On Fri, Apr 16, 2010 at 09:04:08AM -0400, B. Cook wrote:
> This machine only does smtp auth for relaying purposes..
>
> Does the ratelimit portion (or the entire acl if anyone cares to
> comment..) does this logic/syntax make sense?
>
> I am trying to say that "we will only smtp auth/relay 100 messages a day
> for your ID; after 100 we deny you relaying capabilities."
>
> acl_check_rcpt:
>
> <snip>
>
> deny
> authenticated = *
> #ratelimit = 5 / 1d / per_rcpt / strict / ${if
> !eq{$authenticated_id}{} {$authenticated_id}{$sender_host_address}}
> ratelimit = 100 / 1d / strict / $sender_address
> #delay = 30s
> log_message = Sender $sender_address rate $sender_rate
> $sender_rate_period exceeded limit
>
> deny
> authenticated = *
> #ratelimit = 5 / 1d / per_rcpt / strict / ${if
> !eq{$authenticated_id}{} {$authenticated_id}{$sender_host_address}}
> ratelimit = 100 / 1d / strict / $authenticated_id
> #delay = 30s
> log_message = Sender $sender_address rate $sender_rate
> $sender_rate_period exceeded limit
You've got the same ACL stanza twice, but that could be a copy+paste error.
I'm not certain, but I /think/ that (if it's not a copy+paste error) that will
cause the limit to be "used up" twice as fast as you intended.
The limit you've implemented is 100 /recipients/ per day, not 100 messages.
That may or may not matter to you.
Not sure if you want the "strict" there - check the docs.
You may want to consider using "defer" instead of "deny". If it was me I
think I'd be using defer (well in fact warn first, then defer if that seems to
be working).
Other than that, looks reasonable. If the client is in +relay_from_hosts then
they'll never hit this limit, of course; again, hopefully that's what you
intended.
--
Dave Evans
http://djce.org.uk/
http://djce.org.uk/pgpkey
