Re: [exim] Sender callout verification on BATV signed addres…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: David Saez Padros
Date:  
À: W B Hacker
CC: exim users
Sujet: Re: [exim] Sender callout verification on BATV signed addresses
Hi

>>> To much load on local resources. Computer OR your own..
>> mmm ... we user mysql+cbd and have about 2 millions ip addresses blocked
>> without having load problems, the advantatge of having your own
>> blacklist (no matter how you blacklist ip's) is that using exim+cbd to
>> reject at connect is very fast, takes very little resources and saves
>> you a lot of resources doing other acl checks. With this system our
>> record waas to reject 1,5 million connexions per day without taking our
>> server down
>
> Can you tell how many of those had already passed an rDNS check? (cached, ISTR)


most of them get blacklisted whitout even pass a rdns check, but many of
them if not almost all of them has proper rdns records

> And if not so checked, have you any metrics as to what the local lookup workload
> vs the remote rDNS workload might have been?


no, but i'm quite sure that a cdb local lookup is cleary faster than a
network lookup to a remote dns server (which in turn has to lookup
it's data locally) ... in both cases lookups are locally cached so in
the best scenario should equally faster and in worse case local lookups
are faster. The only annyoying thing is having to rebuild the cdb
database each 5 minutes but it's also quite fast.

The advantage of local lookups is that i control what gets blacklisted
and that also it has better response time, for example, now i noticed a
great increase in trying to use local addresses in MAIL FROM without
authentication, then i takes me some minutes to add some acl's to catch
this and auto-blacklist those hosts

--
Best regards ...

----------------------------------------------------------------
    David Saez Padros                http://www.ols.es
    On-Line Services 2000 S.L.       telf    +34 902 50 29 75
----------------------------------------------------------------