Hello.
I'm a Debian user battling with Exim 4.72 backported to lenny.
I've read the documentation over and over
(
http://www.exim.org/exim-html-current/doc/html/spec_html/ch40.html
section 36 to 40), googled myself half to death, scoured the mailing
list, and yet ratelimiting remains black box magic.
Currently, I've reached some sort of equilibrium, where one out of
four rules fail to do anything at all, while the others work nicely.
What I'm trying to do, is to apply different rate limits for different
time intervals, and I'm experimenting with low limits before putting
this into production.
The limits are currently, in order:
60 per day
50 per hour
2 per minute
Additionally, I use the logging example from the docs.
Strangely enough, even though I use strict copy-and-paste replacing
ONLY the number and 'd' in "1d" (or 'm' in "1m"), the ratelimit per
hour is NEVER activated. At the time of testing my rate was, according
to the logging rule:
2011-02-17 17:30:44 [32348] Rate: 60.1/1h root@DOMAIN_1
(DOMAIN_1[IP_ADDRESS]) -> jan@DOMAIN_2
Testing is performed by creating fresh SMTP connections for each RCPT
TO command, for simplicity's sake.
When I passed 50/1h but was still below 60/1d, I got the following in SMTP time:
rcpt to:<jan@DOMAIN_2>
250 Accepted
If I provoked more than 2/1m, I got the following:
rcpt to:<jan@DOMAIN_2>
550 Sending rate exceeded, 2.2/1m (max 2/1m)
When I passed 60/1d:
rcpt to:<jan@DOMAIN_2>
550 Sending rate exceeded, 60.2/1d (max 60/1d)
It fails consistently, regardless of the order of the rules, and also
if I cut out either the per minute or daily rate rules, and regardless
of whether I start with a fresh copy-paste of the per minute rule or
daily rate rule as a basis for substituting "50" and "h" respectively.
So, I'm essentially deep in WTF land.
Does anyone have a good explanation why this would fail for the hourly
rate rule, and not for the others?
Here is the relevant part of the configuration:
# ----------
acl_check_rcpt:
warn ratelimit = 0 / 1h / strict
logwrite = :main: \
Rate: $sender_rate/$sender_rate_period \
$message_id \
$sender_address ($sender_host_name[$sender_host_address]) \
-> $local_part@$domain
deny authenticated = *
ratelimit = 60 / 1d / strict / $authenticated_id
message = Sending rate exceeded, $sender_rate/$sender_rate_period \
(max $sender_rate_limit/$sender_rate_period)
logwrite = :main,reject: \
Rate exceeded: $sender_rate/$sender_rate_period \
(max $sender_rate_limit) $message_id \
$sender_address ($sender_host_name[$sender_host_address]) \
-> $local_part@$domain
deny authenticated = *
ratelimit = 50 / 1h / strict / $authenticated_id
message = Sending rate exceeded, $sender_rate/$sender_rate_period \
(max $sender_rate_limit/$sender_rate_period)
logwrite = :main,reject: \
Rate exceeded: $sender_rate/$sender_rate_period \
(max $sender_rate_limit) $message_id \
$sender_address ($sender_host_name[$sender_host_address]) \
-> $local_part@$domain
deny authenticated = *
ratelimit = 2 / 1m / strict / $authenticated_id
message = Sending rate exceeded, $sender_rate/$sender_rate_period \
(max $sender_rate_limit/$sender_rate_period)
logwrite = :main,reject: \
Rate exceeded: $sender_rate/$sender_rate_period \
(max $sender_rate_limit) $message_id \
$sender_address ($sender_host_name[$sender_host_address]) \
-> $local_part@$domain
…
--
Jan
