[exim] ratelimit DB

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MM 
Graeme Fowler at ->
Delete this message
Reply to this message
Author: Marcin Krol
Date:  
To: exim-users
Subject: [exim] ratelimit DB
Hello,

I have acl_smtp_connect defined that drops when too many auth attempts from this IP failed (thanks, Original Poster).

However, after some tweaking and Exim restarts the message SMTP client gets has changed from "Too many failed authentication attempts" to "550 Administrative prohibition" and it doesn't seem to change.

I have stopped Exim, deleted ratelimit* from /var/spool/exim/db and
started Exim. This method has always worked well with deleting callout cache for instance.

Yet, the message doesn't go away, it's still "550 Administrative prohibition" for _any ip address_.

exim -bh 87.204.147.168 -d -v: 

using ACL "domeny_acl_smtp_connect"
processing "drop"
check ratelimit = 5 / 4h / strict / badauth:$sender_host_address
                = 5 / 4h / strict / badauth:87.204.147.168
ratelimit condition limit=5 period=14400 key=4h/per_mail/strict/badauth:87.204.147.168
locking /var/spool/exim/db/ratelimit.lockfile
locked /var/spool/exim/db/ratelimit.lockfile
EXIM_DBOPEN(/var/spool/exim/db/ratelimit)
returned from EXIM_DBOPEN
opened hints database /var/spool/exim/db/ratelimit: flags=O_RDWR
dbfn_read: key=4h/per_mail/strict/badauth:87.204.147.168
ratelimit initializing new key's data
dbfn_write: key=4h/per_mail/strict/badauth:87.204.147.168
ratelimit db updated
ratelimit computed rate 0.0
drop: condition test failed
end of ACL "domeny_acl_smtp_connect": implicit DENY

SMTP>> 550 Administrative prohibition
550 Administrative prohibition
LOG: MAIN REJECT
H=[87.204.147.168] rejected connection in "connect" ACL
search_tidyup called
>>>>>>>>>>>>>>>> Exim pid=25321 terminating with rc=0 >>>>>>>>>>>>>>>>

If I comment out acl_smtp_connect, it obviously works again.

But I need ratelimit DB to work correctly with this acl. How can I fix that?






acl_smtp_connect = domeny_acl_smtp_connect
acl_smtp_quit = domeny_acl_smtp_quit
acl_smtp_notquit = domeny_acl_smtp_notquit 

domeny_acl_smtp_connect:
drop
        log_message = RATELIMIT BAD AUTH: $sender_rate / $sender_rate_period
        message = Too many failed authentication attempts / Zbyt wiele nieudanych prob uwierzytelnienia
        ratelimit = 5 / 4h / noupdate / badauth:$sender_host_address
        delay = 5s



domeny_acl_smtp_quit:
  accept
        condition=${if eq{$authentication_failed}{1}}
        ratelimit = 5 / 4h / badauth:$sender_host_address
        log_message = -------------BAD-AUTH: $sender_host_address


domeny_acl_smtp_notquit:
  accept
        condition=${if eq{$authentication_failed}{1}}
        ratelimit = 5 / 4h / badauth:$sender_host_address
        log_message = --------------BAD-AUTH: $sender_host_address






--
Marcin Krol



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Expansion of "bounce_return_body"?Re: [exim] ratelimit DB->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)