed, 21 Feb 2007 20:18:37 MST, Andrew Willy said:
> May I ask about your message load?  How many mail users and how
> many messages per day or per some other period of time?

I'm not Tony, but I'll just comment that most performance curves for this
sort of thing is usually not a smooth curve - it may work fine for 70 users,
and require no additional hardware for 700, or 7,000, but it totally falls over
if you try to put 70,000 people on it.  Doing RBL lookups for 4,000 messages
a day is trivial - trying to do RBLs for 4 million msgs/day without getting
totally killed by the additional latency is a major challenge.  And I can't
tell you where the curve bends, because it's highly site dependent (on things
like network topology, the RBLs in use, and even what order you check the RBLs

Actually, this would be *trivial* to do, except we have users that want the
million or so *legitimate* messages we handle a day to be delivered in a timely
fashion as well.  Damned users - always being the monkey wrench in the design. ;)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.sans.org/pipermail/list/attachments/20070222/f7268c67/attachment.bin 

More information about the list mailing list