Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

Re: [milter-greylist] Limiting resident memory usage

2006-11-02 by Matt Kettler

eclark wrote:
> No offense, but that is an insane rule. You might want to try either rewriting 
> your rule to be more reasonable, or use one of the varied rbl servers which 
> specifically handle dynamic ips. This is definitely not the right way to go. 
> Even better, just greylist _everything_, and set exclusions as appropriate. 
> The way you are doing this is the complete opposite of how you should be, in 
> my opinion.


Personally, I think this is much more sane than greylisting everything.

And you can still create exclusions as appropriate. I do.

So where's the "insanity" of this when compared to acl greylist default?

As long as you don't consider this to be your "first" rule, and are willing to
add appropriate exclusions you should be no worse off than greylisting by
default. Actually, you should be better off, at least in terms of the number of
exclusions you need to add.

That said, you might be better off with the RBLs, but not all of us can make the
RBL enabled builds work right now. It blows up on my system, for example.


> On Thursday 02 November 2006 10:59 am, Jonathan Perkin wrote:
>> Hi,
>>
>> I'm trialling milter-greylist on the BBC mail infrastructure, which
>> receives around 1 million emails per day.  Recently I added
>>
>>   acl greylist domain /[0-9][0-9]*\-[0-9][0-9]*\-[0-9][0-9]*/
>>   acl greylist domain /[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*/
>>   acl greylist domain /[0-9]{12}/

This could be made a bit more efficiently. *'s can be expensive.

[0-9][0-9]* could be replaced by [0-9]+ or [0-9]{1,} with 100% equivalent behavior.

Might I suggest these two rules to replace the 3 above?

acl greylist domain /[0-9]{1,3}[-.][0-9]{1,3}[-.][0-9]{1,3}[-.]/
acl greylist domain /[0-9]{12}/

It won't likely help your memory problems very much, but it is more efficient.


>>
>> to the config to greylist anything which looks like a dynamic address,
>> and since making that change my monitoring has shown milter-greylist
>> to fail an awful lot more.
>>
>> The milter-greylist processes are sitting at around 600M resident
>> memory, and are causing the system to swap.
>>
>>   1. Can I limit the amount of memory milter-greylist will use to
>>      cache lookups?  Obviously with a large number of connections this
>>      is going to grow, but I cannot add more memory to the MX easily.

I'm not sure if it will help, but 2.1.1 added bucketed in-memory databases.
2.1.4 made some fixes to that, and some improvements to the ACL code.

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.