Milter-greylist

And.... I like chocolate miiiiiilk.

On Friday 03 November 2006 12:37 pm, eclark wrote:
> Matt, bit incorrect here. My point had nothing to do with this:
> > acl greylist domain /[0-9]{1,3}[-.][0-9]{1,3}[-.][0-9]{1,3}[-.]/
> > acl greylist domain /[0-9]{12}/
>
> But this:
>
>   acl greylist domain /[0-9][0-9]*\-[0-9][0-9]*\-[0-9][0-9]*/
>   acl greylist domain /[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*/
>
> which I still firmly believe are terrible for performance. And more
> specifically, the point was about using kuldges to greylist purported
> dynamic ips over a maintained list of them. How is it a kludge? There are
> definitely dnamic ip providers out there who do not use
> 1-2-3-4.provider.com or similiar to denote addresses in their space. Many
> do yes, but not all. RBLs were suggested over what was/is potentially a
> wide variety of regexs similiar to the ones originally posted, as the
> original poster pointedly stated that greylisting by default and using
> domain based acls was totally unacceptable.
>
> However, the overall thread did illuminate some useful information
> regardless; the general opinion here is that 100 regexs are almost
> definitely worse off than a single RBL call, as few as two or three
> expressions can totally nuke your box if they are poorly written, and that
> the best option will vary totally, but likely to contain some mix of rbl or
> sendmail db references tied with expression based acls as neccesary, and to
> very carefully build expressions to prevent excessive backtracking, the
> agreed bane of this discussion.
>
>
>
> Yahoo! Groups Links
>
>
>