Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

Re: [~Disarmed~] Re: [milter-greylist] memory usage

2008-02-08 by Matt Kettler

Eduardo Casarero wrote:
> 
> On Fri, 2008-02-08 at 16:46 +0100, shuttlebox wrote:
>> On Feb 8, 2008 3:43 PM, Eduardo Casarero
>> <eduardo.casarero@ 
>> <mailto:eduardo.casarero%40informaticaavanzada.com.ar>informaticaavanz 
>> <mailto:eduardo.casarero%40informaticaavanzada.com.ar>ada.com.ar 
>> <mailto:eduardo.casarero%40informaticaavanzada.com.ar>> wrote:
>> > i'm asking because i have lot of memory used by greylisting, and before
>> > buying more ram im trying to save as much as i can.
>>
>> How long do you retain the tuples (timeout)? The default is 5 days, I
>> lowered it to one day and the database shrunk accordingly with no ill
>> effects that I could see.
> yes i could do that, but my users are pretty sensible in "delay" issues.

You're confusing the "autowhite" period with the "timeout".

"timeout" applies to tuples that haven't successfully passed the greylist. It 
essentially defines how long MG will continue to wait for a retry from a given host.

"autowhite" applies to tuples that *have* passed the greylist. This affects 
delay in follow-on communications.

As for your original question: lazyaw and/or subnetmatch, should reduce the 
number of tupples in your greylist, thus the size of the greylist database. How 
much of an impact this has depends on your mail flow.

Another factor to check for is dictionary attacks. They've got a strong tendency 
to flood your greylist database if you don't have appropriate countermeasures.

Assuming you've only got one domain (or all your domains have the same users), 
you might want to run this little command:

cut -f3 greylist.db | cut -d \@ -f1 | tr -t '[:upper:]' '[:lower:]' | sort | 
uniq -c | sort -n

Which will run a quick report of how many entries each recipient username has in 
your greylist.db. It's very handy

ie, some entries from my run come back as:
      29 <webmaster
      32 <illustrateonqchy
      83 <farmnaktulf
     362 <mkettler

The middle two are obvious dictionary attacks. A few is OK, but if you've got a 
lot, you might want to start looking at countermeasures.

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.