Re: max length of pcre rule?
- On Thu, Apr 01, 2010 at 12:04:59AM +0200, mouss wrote:
> Steve a écrit :So what is the "mouss" limit? Checking 1 IP? 10? 100? 1000? 10000?
> > -------- Original-Nachricht --------
> >> Datum: Mon, 29 Mar 2010 16:44:58 +0200
> >> Von: Louis-David Mitterrand <vindex+lists-postfix-users@...>
> >> An: postfix-users@...
> >> Betreff: Re: max length of pcre rule?
> >> On Mon, Mar 29, 2010 at 04:38:17PM +0200, Steve wrote:
> >>> Ohhh boy. Now looking at the regexp I see an error. Every line
> >>> starting with "/[^:]*.+" should be replaced by "/[^:]*:.+". Sorry for
> >>> that.
> >> Hi Steve,
> > Hello Louis-David,
> >> You if/endif suggestion for the prefix is interesting.
> >> For added safety, the individual rules should be anchored with ^ and the
> >> bracketed atom plussed, no?
> >> /^[^:]+:.+
> > I have fixed some issues in your regexp and sorted the rules:
> > if /^Received|^X\-((Origin(ating)?|Client|MDRemote|Sender)\-?IP|(Client|Remote_)Addr|PHP\-Script):/
> > /\b(41\.1(6\d|7[0-5])\.\d+\.\d+)\b/ REJECT aviso.ci junk 2
> > [snip]
> you're not trying to implement an IP BL using string matches in
> header_checks, are you? This is inefficient.
You are underestimating big optimized PCREs. I just tried the one from
original post and got 15000 mails grepped per second. I didn't look if the
expression could be optimized more.
> if you want to do that, write a content_filter/proxy_filter/milter thatYour suggestion has no merit if someone really really wants to directly
> extracts the string, converts it to an IP and checks that in a cidr map.
> of course, this is already implemented in spamassassin... if you're
> avoiding SA because of performances, we're sure you'll get back to
> country after some travel:)
block some IPs by header. There is no need to have big filter overhead if
they aren't used otherwise. Can SA handle 15000 mails/s?
Only thing I'd be little careful is to not hit anything falsely in Received,
since there could be exotic versions strings etc..