Re: [exim] Notification of ratelimits being exceeded?

On 27/09/11 06:00, Caines, Max wrote:
> We're running rate-limiting based on sender address, which has been
> very effective in reducing the consequences of compromised accounts.
> Until now, I've been relying on some code on a server that's
> archiving Exim logs to recognise the blocking message, and email us
> once per sender, but it's not very reliable. Really I'd like to get
> Exim to send a notification when someone crosses the threshold for
> the first time in, say, a 24-hour period, but I can't see a way to do
> it. The rate-limiting's via an ACL, and I don't have Perl embedded,
> and don't really have the memory to do so. Anyone got any ideas?

Use a "continue" verb? (action? wtb term to use here) on your existing
ACL block to both check for the existence of a flag file on the system
specific to that user, and if it's not present, ${run} something that
creates the file and sends an email. (pid & file lock on the program
that runs to prevent it running more than once)

Use a cron script to check the state directory every N and expire any
files that are more then N hours/minutes/seconds old. Basically, however
long you want between being notified.

Use more than one ratelimit to have greater notification granularity.