ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your company hosts its email system in AWS using an EC2-based Postfix gateway that relays messages to Amazon WorkMail. A recent surge of unsolicited bulk email is saturating the antivirus and content-filtering containers that run after the gateway, driving CPU utilization to 90 %. What change to the Postfix configuration will most effectively reduce the spam load before it reaches the resource-intensive scanners, while preserving delivery of legitimate mail?
Implement greylisting so the gateway temporarily defers every message from unknown senders
Deploy spam-filtering plug-ins to all user email clients instead of filtering on the gateway
Restrict inbound SMTP to the company's partner IP ranges and drop all other connections
Enable DNS-based blockhole list (DNSBL) lookups at the Postfix SMTP connection stage to reject listed senders
Connection-level checks that query DNS-based blocklists (DNSBLs) occur during the SMTP handshake. When a sending host's IP is listed, Postfix can reject the message immediately, so no additional processing (spam scoring, antivirus, or content inspection) is performed. This dramatically lowers the volume of spam that traverses to the downstream containers and conserves CPU. Greylisting alone merely delays but still accepts spam, client-side add-ins act too late, and blocking all but partner IP space would stop legitimate external mail from new correspondents-neither meets the business requirement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a DNS-based blockhole list (DNSBL)?
Open an interactive chat with Bash
Why is enabling DNSBL lookups more effective than greylisting for spam reduction?
Open an interactive chat with Bash
How does Postfix configure DNSBL lookups?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Systems and Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .