On 14 Sep 2015, at 12:05, Marius Stan <mstan@???> wrote:
> I have the following snippet running in acl_check_rcpt, which limits authenticated users to a number of messages per hour:
If you have it in the RCPT ACL, it is run (and the database updated) for every RCPT TO command from the connecting system; not only that but in your provided ACL section it runs & updates *twice* per RCPT TO:
> warn authenticated = *
> ratelimit = ${lookup mysql{Q_RATELIMIT}} / 1h / strict / $authenticated_id
> log_message = Authenticated sender rate $authenticated_id $authenticated_sender $sender_rate / $sender_rate_period
>
> deny authenticated = *
> ratelimit = ${lookup mysql{Q_RATELIMIT}} / 1h / strict / $authenticated_id
> log_message = Authenticated sender rate $authenticated_id $authenticated_sender $sender_rate / $sender_rate_period
>
> accept authenticated = *
> control = submission/sender_retain
To lookup, and not update, the ratelimit DB, use the 'readonly' parameter:
http://www.exim.org/exim-html-current/doc/html/spec_html/ch-access_control_lists.html#SECTratelimiting
Better still, get the positioning of the ratelimit checks right, do a lookup (with an update or without, depending where in the flow you are) and store the returned value in an ACL variable. Then you can make logical decisions at various points in the ACL flow without doing any further lookups.
Graeme
