On 2006-11-29, at 0936, Nikola Vladov wrote:
I don't have acces to a big server running qmail.
Can someone post here how many grey entries exist
in one such queue. If they are less than 256*100
there is no need of greyd. The format of my
/var/qmail/grey dir is (assme IP=a.b.c.d):
(A) /var/qmail/grey/a/b.c.dFops@xpample.comTany@host.edu
(B) /var/qmail/grey/a/b.c.d
Format (A) is used only if GREYENVELOPE variable is present.
mine has about 70,000 entries. however, this is probably not an
accurate comparison, for two reasons: (1) my server and your server
are probably not processing the same volume of mail, and (2) my
entries represent class-C blocks rather than individual IP addresses.
my volume looks like this (per-day average of the totals for the last
six complete days, 2006-11-(23-28).)
total connections: 23,977 100.0%
reject delete.net RBL: 5,973 24.9%
reject other RBL: 7,847 32.7%
reject no reverse DNS: 4,922 20.5%
greylist first time: 3,589 15.0%
greylist retry too soon: 894 3.7%
accepted: 752 3.1%
and i track greylist entities by their class-C, which means that if
(for example) 1.2.3.4 connects for the first time, after a few
minutes all of 1.2.3.x would be allowed to connect as well. this
saves a little bit of time when dealing with entities like gmail or
aol, which have multiple outbound mail servers in the same class-C
block, and it saves a LOT of space on the disk, even if the entries
are just empty files and all you're really using are inodes.
the other major difference has nothing to do with the number of
entries, but if you have more than a couple thousand, it can have a
major impact on performance.
my greylisting program (which sits before qmail-smtpd on the SMTP
service command line, just like how rblsmtpd works) would store the
IP address "1.2.3.4" as "greydir/1/2/3". i split the entries into sub-
directories based on the IP octet boundaries because the process of
finding a given file within a directory is (for most filesystems) a
linear search- and three searches of up to 256 entries each is a lot
faster than one search across 70,000 entries.
if you're writing your own greylisting implementation, i would
recommend you do the same thing, especially if you're going to keep
envelope information as part of the greylisting key.
http://qmail.jms1.net/scripts/jgreylist.shtml is my greylisting
program, if you'd like to look at how i did it and get some ideas.
i plan on re-writing mine in C sometime soon, in order to remove the
overhead of the perl interpreter, but to be honest on my own server i
haven't noticed any appreciable slow-down from it, so it's not the
highest priority item on my list. of course my own server isn't
overly busy, as you can see from the numbers above, so it may be that
i'm just getting away with it for now because of my server's low
volume...
--------------------------------------------------
| John M. Simpson - KG4ZOW - Programmer At Large |
| http://www.jms1.net/ <jms1@jms1.net> |
--------------------------------------------------
| Mac OS X proves that it's easier to make UNIX |
| pretty than it is to make Windows secure. |
--------------------------------------------------
PGP.sig
Description: This is a digitally signed message part
|