Matt wrote:
> Looking at this on rate-limiting:
>
> http://www.exim.org/exim-html-current/doc/html/spec_html/ch40.html#SECTratelimiting
>
> I have this in exim.conf
>
> warn ratelimit = 1000 / 12h / per_rcpt / strict
> delay = 10s
> log_message = Sender $sender_address rate $sender_rate /
> $sender_rate_period excedes limit delayed 10 seconds
>
> Works well to stop virus infected PC's in the IP pools I relay for.
> Since all webmail comes from 127.0.0.1 it does not work very well for
> that. I have webmail locked down so as they cannot change there
> source email address. Is there a way with ratelimit I can add a
> second rule for 127.0.0.1 that ratelimits be source email address
> instead of just source IP?
>
Almost certainly. But not knowing WHICH Webmail app - where to look?
- parsing the messages for '127.0.0.1' instead of $sender_address would
obviously hit all-comers, not just the infected.
- parsing the *message* headers for the 'From:' or 'Reply-to:' is far
less reliable, 'specially as we are speaking of vermin that may very
well alter those.
But .. depending on the Webmail app, what MAY work is using the Luser's
Login UID and PWD eg: AUTH creds - of each individual submitter -
instead of the source address.
Can Exim be handed these from the Webmail daemon in a manner still
associated with each submitter and message?
Bill
