Re: [exim] Exim4 ratelimiting

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Todd Lyons
Date: 2014-11-01 01:07 -000
À: Biju Abraham N.
CC: exim-users, Chris Siebenmann
Sujet: Re: [exim] Exim4 ratelimiting
Personally, for now I would add a log_write to that warn and record
what the value of $sender_rate_limit is (for every email). The values
may not be doing what you think it is doing. Possible you could get
good info from logging the results of that ${eval} command too.

...Todd


On Fri, Oct 31, 2014 at 5:38 PM, Biju Abraham N.
<bijuan@???> wrote:
> Dear Chris, Todd,
>
> Thank you for the help so far.
>
> I don't have any "accept" before my script shown below under
> "acl_check_rcpt:". But I have some code under "acl_check_mail:" section,
> which I give here:
>
> ********** start code **************
> acl_check_mail:
>   .ifdef CHECK_MAIL_HELO_ISSUED
>   deny
>     message = no HELO given before MAIL command
>     condition = ${if def:sender_helo_name {no}{yes}}
>   .endif

>
> accept
>
> acl_check_rcpt:
>
>   warn ratelimit = 3 / 5m / per_rcpt / strict
>      delay     = ${eval: ${sg{$sender_rate}{[.].*}{}} - \
>                    $sender_rate_limit }s

>
>   # Keep authenticated users under control
>   deny authenticated = *
>      ratelimit = 3 / 5m / strict / $authenticated_id

>
>   # Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
>   # testing for an empty sending host field.
>   accept
>     hosts = :
>     control = dkim_disable_verify

>
> ********** end code **************
> Is this where the control goes without entering my added conditions?
>
> Regards,
> Biju.
>
> On Fri, October 31, 2014 10:02 pm, Todd Lyons wrote:
>> On Fri, Oct 31, 2014 at 9:06 AM, Chris Siebenmann <cks@???>
>> wrote:
>>>> I have checked the squirrel mail configuration. It is configured
>>>> to use SMTP for mail delivery. So I have a chance of limiting
>>>> fast-senders there. From the log files, I have seen that esmtp is used
>>>> for local deliveries.
>>
>>>> ********* start code ************
>>>>   warn ratelimit = 3 / 5m / per_rcpt / strict
>>>>      delay     = ${eval: ${sg{$sender_rate}{[.].*}{}} - \
>>>>                    $sender_rate_limit }s

>>>>
>>>>   # Keep authenticated users under control
>>>>   deny authenticated = *
>>>>      ratelimit = 3 / 5m / strict / $authenticated_id
>>>> ********* end code ************

>>>>
>>>> This I have added under the condition "acl_check_rcpt:" in the
>>>> beginning itself. Still, while testing I have seen that these rules
>>>> are not hit. Could you please tell me where to put these rules?
>>>
>>> I'm afraid that I don't know why these rules aren't working and I can't
>>> tell you where they need to go in your configuration file so that they
>>> work. I know that ratelimits work because they work for us, but every
>>> configuration is different and I can't troubleshoot yours.
>>
>> I would bet that just before where you added the above ACL segment,
>> there is an accept that accepts all email from the IPs of your
>> webmail, so that it never gets to this ratelimit check. Show us the
>> full rcpt ACL, then maybe we can make better informed suggestions.
>>
>> ...Todd
>>
>> --
>> The total budget at all receivers for solving senders' problems is $0.
>> If you want them to accept your mail and manage it the way you want,
>> send it the way the spec says to. --John Levine
>>
>
>
>
>




--
The total budget at all receivers for solving senders' problems is $0.
If you want them to accept your mail and manage it the way you want,
send it the way the spec says to. --John Levine