Re: [exim] Rate Limiting?

Startseite
Nachricht löschen
Nachricht beantworten
Autor: torsten
Datum:  
To: Ian FREISLICH
CC: exim-users, torsten
Betreff: Re: [exim] Rate Limiting?
Ian,

I tried to implement your code, but I keep getting a perl exception:

failed to expand ACL string "${perl {rate_limit}{local}
{RATE_LIMIT_RECPIENTS}{RATE_LIMIT_PERIOD}}": Mangled offset in rate-limit
at /usr/exim/rate_limit.pl line 106, <FILE> line 1.

I have no idea what that means. Could you maybe explain a bit how to
implement your rate_limit function? Do I have to prepare anything in
/etc/exim/rates, if yes, what?

Sorry; I am not a Perl geek.

Regards,
Torsten

> wrote:
>> Dear all,
>>
>> is rate limiting a part of Exim in the meanwhile?
>>
>> If not, did anyone implement such a thing and would be willing to share
>> his / her code?
>>
>> I found an old e-mail in the archives (dated 1999) where someone said
>> he'd
>> written some perl script to keep analyzing the Exim mainlog for that.
>
> I wrote an embedded perl function to do rate limiting (I'm not sure
> if a ${run ..} expansion is cheaper or more expensive than ${perl
> ...}, although for multiple reciepts you only have to link in perl
> once). It uses a circular buffer of timestamps to calculate the
> rate. The number of items in the buffer and the elapsed time between
> the current insertion and the tail of the buffer is used to calculate
> the rate. It supports resizing of the buffer.
>
> The arugments are:
> ${perl {rate_limit}{key}{number}{time}}
> key: some value for referencing the buffer.
> number: the length of the buffer.
> time: the threshold.
>
> Return values: "yes" for rate limit exceeded. "no" for any other
> condition.
>
> ${perl {rate_limit}{foo}{100}{30}}
> Will check that key foo against a limit of 100 in 30 seconds.
>
> /etc/exim/rates must exist and be writable by the exim user.
>
> Here's my ACL fragment for pipes to /usr/bin/sendmail:
>
> acl_not_smtp:
>   #Rate limiting
>   warn     log_message  = local rate limit exceeded.
>            condition    = USE_RATE_LIMIT
>            condition    = ${perl {rate_limit}{local} \
>                 {RATE_LIMIT_RECPIENTS}{RATE_LIMIT_PERIOD}}
>            control      = freeze

>
> accept
>
> USE_RATE_LIMIT is a knob to turn the feature on or off. It starts
> freezing messages in the queue if more messages (or recipients
> depending on where you run the sprocedure) than RATE_LIMIT_RECPIENTS
> are recieved in RATE_LIMIT_PERIOD seconds.
>
> It freezes so we have evidence if we want to suspend or terminate
> the account.
>
> Ian
>
> --
> Ian Freislich
>
>
> # Copyright 2005, Hetzner Africa.  All rights reserved.
> #
> # Redistribution and use in source and binary forms, with or without
> # modification, are permitted provided that the following conditions
> # are met:
> # 1. Redistributions of source code must retain the above copyright
> #    notice, this list of conditions and the following disclaimer.
> # 2. Redistributions in binary form must reproduce the above copyright
> #    notice, this list of conditions and the following disclaimer in the
> #    documentation and/or other materials provided with the distribution.
> #
> # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER AND ITS EMPLOYEES
> # ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> # A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
> # HOLDER OR EMPLOYEES BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
> # TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
> # PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
> # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
> # NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
> # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

>
> use strict;
>
> sub rate_limit
> {
>     use Fcntl ':flock';

>
>     my ($key, $length, $delay) = @_;
>     my $now = time();

>
>     if (!open (FILE, "+</etc>         #file does not exist
>         open (FILE, "+>/etc/exim/rates/$key.$$") || return("no");
>         printf FILE "%08d %08d\n", $length, 0;
>         for (my $i = 0; $i < $length; $i++) {
>             printf FILE "%012d\n", $i;
>         }
>         if (!link("/etc/exim/rates/$key.$$", "/etc/exim/rates/$key")) {
>             unlink("/etc/exim/rates/$key.$$");
>             return("no");
>         }
>         unlink("/etc/exim/rates/$key.$$");
>     }
>     flock(FILE,LOCK_EX);
>     seek(FILE, 0, 0);
>     my $line = <FILE>;
>     my $start = tell(FILE);
>     chomp($line);
>     my ($len, $offset) = split(/\s+/, $line);
>     if ($len != $length) {
>         # resize the buffer: it grows gracefully, but needs to be
>         # forcefully shrunk
>         if ($length < $len) {
>             my @data = (<FILE>);
>             seek(FILE, $start, 0);
>             for (my $i = $offset, my $a = $length; $a--; $i++) {
>                 $i = 0 if ($i == $len);
>                 printf FILE "%012d\n", $data[$i];
>             }
>             truncate(FILE, $start + 13 * $length);
>             $offset = 0;
>         }
>     }
>     die "Mangled offset in rate-limit" if ($offset < 0 || $offset >= $len);

>
>     seek(FILE, $start + 13 * $offset, 0);
>     my $last = <FILE>;
>     chomp($last);
>     seek(FILE, $start + 13 * $offset, 0);
>     printf FILE "%012d\n", $now;
>     $offset++;
>     $offset = 0 if ($offset == $length);
>     seek(FILE, 0, 0);
>     printf FILE "%08d %08d\n", $length, $offset;
>     close(FILE);
>     if ($now - $last <= $delay) {
>         return("yes");
>     }
>     else {
>         return("no");
>     }
> }

>