Re: Memcache table ttl vs postscreen _ttl and verify expire/refresh

Mon, 06 Sep 2021 09:06:36 -0700 

On 03/09/2021 19.53, Noel Jones wrote:
Generally, the smallest TTL is what will be used. Memcache will remove entries that have not been accessed for $TTL. Postscreen and address verify will not use records that have not been refreshed for their respective $TTL. So they are similar, but not exactly the same. 
>
> See http://www.postfix.org/memcache_table.5.html and especially the
> notes under the "backup" and "ttl" options.

Hi,
I understand how the documentation explains it, but I didn't see how it could work. Now I realize that I didn't have all the information. I thought the logs from memcached showed me the values stored, e.g. as this log extract shows (IP addresses changed): 

Sep  6 07:10:30 set postscreen:1.1.1.1 0 3600 54
Sep  6 08:27:23 set postscreen:2.2.2.2 0 3600 54
Sep  6 09:08:07 set postscreen:3.3.3.3 0 3600 27
My understanding was that this logged the key and value stored. It looks like this entire log line is only the key, flags, ttl, and bytes stored. In my (wrong) line of thought, there was nothing stored that would allow postfix to know how long an entry existed.
People more familiar with memcached would probably know this is what the log line contained, but it took me some more digging to find out. 

I see now that the value stored for one of the postscreen: keys is:
1631011643;1630926505;1633517245;1633517245;1633517245
I think it's a safe assumption that these are all unix timestamps, and that they make sense to postscreen.
So with that knowledge, the documentation makes a lot more sense to me, and my new settings should then be: 

/etc/postfix/main.cf:

  postscreen_cache_map = memcache:/etc/postfix/postscreen_cache.cf
  postscreen_cache_cleanup_interval = 0

  address_verify_map = memcache:/etc/postfix/verify_cache.cf
  address_verify_cache_cleanup_interval = 0

  address_verify_positive_expire_time = 30d # Down from 31

/etc/postfix/postscreen_cache.cf:

  memcache = inet:1.2.3.4:11211
  ttl = 2592000
  key_format = postscreen:%s

/etc/postfix/verify_cache.cf:

  memcache = inet:1.2.3.4:11211
  ttl = 2592000
  key_format = verify:%s
This would bring all *_ttl and *_expire_time down to 30d or less, and use the maximum memcache ttl of 30d (before they get treated as a unix timestamp). 

Am I on the right track now?

--
Kristian

Reply via email to