Matthias Leisi wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Matt Kettler wrote:
Comparatively speaking, 6 might be inadequate. I don't know how much of
that scale is really "necessary" for minimal operation, and how much is
just needed for scalability against DDoS attacks.
dnswl.org runs on 10 servers(*). Given that a whitelist has a lower DDoS
risk than a blacklicst (spammers don't gain from DoSing a whitelist), a
lower number seems sufficient for a pure whitelist.
Traffic for the list.dnswl.org zone is well above 100 GByte/month, and
rising. The dnswl.org zone adds circa 15 GByte/month; rsync is only
about 5 GByte/month (all numbers per mirror).
With the inclusion of dnswl.org rules into the the SA default ruleset,
traffic roughly tripled in a short time. However I have no clue how much
of the current traffic can *now* be attributed to these default rules.
[Interestingly, we have a noticeable traffic peak around late afternoons
central european time. I'm not sure why this happens, as I would have
expected a more uniform worldwide / timezone / load distribution.]
Maybe what I need to do is start with my white list which is easier to
maintain and more accurate. See how that goes. Being DDOSed worries me
some and I'm not sure I'm quite up to dealing with it yet. But I would
ask that the SA developers test my lists to see if they are at least
interesting. Also, I provide a lot of data for several other lists and
maybe what I should do is just work behind the scenes and provide my
data to someone else's list.
BTW, if anyone wans my data or a feed of my spam contact me privately
and we'll work something out.
