I've been doing this for a while ...
acl_check_rcpt:
warn
!hosts = : +relay_from_hosts
condition = ${lookup{$local_part@$domain}dbm{CONFDIR/validEmailAddresses.dbm} {no} {yes}
}
ratelimit = 4 / 1h / strict / per_cmd
logwrite = RATE UPDATE: $sender_rate/$sender_rate_period (max $sender_rate_limit)
deny
ratelimit = 4 / 1h / strict / per_cmd / noupdate
!hosts = : +relay_from_hosts
message = local error
log_message = X-Host-Recipient-Verification-Count-Failed: Message Denied due to exceessive failures: $sender_rate/$sender_rate_period (max $sender_rate_limit)
condition = ${if le{$sender_rate}{$sender_rate_limit} {no} {yes} }
Ruairi
On Friday 30 December 2011 19:49:19 Daniel Tryba wrote:
> In order to throttle bad senders I was thinking about using ratelimit to
> count the number of bad attempts per period.
>
> in acl_smtp_rcpt and acl_smtp_data I try to establish the rates:
>
> acl_smtp_rcpt:
>
> warn ratelimit = 0 / 1h / strict / $sender_host_address
> set acl_c10 = $sender_rate
>
> warn ratelimit = 0 / 1h / readonly / rejected:$sender_host_address
> set acl_c11 = $sender_rate
>
> So here acl_c10 contains the total rate for a sender. acl_c11 should contain
> the rejected rate, but this is always 0 at this point in the ACL.
>
> Logging these with
> warn log_message = Sender Rate: junk:$acl_c11 / total:$acl_c10 per
> $sender_rate_period
>
> To increase the rate for key rejected:$sender_host_address. I generate some
> mails that will fail on recipient check:
>
> deny message = Recipient verification failed
> ratelimit = 0 / 1h / strict / rejected:$sender_host_address
> log_message = DENY - Recipient verification failed for $local_part@$domain
> with $acl_verify_message rate: $sender_rate
> !verify = recipient
>
> Log shows that $sender_rate is greater than 0 and increases on each try:
>
> 2011-12-30 19:31:31 H=mail.office.pocos.nl [109.235.34.226] Warning: Sender
> Rate: junk:0.0 / total:1.3 per 1h
> 2011-12-30 19:31:31 H=mail.office.pocos.nl [109.235.34.226]
> F=<daniel@???> rejected RCPT <asdfsadfsdfa@???>: DENY -
> Recipient verification failed for asdfsadfsdfa@??? with response to
> "RCPT TO:<asdfsadfsdfa@???>" from example.org [1.2.3.4] was: 550
> unknown user rate: 1.3
>
> Next try:
> 2011-12-30 19:32:18 H=mail.office.pocos.nl [109.235.34.226] Warning: Sender
> Rate: junk:0.0 / total:2.3 per 1h
> 2011-12-30 19:32:18 H=mail.office.pocos.nl [109.235.34.226]
> F=<daniel@???> ejected RCPT <asdfsadfsdfa@???>: DENY -
> Recipient verification failed for asdfsadfsdfa@??? with response to
> "RCPT TO:<asdfsadfsdfa@???>" from example.org [1.2.3.4] was: 550
> unknown user rate: 2.3
>
> So the readonly ratelimit always returns 0 initially and on updates it is
> suddenly the same as the default key ratelimit. But the default key isn't
> incrementing at twice the rate so something else is being updated.
>
> http://www.exim.org/exim-html-
> current/doc/html/spec_html/ch40.html#SECTratelimiting
> isn't particulary helpful to find what is going wrong in either my logic or
> exims counting. I guess I'm missing something, could someone point out to me
> how and if I can accomplish this?
>
> BTW Exim version 4.72