Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

Re: [milter-greylist] Re: Limiting resident memory usage

2006-11-03 by Matt Kettler

eclark wrote:
> Matt, bit incorrect here. My point had nothing to do with this:
> 
> 
>> acl greylist domain /[0-9]{1,3}[-.][0-9]{1,3}[-.][0-9]{1,3}[-.]/
>> acl greylist domain /[0-9]{12}/

I disagree, but I'll accept the change of point.

> 
> But this:
> 
>   acl greylist domain /[0-9][0-9]*\-[0-9][0-9]*\-[0-9][0-9]*/
>   acl greylist domain /[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*/
> 
> which I still firmly believe are terrible for performance.

Agreed. Those could be terrible, at least for some inputs.

Also, since theres two of them, instead of one (the first one in my quote
replaces those two), you're at least doing twice as much work, and possibly much
more due to the use of *.

More reason why it's important to think very hard about your regexes, and ask
others for tuning advice.

Of course, there's much worse things to do in a regex, particularly if your
parser is dumb:

http://regexadvice.com/blogs/dneimke/archive/2004/07/28/239.aspx

Perhaps it might be worth adding PCRE support to milter-greylist. At least then
those who link against it would know they were using a reasonably fast regex
library. Compared with the posix library which might not be so well tuned.

Some basic tips which we all should try to use when writing regexes:
- Avoid * and + if you can. Use {x,y} instead whenever possible.
- Try to combine regexes when you can, provided it's not massively increasing
complexity. ie: what I did above by using [-.] to combine the two rules.
- Use [] instead of (|) whenever possible. ie: [ab] instead of (a|b).
- when using (|) try to move as much common text out of the () as possible.
ie: instead of (saturday|sunday) do s(atur|un)day.



 And more
> specifically, the point was about using kuldges to greylist purported dynamic 
> ips over a maintained list of them. How is it a kludge?

Agreed, it is a bit of a kludge. But it's useful for folks who want to greylist
some small chunk of their traffic in a lightweight manner. Just don't go
overboard on the regexes.


> 
> However, the overall thread did illuminate some useful information regardless; 
> the general opinion here is that 100 regexs are almost definitely worse off 
> than a single RBL call, as few as two or three expressions can totally nuke 
> your box if they are poorly written, and that the best option will vary 
> totally, but likely to contain some mix of rbl or sendmail db references tied 
> with expression based acls as neccesary, and to very carefully build 
> expressions to prevent excessive backtracking, the agreed bane of this 
> discussion.

Agreed.

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.