Thank you, e1-531g! I'd missed that article.
Bayesian filters apply to content-related abuse, such as spam traffic. But they don't apply to other types of abuse, such as SSH authentication attacks, or DDOS.
I noted that two of those polled by the author (Ullrich, Klein) recommend blocking /64s as the equivalent of blocking a single address. Though Johaness Ullrich admitted, "This may lead to some collateral damage but it is probably the only way to make blacklists effective."
I *am* using that server as an MTA, so it is already using both blocklists and Bayesian filtration.
|