Milter-greylist

Matthieu Herrb <matthieu.herrb@...> writes:

> The MD5 doesn't help if you want to do regex matching, but I'm not
> sure if there are cases were you need to match an address in the
> database against a regex.

I thought about MD5 when storing adresses that do not match the 
regex. Once the test is done, storing the hash instead of the full adress
itself would save memory.

> I'd raise the limit, and change the database format to use a single
> white space character as separator, so that it remains of a reasonable
> size on disk.

Why not.

> This means that the adress needs to be encoded in quoted-printable or
> such in the case it contains some white-space (or these incorrect
> addresses could be filtered out by rejecting the message entierly).

This put a limit on mail address length driven by conservative
memory usage concerns.

> Anyways, a limit is needed (even if computing a MD5 hash) to protect
> milter-greylist from DoS attack by arbitrary large addresses. But here
> too addresses over the limit can be simply rejected instead of
> inserted in the grey list.

Agree with that. Btw, with MD5 you know that whatever the adress length
is, the room needed to store the hash is 33 bytes. Even if evil people
try to DoS milter-greylist with very long address they will not hurt
much more then with small length ones.