On 2015-03-04, Arkadiusz Miśkiewicz <arekm@???> wrote:
>
> Hi.
>
> Assume rules that do:
>
> acl_smtp_connect:
> deny
> ratelimit = 15 / 2h / noupdate / strict / per_conn
>
> acl_smtp_notquit:
> warn ...
> ratelimit = 15 / 2h / strict / per_conn
>
>
> Now customer hits notquit for example 500 times, gets finally blocked by
> acl_smtp_connect. Now it needs to wait ln(peakrate/maxrate) 2h periods (so
> ~7h) to get counter go below limit.
at 15 per two hours they's be locked out after 15 tries, (they won't
get 500 unless they spread this out over a week or so)
where is 500 coming from?
> How I can get constant 2h period (after last ratelimit update for example) to
> get counter zeroed while still keep counting real ratio (so can't drop
> "strict") for log purposes?
perhaps something like this:
warn
ratelimit = 15 / 2h / strict / per_conn
ratelimit = 15 / 2h / strict / per_conn / count=15
that will add another 15 to the count, meaning it it will take 2 hours for
the count to get low enough to allow access.
> ps. how current "average rage" is actually calculated? Don't see this in docs.
"average rate".
another way would be to use a second ratelimit to enforce the two
hours cooldown, but after peeking at the source (acl.c) and not understanding
it I'm not certain how deterministicly exim's ratelimits can be expected
to behave.
--
umop apisdn