Stan Hoeppner:
> AFAIK I don't use Berkeley DB tables, only hash (small,few) and cidr
> (very large, a handful).
hash (and btree) == Berkeley DB.
If you have big CIDR tables, you can save lots of memory by using
proxy:cidr: instead of cidr: (and running "postfix reload").
Effectively, this turns all that private memory into something that
can be shared via the proxy: protocol.
The current CIDR implementation is optimized to make it easy to
verify for correctness, and is optimized for speed when used with
limited lists of netblocks (mynetworks, unassigned address blocks,
reserved address blocks, etc.).
If you want to list large portions of Internet address space such
as entire countries the current implementation starts burning CPU
time (it examines all CIDR patterns in order; with a bit of extra
up-front work during initialization, address lookups could skip
over a lot of patterns, but the implementation would of course be
harder to verify for correctness), and it wastes 24 bytes per CIDR
rule when Postfix is compiled with IPv6 support (this roughly
doubles the amount memory that is used by CIDR tables).
Wietse
