Re: [EXIM] sender_host_[accept|reject]_relay and performance…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\Marc Haber at <-
MMMarc Haber at ->
Delete this message
Reply to this message
Author: Nigel Metheringham
Date:  
To: Marc Haber
CC: exim-users
Subject: Re: [EXIM] sender_host_[accept|reject]_relay and performance?

Marc.Haber-lists@??? said:
> In Germany, the latest ORBS action has caused some havoc. Apparently,
> some danish site has done some scanning and reported all open relays
> they found to ORBS. This has included some multi-level relays
> including the major smarthosts of quite a few major ISPs in Germany.

This is a bit of a problem - I have had experience of a correctly
configured mail system being ORBS listed because it allowed relaying
from hosts connected in via our dialup pools. If one of the dialup
hosts is connected and running an old sendmail config or something else
that allows relaying during the probe tests then that host and its
upstream relays get blacklisted. ISPs really cannot control the
configurations of every machine that connects in via them. This sort
of action tends to lead to rather silly action being taken to
counteract it (in our case we built a filter that detected and rejected
the probe messages - which does nothing to deal with the real problem,
and alternative approach would have been to block port 25 into modems).


> Suppose that a major site is running exim and is trying to do host
> acceptance/rejection in a fine granularity. This site will have to
> have big host lists in both sender_host_accept_relay and
> sender_host_reject_relay lists. I assume that it is possible to have
> these lists pulled into exim via a DBM file.

> How would a sender_host_accept_relay list of - say - 10.000 IPs and/or
> hostnames affect performance of an exim system on reasonably sized
> hardware?

If you are using dbm type lookups then the lookup cost is relatively
independent of the size of list. The reverse DNS is more costly, but
you may be doing that already. Unless you have particular DNS problems
then the cost of doing this blocking is close on zero against the other
costs of doing mail. Remember that doing relay accept on modem pools
normally just requires a small number of net blocks to be allowed using
sender_net_accept_relay - which has a cost very close to zero. 

    Nigel.
-- 
[ Nigel Metheringham                  Nigel.Metheringham@??? ]
[ Phone: +44 1423 850000                         Fax +44 1423 858866 ]




--
*** Exim information can be found at http://www.exim.org/ ***


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[EXIM] Exim error'sRe: [EXIM] Exim error's->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)