Milter-greylist

No offense, but that is an insane rule. You might want to try either rewriting 
your rule to be more reasonable, or use one of the varied rbl servers which 
specifically handle dynamic ips. This is definitely not the right way to go. 
Even better, just greylist _everything_, and set exclusions as appropriate. 
The way you are doing this is the complete opposite of how you should be, in 
my opinion.


On Thursday 02 November 2006 10:59 am, Jonathan Perkin wrote:
> Hi,
>
> I'm trialling milter-greylist on the BBC mail infrastructure, which
> receives around 1 million emails per day.  Recently I added
>
>   acl greylist domain /[0-9][0-9]*\-[0-9][0-9]*\-[0-9][0-9]*/
>   acl greylist domain /[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*/
>   acl greylist domain /[0-9]{12}/
>
> to the config to greylist anything which looks like a dynamic address,
> and since making that change my monitoring has shown milter-greylist
> to fail an awful lot more.
>
> The milter-greylist processes are sitting at around 600M resident
> memory, and are causing the system to swap.
>
>   1. Can I limit the amount of memory milter-greylist will use to
>      cache lookups?  Obviously with a large number of connections this
>      is going to grow, but I cannot add more memory to the MX easily.
>
>   2. Why is the increased load causing more failures?  I test the
>      filter with something similar to
>
>        acl greylist from /greylist-test.*@host/
>
>      and generate a random string after "greylist-test" for MAIL FROM
>      so that it won't get cached.  Today the number of failured for
>      this test has been extremely high (previously I saw a number of
>      cases where it wasn't being greylisted, but it appears to get
>      worse with load).
>
> This is sendmail 8.13.7 with security fixes, milter-greylist 2.0.2,
> Solaris 9 and everything compiled with Sun Studio 11.
>
> Thanks,