I have managed to put in the ACL some kind of ratelimit information, which is as follows:
# Log all sender's rate
warn ratelimit = 15 / 10s / per_rcpt / strict
log_message = SENDER RATE: $sender_rate/$sender_rate_period from $sender_address
# system wide rate limit (4800/hour)
warn ratelimit = 40 / 30s / $primary_hostname
log_message = SYSTEM RATE LIMIT: exceeds $sender_rate/$sender_rate_period
What I do need though, is a warning when a particular user gets above certain number of e-mail. This one example of the problem we had when an account was compromised:
Top 50 local destinations by message count
------------------------------------------
Messages Addresses Bytes Average Local destination
89904 89904 367MB 4280 xxxx01@???
269 272 17MB 65KB yyyy02@???
Usually from looking at eximstats, the max e-mail one person gets from the gateway is less than 500. There is no way to find out or warn us about this kind of escalation of e-mail from ratelimit. It is based on sender's address not on how many recipients got.
The eximstats, I used was eximstats -nr -t_remote_users
Regards
Sujit
