On Thu, Apr 01, 2010 at 12:04:59AM +0200, mouss wrote: > Steve a écrit : > > -------- Original-Nachricht -------- > >> Datum: Mon, 29 Mar 2010 16:44:58 +0200 > >> Von: Louis-David Mitterrand <vindex+lists-postfix-us...@apartia.org> > >> An: postfix-users@postfix.org > >> Betreff: Re: max length of pcre rule? > > > >> On Mon, Mar 29, 2010 at 04:38:17PM +0200, Steve wrote: > >>> Ohhh boy. Now looking at the regexp I see an error. Every line > >>> starting with "/[^:]*.+" should be replaced by "/[^:]*:.+". Sorry for > >>> that. > >>> > >> Hi Steve, > >> > > Hello Louis-David, > > > > > >> You if/endif suggestion for the prefix is interesting. > >> > >> For added safety, the individual rules should be anchored with ^ and the > >> bracketed atom plussed, no? > >> > >> /^[^:]+:.+ > >> > > I have fixed some issues in your regexp and sorted the rules: > > if > > /^Received|^X\-((Origin(ating)?|Client|MDRemote|Sender)\-?IP|(Client|Remote_)Addr|PHP\-Script):/ > > /\b(41\.1(6\d|7[0-5])\.\d+\.\d+)\b/ > > REJECT aviso.ci junk 2 > > [snip] > > you're not trying to implement an IP BL using string matches in > header_checks, are you? This is inefficient.
So what is the "mouss" limit? Checking 1 IP? 10? 100? 1000? 10000? You are underestimating big optimized PCREs. I just tried the one from original post and got 15000 mails grepped per second. I didn't look if the expression could be optimized more. > if you want to do that, write a content_filter/proxy_filter/milter that > extracts the string, converts it to an IP and checks that in a cidr map. > > of course, this is already implemented in spamassassin... if you're > avoiding SA because of performances, we're sure you'll get back to > country after some travel:) Your suggestion has no merit if someone really really wants to directly block some IPs by header. There is no need to have big filter overhead if they aren't used otherwise. Can SA handle 15000 mails/s? Only thing I'd be little careful is to not hit anything falsely in Received, since there could be exotic versions strings etc..
