Re: [exim] Rate-limiting outgoing mail processing per-domain

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Andrew McGill
Date:  
À: exim-users
CC: Graeme Fowler
Sujet: Re: [exim] Rate-limiting outgoing mail processing per-domain
On Tuesday 21 October 2008 10:44:30 Graeme Fowler wrote:
> Wow, what a lot of ratelimit questions we suddenly have :)
>
> On Tue, 2008-10-21 at 09:54 +0200, Andrew McGill wrote:
> > I know that exim can control the incoming rate quite easily, but we would
> > like to rate limit the *outgoing* RCPT TO: rate per authentication source
> > when processing the queue, without limiting the incoming mail rate.
>
> You need something like this in the global settings:
>
> acl_not_smtp = acl_check_notsmtp
>
>
> ...and then something like this:
>
> acl_check_notsmtp:
>
>   # You need a way to identify the sending user
>   # This is NOT the "MAIL FROM" necessarily, nor the From:
>   # If using Horde/IMP you should have a Received line of the form
>   # Received: from host.domain (host.domain [1.2.3.4])
>   #     by your_mail_server (IMP) with HTTP
>   #     for <sending_user@localhost>; Tue, 21 Oct 2008 09:36:46 +0100
>   # From this you can glean the originating user

>
> ...snip other bits of the ACL...
>
>   ## Stick the user in $acl_m0
>   warn set acl_m0  = ${if match{$h_Received:}\
>                                {\N.+<([^>@]+)@localhost>;\N}\
>                                {$1}\
>                                {}\
>                       }

>
>   ## At this point $acl_m0 contains the sending username
>      warn ratelimit   = 200 / 1d / leaky / user-$acl_m0
>           control     = freeze
>           log_message = Frozen by ACL - exceeded ratelimit - \
>                         $sender_rate/$sender_rate_period (User:$acl_m0)

>
> accept
>
>
> [Thanks to Mike Cardwell, also of this parish, for most of that]
>
> Note that snippet isn't counting RCPTs, because in the not_smtp phase
> there are no RCPT TO commands - it's not SMTP, see? It's counting
> messages but it should give you a base to work from.

Thanks Graeme - this does look hopeful - although some of the people we are
trying to not to frustrate turn out to be hardened spammers, who won't be shy
to send 1 mail to 10000 recipients. We'll need a few more measures that
this.

I guess exim can't really do outgoing rate throttling then :(

&:-)