[Mimedefang] md_check_against_smtp_server

Yizhar Hurwitz yizhar at mail.com
Sat Oct 20 17:27:04 EDT 2007


HI.

> From: "David F. Skoll" <dfs at roaringpenguin.com>
> Subject: Re: [Mimedefang] md_check_against_smtp_server {Scanned by
> 	Allteks	Mailsafe}
>   
> I don't think it's a good idea to cache the results of md_check_against_server.
> If someone does a dictionary attack and you cache negative lookups,
> your cache will grow very large.  If you don't cache negative lookups,
> then most of the time you won't have a cache hit.
>
>   
I disagree.

On some of my servers (those that use md_check_against_smtp_server),
I use a simple cache of the positive results only.

Some of the ideas and goals are:

* I assume that most of the time I do have a cache hit for valid recipients,
even so I didn't test that assumption, but anyway we can argue about 
statistics,
but for sure we can agree that some cache hits (for valid recipients) is 
more then no cache at all, right?

* If/When the backend server isn't available to the mail relay (for any 
reason),
the mail relay can accept messages to known valid recipients from the cache,
while tempfailing the other.
This is better then tempfailing all messages or accepting all of them in 
such case.

* Caching the positive responses can reduce the smtp overhead.

* By not caching the negative responses, I don't have a problem to 
maintain a large cache.

* By not caching the negative responses, I don't have a problem when I 
create a new valid recipient on the back-end server,
as it will accept mail immediately.

* Because I cache only positive responses, I can use a very long TTL.
I use 30 days currently.

Here you can find more details and my related and simple code:
[Mimedefang] My semi-cached version of md_check_against_smtp_server:
http://lists.roaringpenguin.com/pipermail/mimedefang/2006-December/031463.html

Please note that my servers are mostly for small businesses and run less 
then 10 slaves,
and less then 200 valid recipients, so I can afford using the above 
simple but not so efficient code.
If you run on a larger scale - some modifications of the cache db 
storage and handling will be necessary.

My 5 cents,
Yizhar Hurwitz
http://yizhar.mvps.org



More information about the MIMEDefang mailing list