[exim] another 4.68 plus - using rate-limiting to auto-white…

Top Page

Reply to this message
Author: Dave Lugo
To: exim-users
Subject: [exim] another 4.68 plus - using rate-limiting to auto-whitelist

When I mentioned I wanted to add autowhitelisting, Marc Perkel
suggested I look at the ratelimit stuff. So I did, and was very
pleased :) I've been using this on my vanity domains for about a
month now.

NOTE: This does NOT work w/ pre 4.68, as the `noupdate` stuff is needed.)

In the rcpt acl:

For mail _from_ your users to external addresses, add this to the
appropriate place-

    ratelimit     = 0 / 52w / per_cmd / strict / ${lc:$sender_address:$local_part@$domain}

I call the above from a sub-acl that is traversed only on
internal->external mail flow. Adjust for your setup as

For mail _to_ your users, add these bits:

    warn ratelimit  = 0 / 52w / per_cmd / strict / noupdate / ${lc:$local_part@$domain:$sender_address}
        set acl_m7  = $sender_rate

    accept condition = ${if >={${sg{$acl_m7}{[.].*}{}}}{1}}
         add_header  = X-Whitelisted: Auto

The above has the effect of whitelisting external recipients that
your users send mail to. As long as at least one email (to the
external rcpt) is sent per year, they'll remain autowhitelisted for

I would suggest that adding some additional logging, so that autowl
adds can be parsed from the logs, and autoadded to some config files,
is a better solution. Else, a user replying to spam, gives a spammer
a free pass, not to mention the fact that you can't really remove
entries from the ratelimit db. Occasionally, people do want to stop
receiving mail from someone they've mailed ;)

Perm-whitelisting is more properly kept outside of the ratelimit stuff,
but the above example works *great* for short term stuff, as well as
makes it easy to automate building a perm whitelist.

(sorry if all this reads a bit disjointed - a bit hectic this

Dave Lugo   dlugo@???    LC Unit #260   TINLC
Have you hugged your firewall today?   No spam, thanks.
Are you the police?  . . . .  No ma'am, we're sysadmins.