Re: [exim] Exim4 ratelimiting

Top Page
Delete this message
Reply to this message
Author: Biju Abraham N.
Date:  
To: Todd Lyons
CC: exim-users, Biju Abraham N.
Subject: Re: [exim] Exim4 ratelimiting
OK, Thanks Todd. Could you please tell me how to use log_write? Is that a
built-in function? Could you please add a one line on its usage (in my
rule)?

Regards,
Biju.

On Sat, November 1, 2014 6:43 am, Todd Lyons wrote:
> Personally, for now I would add a log_write to that warn and record
> what the value of $sender_rate_limit is (for every email). The values
> may not be doing what you think it is doing. Possible you could get
> good info from logging the results of that ${eval} command too.
>
> ...Todd
>
>
> On Fri, Oct 31, 2014 at 5:38 PM, Biju Abraham N.
> <bijuan@???> wrote:
>> Dear Chris, Todd,
>>
>> Thank you for the help so far.
>>
>> I don't have any "accept" before my script shown below under
>> "acl_check_rcpt:". But I have some code under "acl_check_mail:" section,
>> which I give here:
>>
>> ********** start code **************
>> acl_check_mail:
>>   .ifdef CHECK_MAIL_HELO_ISSUED
>>   deny
>>     message = no HELO given before MAIL command
>>     condition = ${if def:sender_helo_name {no}{yes}}
>>   .endif

>>
>> accept
>>
>> acl_check_rcpt:
>>
>>   warn ratelimit = 3 / 5m / per_rcpt / strict
>>      delay     = ${eval: ${sg{$sender_rate}{[.].*}{}} - \
>>                    $sender_rate_limit }s

>>
>>   # Keep authenticated users under control
>>   deny authenticated = *
>>      ratelimit = 3 / 5m / strict / $authenticated_id

>>
>>   # Accept if the source is local SMTP (i.e. not over TCP/IP). We do
>> this by
>>   # testing for an empty sending host field.
>>   accept
>>     hosts = :
>>     control = dkim_disable_verify

>>
>> ********** end code **************
>> Is this where the control goes without entering my added conditions?
>>
>> Regards,
>> Biju.
>>
>> On Fri, October 31, 2014 10:02 pm, Todd Lyons wrote:
>>> On Fri, Oct 31, 2014 at 9:06 AM, Chris Siebenmann <cks@???>
>>> wrote:
>>>>> I have checked the squirrel mail configuration. It is configured
>>>>> to use SMTP for mail delivery. So I have a chance of limiting
>>>>> fast-senders there. From the log files, I have seen that esmtp is
>>>>> used
>>>>> for local deliveries.
>>>
>>>>> ********* start code ************
>>>>>   warn ratelimit = 3 / 5m / per_rcpt / strict
>>>>>      delay     = ${eval: ${sg{$sender_rate}{[.].*}{}} - \
>>>>>                    $sender_rate_limit }s

>>>>>
>>>>>   # Keep authenticated users under control
>>>>>   deny authenticated = *
>>>>>      ratelimit = 3 / 5m / strict / $authenticated_id
>>>>> ********* end code ************

>>>>>
>>>>> This I have added under the condition "acl_check_rcpt:" in the
>>>>> beginning itself. Still, while testing I have seen that these rules
>>>>> are not hit. Could you please tell me where to put these rules?
>>>>
>>>> I'm afraid that I don't know why these rules aren't working and I
>>>> can't
>>>> tell you where they need to go in your configuration file so that they
>>>> work. I know that ratelimits work because they work for us, but every
>>>> configuration is different and I can't troubleshoot yours.
>>>
>>> I would bet that just before where you added the above ACL segment,
>>> there is an accept that accepts all email from the IPs of your
>>> webmail, so that it never gets to this ratelimit check. Show us the
>>> full rcpt ACL, then maybe we can make better informed suggestions.
>>>
>>> ...Todd
>>>
>>> --
>>> The total budget at all receivers for solving senders' problems is $0.
>>> If you want them to accept your mail and manage it the way you want,
>>> send it the way the spec says to. --John Levine
>>>
>>
>>
>>
>>
>
>
>
> --
> The total budget at all receivers for solving senders' problems is $0.
> If you want them to accept your mail and manage it the way you want,
> send it the way the spec says to. --John Levine
>