Milter-greylist

Dennis Willson wrote:
> You just need to be careful here. SPF is expensive (lots of overhead) so 
> you should do as few SPF lookups as possible.
> A single SPF record could cause as many as 10 DNS lookups, so if you 
> verify SPF more than once you're multiplying the DNS overhead (Yes I 
> know that the second, third, etc.. lookups would be cached in your local 
> caching DNS server, but it still has to make the mail server wait for 
> the additional lookups even if their are a bit faster after the first 
> one). So as few modules as possible should be doing SPF lookups.

I agree whole heartedly.. but, milter-greylist already has SPF support, so we
already have the option of paying this penalty. To top it off, milter-greylist
is using SPF unwisely. My general goal would be "if you're going to do SPF, do
it well, and do it for the right reason"

As for multiple queries:  In theory, if the whole acl generalization was
implemented correctly, the SPF result should be cached in milter-greylist
itself, so that multiple ACL objects can check against it without causing more
than one SPF check..

The only thing you'd have to worry about then is if you had another tool further
down the mail chain that did SPF as well.

However, none of this is any worse than the existing situation if you use m-g's
SPF support. In many ways it's better, because you can use the SPF data to do
something useful (use SPF-fail perform more severe greylisting, or
blacklisting), instead of doing something pointless (using SPF pass to whitelist).