Re: [exim] Exim4 ratelimiting

Top Page
Delete this message
Reply to this message
Author: Biju Abraham N.
Date:  
To: Todd Lyons
CC: exim-users, Biju Abraham N., Chris Siebenmann
Subject: Re: [exim] Exim4 ratelimiting
Dear Chris, Todd,

Thank you for the help so far.

I don't have any "accept" before my script shown below under
"acl_check_rcpt:". But I have some code under "acl_check_mail:" section,
which I give here:

********** start code **************
acl_check_mail:
  .ifdef CHECK_MAIL_HELO_ISSUED
  deny
    message = no HELO given before MAIL command
    condition = ${if def:sender_helo_name {no}{yes}}
  .endif


accept

acl_check_rcpt:

  warn ratelimit = 3 / 5m / per_rcpt / strict
     delay     = ${eval: ${sg{$sender_rate}{[.].*}{}} - \
                   $sender_rate_limit }s


  # Keep authenticated users under control
  deny authenticated = *
     ratelimit = 3 / 5m / strict / $authenticated_id


  # Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
  # testing for an empty sending host field.
  accept
    hosts = :
    control = dkim_disable_verify


********** end code **************
Is this where the control goes without entering my added conditions?

Regards,
Biju.

On Fri, October 31, 2014 10:02 pm, Todd Lyons wrote:
> On Fri, Oct 31, 2014 at 9:06 AM, Chris Siebenmann <cks@???>
> wrote:
>>> I have checked the squirrel mail configuration. It is configured
>>> to use SMTP for mail delivery. So I have a chance of limiting
>>> fast-senders there. From the log files, I have seen that esmtp is used
>>> for local deliveries.
>
>>> ********* start code ************
>>>   warn ratelimit = 3 / 5m / per_rcpt / strict
>>>      delay     = ${eval: ${sg{$sender_rate}{[.].*}{}} - \
>>>                    $sender_rate_limit }s

>>>
>>>   # Keep authenticated users under control
>>>   deny authenticated = *
>>>      ratelimit = 3 / 5m / strict / $authenticated_id
>>> ********* end code ************

>>>
>>> This I have added under the condition "acl_check_rcpt:" in the
>>> beginning itself. Still, while testing I have seen that these rules
>>> are not hit. Could you please tell me where to put these rules?
>>
>> I'm afraid that I don't know why these rules aren't working and I can't
>> tell you where they need to go in your configuration file so that they
>> work. I know that ratelimits work because they work for us, but every
>> configuration is different and I can't troubleshoot yours.
>
> I would bet that just before where you added the above ACL segment,
> there is an accept that accepts all email from the IPs of your
> webmail, so that it never gets to this ratelimit check. Show us the
> full rcpt ACL, then maybe we can make better informed suggestions.
>
> ...Todd
>
> --
> The total budget at all receivers for solving senders' problems is $0.
> If you want them to accept your mail and manage it the way you want,
> send it the way the spec says to. --John Levine
>