https://bugs.exim.org/show_bug.cgi?id=2267
Bug ID: 2267
Summary: Contradictory error/no error logged to paniclog for
ratelimit options in QUIT/NOTQUIT ACLs
Product: Exim
Version: 4.86
Hardware: x86
OS: All
Status: NEW
Severity: bug
Priority: medium
Component: ACLs
Assignee: jgh146exb@???
Reporter: mike.brudenell@???
CC: exim-dev@???
I have both acl_smtp_quit and acl_smtp_notquit ACLs defined. These check
whether authentication failed and, if it did, use ratelimit to update a count
with a view to throttling or blocking clients trying repeated AUTH attempts.
In each of the ACLs the ratelimit line reads:
ratelimit = 5 / 1h / strict / BadAuth:$sender_host_address
This is accepted without error and the associated rate limiting worked for a
long time.
Realising I hadn't explicitly named a "per_XXX" option I explicitly added the
"per_mail"Â option that until now the ratelimit condition had been defaulting to
using:
ratelimit = 5 / 1h / per_mail / strict / BadAuth:$sender_host_address
This now causes Exim to log an entry in paniclog whenever the ACL runs
complaining with either
ACL for QUIT returned ERROR: error in arguments to "ratelimit" condition:
"per_mail" must not have /leaky or /strict option in QUIT ACL
or
ACL for not-QUIT returned ERROR: error in arguments to "ratelimit"
condition: "per_mail" must not have /leaky or /strict option in NOTQUIT ACL
depending which ACL triggered.
This seems inconsistent and wrong because:
1) If I explicitly include the "per_mail" option in the ratelimit condition
Exim paniclogs an error saying I MUST NOT use either strict or leaky with
"per_mail" in that ACL.
2) If I omit all "per_XXX" options but still include "strict" or "leaky" then
the ratelimit defaults to use "per_mail" but DOES NOT paniclog an error.
Surely you can't have it both ways?! :-)
Either strict/leaky can be used with per_mail in these ACLs (in which case (1)
is wrong, or cannot be used (in which case (2) is wrong).
--
You are receiving this mail because:
You are on the CC list for the bug.
