Hi all,
I'm trying to configure a non standard rate limit but can't figure out
how to get it working.
Specifically I want to defer any new mail submissions from hosts who are
sending more than a specified rate of bad recipients (i.e. possible
dictionary attack).
This was my first attempt:
acl_smtp_rcpt:
<snip>
deny
!verify = recipient/defer_ok/callout=10s,defer_ok
ratelimit = 0/1h/per_rcpt/strict/$sender_host_address-badrcpt
set acl_c0 = ${sg{$sender_rate}{[.].*}{}}
acl_smtp_predata:
<snip>
defer
message = Too many bad recipients (current rate: $acl_c0 per hour)
log_message = BAD_RCPT: [$sender_host_address] Too many bad \
recipients (current rate: $acl_c0 per hour)
condition = ${if >{$acl_c0}{60}}
This goes part of the way, but doesn't quite do what I want; it will
defer subsequent messages with a bad recipient, but any messages with
all good recipients will be allowed through.
Is there any way of checking a ratelimit without incrementing the
message count? Ideally I would need something like the following:
acl_smtp_rcpt:
deny
!verify = recipient/defer_ok/callout=10s,defer_ok
ratelimit = 0/1h/per_rcpt/strict/$sender_host_address-badrcpt
acl_smtp_predata:
defer
message = Too many bad recipients (current rate: $sender_rate \
per hour)
log_message = BAD_RCPT: [$sender_host_address] Too many bad \
recipients (current rate: $sender_rate per hour)
ratelimit = 60/1h/per_rcpt/strict/noop/$sender_host_address-badrcpt
This is not valid config though. Is there any other way of doing this
currently that I'm not seeing?
Thanks in advance for your help,
Russell
--
Russell Heilling
IP Network Engineer
Tel: +44 (0) 1784 494200
DDI: +44 (0) 1784 713918
Fax: +44 (0) 1784 494201
http://www.viatel.com/
