Author: Nick Rickard Date: To: exim-users Subject: Re: [exim] [SOLVED] exim ratelimit on subject for incoming mail
On 10/02/16 20:37, Graeme Fowler wrote:
<snip> >
> You can make ratelimit use *any* key you like as the lookup - so it
> can be (as you’ve done already) the envelope sender address, or the
> sender’s IP address, or a hostname, or… well, you get the idea.
>
> In the DATA ACL, you’ve got access to all the message headers - and
> if you do the ratelimit stuff before the callout to SpamAssassin,
> they’re unmodified (see footnote 1). So you can set an ACL variable
> for later use from any header. As an example:
>
> set acl_m_origsubject1 = $rh_Subject ... warn ratelimit = 5 / 15m /
> per_rcpt / strict / $acl_m_origsubject1
>
> (obviously that could be deny, and have other conditions on it)
> <snip> >
> You’re probably better off cooking up a ratelimit key from the
> subject, parts of the date/time (see $tod_log) and other attributes
> of the message which you see as unique. Do they, for example, share a
> Message-ID header (direct-to-MX malware often does, if one exists at
> all).
>
> Does that give you a bit of direction?
>
> Graeme
Yes, thanks. $rh_subject / $h_subject looks like it will do what I
wanted - and I'll run with 'warn' not 'deny' for a while to prove. I'll
dig into the other attributes you mention in slower time and might go
for a dual approach of:
deny if ratelimit > large threshold
warn and +3 for SpamAssassin if ratelimit > smaller threshold