Milter-greylist

Cyril Guibourg wrote:
> Emmanuel Dreyfus <manu@...> writes:
> 
> 
>>Hum, that's a real problem. 
>>I see several way of fixing the problem
>>1) raise the truncation to a higher value (64? 128?)
>>This impacts the memory usage.
>>2) ensure regex are matched on the address before it is truncated
>>
>>3) Document it as a known problem
>>
>>Opinions?
> 
> 
> What about storing an MD5 hash instead of the address ? 

The MD5 doesn't help if you want to do regex matching, but I'm not sure 
if there are cases were you need to match an address in the database 
against a regex.

I'd raise the limit, and change the database format to use a single 
white space character as separator, so that it remains of a reasonable 
size on disk.

This means that the adress needs to be encoded in quoted-printable or 
such in the case it contains some white-space (or these incorrect 
addresses could be filtered out by rejecting the message entierly).

Anyways, a limit is needed (even if computing a MD5 hash) to protect 
milter-greylist from DoS attack by arbitrary large addresses. But here 
too addresses over the limit can be simply rejected instead of inserted 
in the grey list.

-- 
Matthieu Herrb