Re: [exim] Rate limit Outgoing mail based on recipient domai…

Top Page
Delete this message
Reply to this message
Author: exim-users
Date:  
To: exim-users
Subject: Re: [exim] Rate limit Outgoing mail based on recipient domain
On 15/02/12 12:48, Lena@??? wrote:

>> there is at least one report here (
>> http://forums.cpanel.net/f34/outbound-mail-throttling-213861.html#post1076581
>> which says that Lena's solution doesn't work , and that messages are
>> "dumped".
>
> I (as an user) switched from an usual web-hosting with cPanel to VPS
> because my previous web-hosting confessed that they delete all messages in
> Exim queue daily with an explanation that else the machine's load average
> becomes too high (I think because of repeated attemtps to deliver spam from
> compromised or malicious users to non-existent recipients or to
> MX servers which blacklisted the cPanel machine).
> Exim runs on the same machine as Apache, CGI scripts and cPanel daemons.
> Web-hostings try to cram as many users into each machine as they can,
> and tend to not spend efforts to weed out spamming or compromised users.
> Apparently, deleting all messages in Exim queue is
> usual routine for web-hosting admins who use cPanel.
> Perhaps one of many cPanel scripts does that among other things.
> An admin may even not realise that that script does that.


I used to work at a web host. Exim was configured on each webserver to
pass off mail to a smarthost. However, we rate limited how many emails
each user could send. It was a custom solution which recorded and looked
up "messages sent" data in a mysql database. I installed an ident server
to make it possible to rate limit mail that was sent by connecting to
127.0.0.1:25, as well as that sent by running the exim binary. You
exceed the limit, and your email is rejected at SMTP time. The firewall
on each web hosting box prevented outgoing SMTP connections, so the only
SMTP server you could use was the local rate limited one. And in turn,
the only one that could connect to was the smarthost (iptables can match
outgoing connections based on the uid of the process making the connection)

-- 
Mike Cardwell  https://grepular.com/     http://cardwellit.com/
OpenPGP Key    35BC AF1D 3AA2 1F84 3DC3  B0CF 70A5 F512 0018 461F
XMPP OTR Key   8924 B06A 7917 AAF3 DBB1  BF1B 295C 3C78 3EF1 46B4