[exim] Ratelimit question

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Russell Heilling
Date:  
À: exim-users
Sujet: [exim] Ratelimit question
Hi all,

I'm trying to configure a non standard rate limit but can't figure out
how to get it working.

Specifically I want to defer any new mail submissions from hosts who are
sending more than a specified rate of bad recipients (i.e. possible
dictionary attack).

This was my first attempt:

acl_smtp_rcpt:
<snip>
  deny
    !verify     = recipient/defer_ok/callout=10s,defer_ok
    ratelimit   = 0/1h/per_rcpt/strict/$sender_host_address-badrcpt
    set acl_c0  = ${sg{$sender_rate}{[.].*}{}}


acl_smtp_predata:
<snip>
  defer
    message     = Too many bad recipients (current rate: $acl_c0 per hour)
    log_message = BAD_RCPT: [$sender_host_address] Too many bad \
                  recipients (current rate: $acl_c0 per hour)
    condition   = ${if >{$acl_c0}{60}}


This goes part of the way, but doesn't quite do what I want; it will
defer subsequent messages with a bad recipient, but any messages with
all good recipients will be allowed through.

Is there any way of checking a ratelimit without incrementing the
message count? Ideally I would need something like the following:

acl_smtp_rcpt:
  deny
    !verify     = recipient/defer_ok/callout=10s,defer_ok
    ratelimit   = 0/1h/per_rcpt/strict/$sender_host_address-badrcpt


acl_smtp_predata:
  defer
    message     = Too many bad recipients (current rate: $sender_rate \
                  per hour)
    log_message = BAD_RCPT: [$sender_host_address] Too many bad \
                  recipients (current rate: $sender_rate per hour)
    ratelimit   = 60/1h/per_rcpt/strict/noop/$sender_host_address-badrcpt


This is not valid config though. Is there any other way of doing this
currently that I'm not seeing?

Thanks in advance for your help,

Russell

--
Russell Heilling
IP Network Engineer
Tel: +44 (0) 1784 494200
DDI: +44 (0) 1784 713918
Fax: +44 (0) 1784 494201
http://www.viatel.com/