Address verification questions

Hello,

Questions about address verification:

I don't quite understand the difference between
address_verify_negative_expire_time and
address_verify_negative_refresh_time.  If an address needs to be
refreshed anyway, does it make any difference whether or not it was
"expired"?  What use is the expire time?

When using this feature for recipient verification, how do you best
avoid landing new account addresses into the negative cache if a new
account gets incoming email at any point before the account shows up
in the destination's list of valid addresses?  Just live with a 3 hour
delay?  Turn the negative cache refresh time down to a ridiculously
(uselessly) small time?

If address_verify_map is set to an empty value, the cache is in memory
only, and all is lost upon postfix reload, system reboot or even
pulling the power?

If the cache is kept in memory, how much space should be accounted
for?  How large do these databases get to be?

Is there any interesting or useful difference between keeping the
cache in memory versus specifying a file on a RAMDISK (tmpfs)?

Thank you

On 7/19/2012 3:05 AM, Ori Bani wrote:
> Hello,
>
> Questions about address verification:
>
> I don't quite understand the difference between
> address_verify_negative_expire_time and
> address_verify_negative_refresh_time.  If an address needs to be
> refreshed anyway, does it make any difference whether or not it was
> "expired"?  What use is the expire time?

When an entry age is greater than refresh but less than expired,
postfix will immediately respond with the cached answer, and then in
the background attempt to verify the address.  This way the client
doesn't have to wait for the verification refresh to actually take
place.

>
> When using this feature for recipient verification, how do you best
> avoid landing new account addresses into the negative cache if a new
> account gets incoming email at any point before the account shows up
> in the destination's list of valid addresses?  Just live with a 3 hour
> delay?  Turn the negative cache refresh time down to a ridiculously
> (uselessly) small time?

We add new accounts seldom enough that we put up with the slight
delay.  Other sites may address this issue differently.

You also will experience the opposite problem, when a cached account
is terminated, causing postfix to think it's still valid.

>
> If address_verify_map is set to an empty value, the cache is in memory
> only, and all is lost upon postfix reload, system reboot or even
> pulling the power?

A memory-only cache will be lost when postfix is reloaded or on reboot.

>
> If the cache is kept in memory, how much space should be accounted
> for?  How large do these databases get to be?

Plan on about 200 bytes per entry, plus a few KB overhead.  If
keeping the cache in memory, probably best to turn off negative
caching, or set address_verify_negative_expire time quite low.
I can't imagine any reason to keep the cache in memory and not on disk.

>
> Is there any interesting or useful difference between keeping the
> cache in memory versus specifying a file on a RAMDISK (tmpfs)?

Performance of a disk-based address cache is not a bottleneck; use a
btree file on disk.  If you want to get fancy, you can use a
memcache map with a btree backend.

>
> Thank you
>



  -- Noel Jones

Thank you kindly for your easy to understand explanations.