Re: [exim] Exim4 ratelimiting

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Biju Abraham N.
Date:  
À: 'Biju Abraham N.', 'Todd Lyons'
CC: 'exim-users'
Sujet: Re: [exim] Exim4 ratelimiting
Thanks Todd, I was able to find out the usage of logwrite. Also, the
ratelimit is also working for me. The delay time was evaluated, but the unit
was set in seconds even when the period was in minutes, my fault. I
corrected it.

The delay time is the timedelay immediate, right? I mean, the message is not
put into the queue with a time delay, but the exim thread waits there before
the timedelay is elapsed?

Thank you very much.

Regards,
Biju.

-----Original Message-----
From: Biju Abraham N. [mailto:bijuan@rajagiritech.ac.in]
Sent: 01 November 2014 AM 06:56
To: Todd Lyons
Cc: Biju Abraham N.; exim-users
Subject: Re: [exim] Exim4 ratelimiting

OK, Thanks Todd. Could you please tell me how to use log_write? Is that a
built-in function? Could you please add a one line on its usage (in my
rule)?

Regards,
Biju.

On Sat, November 1, 2014 6:43 am, Todd Lyons wrote:
> Personally, for now I would add a log_write to that warn and record
> what the value of $sender_rate_limit is (for every email). The values
> may not be doing what you think it is doing. Possible you could get
> good info from logging the results of that ${eval} command too.
>
> ...Todd
>
>
> On Fri, Oct 31, 2014 at 5:38 PM, Biju Abraham N.
> <bijuan@???> wrote:
>> Dear Chris, Todd,
>>
>> Thank you for the help so far.
>>
>> I don't have any "accept" before my script shown below under
>> "acl_check_rcpt:". But I have some code under "acl_check_mail:"
>> section, which I give here:
>>
>> ********** start code **************
>> acl_check_mail:
>>   .ifdef CHECK_MAIL_HELO_ISSUED
>>   deny
>>     message = no HELO given before MAIL command
>>     condition = ${if def:sender_helo_name {no}{yes}}
>>   .endif

>>
>> accept
>>
>> acl_check_rcpt:
>>
>>   warn ratelimit = 3 / 5m / per_rcpt / strict
>>      delay     = ${eval: ${sg{$sender_rate}{[.].*}{}} - \
>>                    $sender_rate_limit }s

>>
>>   # Keep authenticated users under control
>>   deny authenticated = *
>>      ratelimit = 3 / 5m / strict / $authenticated_id

>>
>>   # Accept if the source is local SMTP (i.e. not over TCP/IP). We do 
>> this by
>>   # testing for an empty sending host field.
>>   accept
>>     hosts = :
>>     control = dkim_disable_verify

>>
>> ********** end code **************
>> Is this where the control goes without entering my added conditions?
>>
>> Regards,
>> Biju.
>>
>> On Fri, October 31, 2014 10:02 pm, Todd Lyons wrote:
>>> On Fri, Oct 31, 2014 at 9:06 AM, Chris Siebenmann
>>> <cks@???>
>>> wrote:
>>>>> I have checked the squirrel mail configuration. It is configured
>>>>> to use SMTP for mail delivery. So I have a chance of limiting
>>>>> fast-senders there. From the log files, I have seen that esmtp is
>>>>> used for local deliveries.
>>>
>>>>> ********* start code ************
>>>>>   warn ratelimit = 3 / 5m / per_rcpt / strict
>>>>>      delay     = ${eval: ${sg{$sender_rate}{[.].*}{}} - \
>>>>>                    $sender_rate_limit }s

>>>>>
>>>>>   # Keep authenticated users under control
>>>>>   deny authenticated = *
>>>>>      ratelimit = 3 / 5m / strict / $authenticated_id
>>>>> ********* end code ************

>>>>>
>>>>> This I have added under the condition "acl_check_rcpt:" in the
>>>>> beginning itself. Still, while testing I have seen that these
>>>>> rules are not hit. Could you please tell me where to put these rules?
>>>>
>>>> I'm afraid that I don't know why these rules aren't working and I
>>>> can't tell you where they need to go in your configuration file so
>>>> that they work. I know that ratelimits work because they work for
>>>> us, but every configuration is different and I can't troubleshoot
>>>> yours.
>>>
>>> I would bet that just before where you added the above ACL segment,
>>> there is an accept that accepts all email from the IPs of your
>>> webmail, so that it never gets to this ratelimit check. Show us the
>>> full rcpt ACL, then maybe we can make better informed suggestions.
>>>
>>> ...Todd
>>>
>>> --
>>> The total budget at all receivers for solving senders' problems is $0.
>>> If you want them to accept your mail and manage it the way you want,
>>> send it the way the spec says to. --John Levine
>>>
>>
>>
>>
>>
>
>
>
> --
> The total budget at all receivers for solving senders' problems is $0.
> If you want them to accept your mail and manage it the way you want,
> send it the way the spec says to. --John Levine
>