Re: [exim] default ratelimit

Góra strony
Delete this message
Reply to this message
Autor: Graeme Fowler
Data:  
Dla: exim-users
Temat: Re: [exim] default ratelimit
On 14 Sep 2015, at 12:05, Marius Stan <mstan@???> wrote:
> I have the following snippet running in acl_check_rcpt, which limits authenticated users to a number of messages per hour:


If you have it in the RCPT ACL, it is run (and the database updated) for every RCPT TO command from the connecting system; not only that but in your provided ACL section it runs & updates *twice* per RCPT TO:

>  warn    authenticated = *
>          ratelimit = ${lookup mysql{Q_RATELIMIT}} / 1h / strict / $authenticated_id
>          log_message = Authenticated sender rate $authenticated_id $authenticated_sender $sender_rate / $sender_rate_period

>
>  deny    authenticated = *
>          ratelimit = ${lookup mysql{Q_RATELIMIT}} / 1h / strict / $authenticated_id
>          log_message = Authenticated sender rate $authenticated_id $authenticated_sender $sender_rate / $sender_rate_period

>
>  accept  authenticated = *
>          control       = submission/sender_retain


To lookup, and not update, the ratelimit DB, use the 'readonly' parameter:

http://www.exim.org/exim-html-current/doc/html/spec_html/ch-access_control_lists.html#SECTratelimiting

Better still, get the positioning of the ratelimit checks right, do a lookup (with an update or without, depending where in the flow you are) and store the returned value in an ACL variable. Then you can make logical decisions at various points in the ACL flow without doing any further lookups.

Graeme