I can only speculate, as I didn’t have any sort of observability on Citrine (this was before Citrine had its own log screen). Besides the spam, it also felt like a DDoS attempt—Citrine was handling a large number of metadata events, such as kind 0 and 10002. To be fair, I wrote several messages on Nostr about my Citrine + IPv6 experiment, including the fact that, due to some misconfigured test scripts, I had accidentally “self-spammed” my Citrine relay and It was surprisingly resilient, so I may have brought this upon myself.
However, this isn't the only reason I wouldn’t expose Citrine to the Internet as is today. Currently, it’s not using TLS OOB (which is understandable, as it wasn’t really intended to be publicly accessible, but it also means running an external https enabled reverse-proxy if you need encryption, which sorta defeats the purpose of a "portable" relay). I also had difficulty using Citrine’s built-in filters effectively.