wrote:
> Ian,
>
> in the meanwhile, I was able to implement this on our server and it seems
> to work quite fine. I am using the $authenticated_id as the key. (Our
> server works purely on SMTP AUTH.)
>
> What I wonder:
>
> Once an account sends more emails than he is allowed to withing a given
> timeframe, any further messages will freeze. That works fine. But will the
> account remain freezed up until I take action as the admin, or will it be
> unfreezed automatically.
I think that the example I posted froze the messages in the queue.
I do that to preserve evidence, but you might simply want to defer
or reject the mail. See the auto_thaw configuration option for
details about automatic unfreezing.
> In other words:
>
> I set the limit to 25 mails in one minute.
>
> User spamme@??? is sending 100 mails in one minute and exceeds the
> limit. Messages will be frozen. If he now pauses for 10 minutes and then
> tries to send 20 more mails, will the 20 more mails get through?
Yes, which is why you need to use rate-limiting in conjunction with
other techniques to police your users.
BTW, Tony Finch did some excellent work extending exim's rate
limiting functionality. When I get time, I'm going to drop this
version and switch to his.
Ian
--
Ian Freislich
