Milter-greylist

Hi, ... I dont know if there is a critical size, it may depend on the momory. Our greylist.db is about 100 MB large and I did not encounter any problems. ... 

Anton Prokhorov <prokhorov@...> wrote:

> What size of /var/milter-greylist/greylist.db is critical?
> I change my config to autowhite 35d and my greylist.db is growing... Now
> it is near 8Mb.

The limits you are likely to hit are maximum file descriptor and maximum
memory. See the output of ulimit for your system settings.
         

> # Log milter-greylist activity to a file
> #stat "/var/milter-greylist/greylist.log" \
> #      "%T{%Y/%m/%d %T} %d [%i] %r -> %f %S (ACL %A) %Xc %Xe %Xm %Xh"
> 
> When I uncomment this string, milter-greylist ignored it.

milter-greylist has enough privilege to create a file there, right?

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

On 18/07/2008, Anton Prokhorov <prokhorov@...> wrote:
> Hi everybody!
>
> What size of /var/milter-greylist/greylist.db is  critical?
> I change my config to autowhite 35d and my  greylist.db is growing... Now it is near 8Mb.

Hi Anton,

If you want to keep the size down, you might wanna decrease the
'timeout' during which greylisted tuples are stored from
milter-greylist default of 5d to 4h or 3h *. This shouldn't cause any
problem, in fact, this is the recommended value from Evan's paper.

* My current understanding, not explicitly supported by
greylist.conf(5), is that with milter-greylist this 'timeout' value
corresponds to the period of time that the greylisting tuples are
stored after the greylist time is already over, e.g. if you have
'greylist 1h' and 'timeout 4h', then the total time the brute force
tuples are stored before being ejected is 5h, not 4 hours as it would
have been with the suggested timeout terminology from the original
whitepaper and some other greylisting implementations.

Cheers,
Constantine.

On Fri, Jul 18, 2008 at 6:09 PM, Constantine A. Murenin
<mureninc@...> wrote:
> * My current understanding, not explicitly supported by
> greylist.conf(5), is that with milter-greylist this 'timeout' value
> corresponds to the period of time that the greylisting tuples are
> stored after the greylist time is already over, e.g. if you have
> 'greylist 1h' and 'timeout 4h', then the total time the brute force
> tuples are stored before being ejected is 5h, not 4 hours as it would
> have been with the suggested timeout terminology from the original
> whitepaper and some other greylisting implementations.

That can't be right but I vaguely remember that the actual cleansing
of the database is done not directly at timeout but following some
other algorithm, probably when there's a number of tuples to remove.
Maybe that's why you think it's the sum of those times or because the
actual database is in memory, the disk copy is just that - a copy
dumped periodically so that file can contain tuples no longer in
memory.

/peter
-- 
Laurence J. Peter  - "Originality is the fine art of remembering what
you hear but forgetting where you heard it."

On 18/07/2008, shuttlebox <shuttlebox@...> wrote:
> On Fri, Jul 18, 2008 at 6:09 PM, Constantine A. Murenin
>  <mureninc@...> wrote:
>  > * My current understanding, not explicitly supported by
>  > greylist.conf(5), is that with milter-greylist this 'timeout' value
>  > corresponds to the period of time that the greylisting tuples are
>  > stored after the greylist time is already over, e.g. if you have
>  > 'greylist 1h' and 'timeout 4h', then the total time the brute force
>  > tuples are stored before being ejected is 5h, not 4 hours as it would
>  > have been with the suggested timeout terminology from the original
>  > whitepaper and some other greylisting implementations.
>
>
> That can't be right but I vaguely remember that the actual cleansing
>  of the database is done not directly at timeout but following some
>  other algorithm, probably when there's a number of tuples to remove.
>  Maybe that's why you think it's the sum of those times or because the
>  actual database is in memory, the disk copy is just that - a copy
>  dumped periodically so that file can contain tuples no longer in
>  memory.

My reasoning is based on the fact that milter-greylist tuple contains
a timestamp when such a greylisted tuple can become an autowhitelisted
tuple, as opposed to a timestamp when such a tuple was first seen.

As you know, global 'greylist' time could be adjusted in local rules
via the 'delay' keyword, thus you'd need to know the exact rule which
has generated a tuple before you could re-create it's creation time
(if you want to apply the 'timeout' time the way it is done in some
other implementations and Evan's whitepaper, which store the
first-seen timestamp).

C.

shuttlebox <shuttlebox@...> wrote:

> That can't be right but I vaguely remember that the actual cleansing
> of the database is done not directly at timeout but following some
> other algorithm, probably when there's a number of tuples to remove.

The obsolete tuples are removed when the database is walked through. It
we look for a given tuple and find it, we will not purge the 
next obsolete tuples.

Obsolete tuples are all removed when a new messages comes in: this is a
new tuple, so we will walk the whole database looking for it, and we
will remove all obsolete tuples.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

On Fri, Jul 18, 2008 at 10:35 PM,  <manu@...> wrote:
> The obsolete tuples are removed when the database is walked through. It
> we look for a given tuple and find it, we will not purge the
> next obsolete tuples.
>
> Obsolete tuples are all removed when a new messages comes in: this is a
> new tuple, so we will walk the whole database looking for it, and we
> will remove all obsolete tuples.

So that's how it's done. But how about his question then?

The actual timeout (as when it's obsolete and can be removed) is from
only the timeout value, right?  Not a combination of values like
greylist+timeout. So in theory you can greylist longer than you keep
the tuples (which wouldn't make sense)? This is how I interpret the
config examples.

/peter
-- 
Bill Cosby  - "Advertising is the most fun you can have with your clothes on."

shuttlebox <shuttlebox@...> wrote:

> The actual timeout (as when it's obsolete and can be removed) is from
> only the timeout value, right?  Not a combination of values like
> greylist+timeout. So in theory you can greylist longer than you keep
> the tuples (which wouldn't make sense)? This is how I interpret the
> config examples.

I have to confess someone will have to go and read the code to answer
that one :-)

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...