Hi, Sebastian -
I'm wracking my memory here as I had the exact same problem when setting up
a very similar mechanism. If memory serves, the trick is to change the
*leaky* to instead be *strict*: certainly that's what we're using now and
it's working.
When using the leaky setting the computed rate never seemed to go over the
threshold but just hover slightly under it. This is probably described in
the *Specification* where it says:
The *leaky* (default) option means that the client’s recorded rate is not
updated if it is above the limit. The effect of this is that Exim measures
the client’s average rate of successfully sent email, which cannot be
greater than the maximum allowed. If the client is over the limit it may
suffer some counter-measures (as specified in the ACL), but it will still
be able to send email at the configured maximum rate, whatever the rate of
its attempts. …
Cheers,
Mike B-)
On Fri, 9 Aug 2019 at 14:40, Sebastian Arcus via Exim-users <
exim-users@???> wrote:
> I have a set of ACL's in place to ban connections from IP's after a
> number of retries. The first one checks if connections from an IP
> address have already been rejected 5 times or more in 24 hours and drops
> them, while the second one just adds to the count (up to 10 max) every
> time we reject a connection:
>
> acl_check_connect:
>
> drop message = Temporary ban - too many retries
> ratelimit = 5 / 24h / per_conn / readonly
>
>
> drop message = PTR record check failed
> ! condition = ${lookup
> dnsdb{defer_never,ptr=$sender_host_address}{yes}{no}}
> ! ratelimit = 10 / 24h / per_conn / leaky
>
>
> However, the above doesn't seem to work - the second acl matches 10
> times, and after that exim just accepts the connection - the first acl
> never kicks in:
>
> </snip>
>
> 2019-07-29 06:39:12 H=[185.208.211.29] rejected connection in "connect"
> ACL: "Reject: PTR record check failed (185.208.211.29)"
> 2019-07-29 06:39:12 no host name found for IP address 185.208.211.29
> 2019-07-29 06:39:27 H=[185.208.211.29] rejected connection in "connect"
> ACL: "Reject: PTR record check failed (185.208.211.29)"
> 2019-07-29 06:39:27 no host name found for IP address 185.208.211.29
> 2019-07-29 06:39:33 1hryNd-0003te-FT <= tRangel@???
> H=(WIN-JOFTN72POB6) [185.208.211.29] P=esmtp S=1309
> 2019-07-29 06:39:34 1hryNd-0003te-FT => spam_victim@???
> R=send_direct T=remote_smtp H=gmail-smtp-in.l.google.com [64.233.184.26]
> X=TLSv1.2:ECD>
> 2019-07-29 06:39:34 1hryNd-0003te-FT Completed
>
>
> It is possible that I am misunderstanding how ratelimit works though.
> Any helps would be appreciated.
>
>
>
>
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>
--
*My normal working days are Tuesdays, Wednesdays and Thursdays.*
Systems Administrator working in Teaching & Learning
IT Services, University of York, Heslington, York YO10 5DD, UK
Tel: +44-(0)1904-323811
Web:
www.york.ac.uk/it-services
Disclaimer:
www.york.ac.uk/docs/disclaimer/email.htm
