Re: [exim] Guidance on rate limiting

Top Page
Delete this message
Reply to this message
Author: Graham Butler
Date:  
To: 'exim-users@exim.org'
Subject: Re: [exim] Guidance on rate limiting
> But, I don't think you've used the same key twice, so no you don't
> need to use noupdate. The database keys include the time parameters,
> and all the options, I think:
>      10 / 1s / $primary_hostname
>      20 / 10m / strict
>      1000/ 1h / strict
>      100 / 1h / per_rcpt / strict
> That's four different rate limits.

>
> To make this more self documenting, you could make explicit the
> default options that you're using, like this:
>      10 / 1s / leaky / per_mail / $primary_hostname
>      20 / 10m / strict / per_mail / $sender_host_address
>      1000/ 1h / strict /per_mail / $sender_host_address
>      100 / 1h / per_rcpt / strict / $sender_host_address

>
> It might seem redundant while you're putting this together, but I had
> to look these defaults up even though I implemented rate limiting just
> last month.


Ian

Many thanks for the information above, it made the operation of the ratelimit much clearer to me.

The main objective of the code is to stop runaway internal accounts from sending out large amount of emails. This has happened 2 or 3 times in the last 6 months because of compromised MS Exchange accounts and mail loops. The 'remote' section is to limit the machine gun type spam and dictionary attacks. The modified code is below. Please note this code is experimental and is designed for testing the water only.

Any other comments gratefully accepted.

# Local senders rcpt rate limiting 250 per 6 hour (1,000 per day)
        warn    ratelimit       = 250 / 6h / leaky / per_rcpt / $sender_address
                senders         = ! lsearch;/usr/local/exim/tables/ratelimit_whitelist.txt
                hosts           = +relay_from_hosts
                log_message     =  Local senders rcpt rate limit ( $sender_address ) exceeds  \
                                        $sender_rate per $sender_rate_period


# Remote IP rate limiting 10 per min (60 per hour)
        warn    ratelimit       = 10 / 1m / strict / per_mail / $sender_host_address
                senders         = ! lsearch;/usr/local/exim/tables/ratelimit_whitelist.txt
                hosts           = !+relay_from_hosts
                log_message     =  Remote IP message rate limit ( $sender_address_domain ) exceeds  \
                                        $sender_rate per $sender_rate_period


Regards,

Graham Butler
Email:g.butler@???






This transmission is confidential and may be legally privileged. If you receive it in error, please notify us immediately by e-mail and remove it from your system. If the content of this e-mail does not relate to the business of the University of Huddersfield, then we do not endorse it and will accept no liability.