Re: [exim] Trying to ratelimit senders..

Top Page
Delete this message
Reply to this message
Author: Dave Evans
Date:  
To: exim-users
Subject: Re: [exim] Trying to ratelimit senders..
On Fri, Apr 16, 2010 at 09:04:08AM -0400, B. Cook wrote:
> This machine only does smtp auth for relaying purposes..
>
> Does the ratelimit portion (or the entire acl if anyone cares to
> comment..) does this logic/syntax make sense?
>
> I am trying to say that "we will only smtp auth/relay 100 messages a day
> for your ID; after 100 we deny you relaying capabilities."
>
> acl_check_rcpt:
>
> <snip>
>
> deny
>    authenticated = *
>    #ratelimit = 5 / 1d / per_rcpt / strict / ${if 
> !eq{$authenticated_id}{} {$authenticated_id}{$sender_host_address}}
>    ratelimit = 100 / 1d / strict / $sender_address
>    #delay = 30s
>    log_message = Sender $sender_address rate $sender_rate 
> $sender_rate_period exceeded limit

>
> deny
>    authenticated = *
>    #ratelimit = 5 / 1d / per_rcpt / strict / ${if 
> !eq{$authenticated_id}{} {$authenticated_id}{$sender_host_address}}
>    ratelimit = 100 / 1d / strict / $authenticated_id
>    #delay = 30s
>    log_message = Sender $sender_address rate $sender_rate 
> $sender_rate_period exceeded limit


You've got the same ACL stanza twice, but that could be a copy+paste error.
I'm not certain, but I /think/ that (if it's not a copy+paste error) that will
cause the limit to be "used up" twice as fast as you intended.

The limit you've implemented is 100 /recipients/ per day, not 100 messages.
That may or may not matter to you.

Not sure if you want the "strict" there - check the docs.

You may want to consider using "defer" instead of "deny". If it was me I
think I'd be using defer (well in fact warn first, then defer if that seems to
be working).

Other than that, looks reasonable. If the client is in +relay_from_hosts then
they'll never hit this limit, of course; again, hopefully that's what you
intended.


--
Dave Evans
http://djce.org.uk/
http://djce.org.uk/pgpkey