On Sun, Jul 16, 2023 at 10:05:20AM +0200, Maurizio Caloro via Postfix-users
wrote:
> postscreen_access_list = permit_mynetworks,
> cidr:/etc/postfix/whitelistCIDR+IP
> cidr:/etc/postfix/access
>
> root postfix 47M Jul 16 08:34 /etc/postfix/access
> root postfix 83M Jul 16 08:35 /etc/postfix/access.db
Actually "cidr:" doesn't use the ".db" file at all, you can just delete
it. However, the performance of large "cidr:" tables is terrible. Each
entry is evaluated until either a match is found or none match.
CIDR is the wrong table type for large IP blacklists. You need to spin
up an RBL via rbldnsd, or use an indexed table (cdb or hash).
If your system can't handle an 83MB file, find a less expensive
anti-spam measure. Perhaps just query zen.spamhaus.org (directly from
your own resolver without forwarding to an open public resolver).
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
