Autor: Patrick von der Hagen Data: A: Jeremy Harris CC: exim users Assumpte: Re: [exim] Milter interface for Exim
Jeremy Harris schrieb: > Patrick von der Hagen wrote:
>> Yes, there are several things I'd like to try out, but wouldn't know how
>> to easily implement them using Exim-ACL. For example, I'd like to have
>> some rate-limiting, which should keep an average of mails/timeunit sent
>> by some IP, which should send alerts to the abuse-team whenever a known
>> IP of our internal networks shows a significant derivation.
>
> Um, exim has had rate-tracking in ACLs for ages. Hmmm, if I'm not mistaken ages=="since February", when exim 4.60 was
released? ;-)
However, the key is "average of mails/timeunit .... significant
derivation". I don't want to have fixed limits but consider keeping
several values for a given IP, like average values, maximum values, etc.
and them do some calculations wheter the current rate "seems to be
strange". Some kind of "self-learning-method", automatically calculating
the limits when to take action.
Perhaps it would pay-off to have different limits for a sender,
depending on time, day of week, etc. One host might send almost all
mails during the day, other hosts might distribute their mail equally
during the day, one might be inactive on weekends, etc.
And of course there can be different ways to calculate an average,
biasing recent values, etc. Might be worth to experiment a littel bit...
It should be rather easy to try several different algorithms using some
perl-milter. Personally I consider it to be difficult to do try such
experiments using exim-acl.
--
CU,
Patrick.