admin--- via Exim-dev <exim-dev@???> (Mo 18 Feb 2019 07:30:24 CET):
> For example:
>
> acl_notquit:
> accept authenticated = *
>
> warn condition = ${if match {$smtp_notquit_reason}{command}{yes}{no}}
> log_message = "Connection Ratelimit - $sender_fullhost because
> of notquit: $smtp_notquit_reason ($sender_rate/$sender_rate_period
> max:$sender_rate_limit)"
> logwrite = "LOGWRITE: $tod_log $message_id Connection Ratelimit
> - $sender_fullhost because of notquit: $smtp_notquit_reason
> ($sender_rate/$sender_rate_period max:$sender_rate_limit)"
> ratelimit = BADNOAUTH_LIMIT / strict / per_conn
>
> accept
>
I'm replying here, until I'm sure that we're talking about a bug :)
I believe, it is clearly documented:
From the spec.txt:
log_message = <text>
This modifier sets up a message that is used as part of the log message if
the ACL denies access or a warn statement's conditions are true. For
example:
How do you know, that the "ratelimit" fired (returned TRUE, because it was hit?)
The output from your log doesn't indicate it:
2019-02-15 16:09:49.000 [26467] "LOGWRITE: 2019-02-15 16:09:49.000 Connection Ratelimit - (mztyg.com) [49.86.182.22]:53541 because of failed SMTP AUTH without QUIT: connection-lost (/ max:)
I'd have expected something like:
LOG: H=(ME) [1.1.1.1] Warning: non-polite client: connection-lost [1.7/1m max:1]
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -