Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com
Multiple Exim ACLs to Limit outgoing mails
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

Multiple Exim ACLs to Limit outgoing mails

Hi everyone...

seek some advice, esp. from mail vendors @jarland, @Servercow, @mailcheap and @Falzo, @mikho

In my /etc/exim4/exim4.conf.template

I would define this only once ??

acl_not_smtp = acl_not_smtp

correct ?? If I try to define acl_not_smtp_s it throws error "acl_not_smtp" option set for the second time

Then
how do I define Multiple ACLs per hour, per minute, per second like this ??

acl_not_smtp_s:
  deny message = Web site of $authenticated_id user is sending too much emails - rate overlimit = $sender_rate / $sender_rate_period
  ratelimit = 5000 / 1d / $authenticated_id
  accept

acl_not_smtp_h:
  deny message = Web site of $authenticated_id user is sending too much emails - rate overlimit = $sender_rate / $sender_rate_period
  ratelimit = 20 / 1s / $authenticated_id
  accept


acl_not_smtp:
  deny message = Web site of $authenticated_id user is sending too much emails - rate overlimit = $sender_rate / $sender_rate_period
  ratelimit = 200 / 1h / $authenticated_id
  accept

Am I doing it correctly ??
Sorry the Exim documentation is too "reference only" kind of, no good examples to show real syntax. Please help me for this.

P.S. I just need the ACLs only for not Authenticated SMTP mails that are fired by PHP mail() from the hosted portal.

Comments

  • mailcheapmailcheap Member, Provider

    Exim isn't exactly my forte; Jarland's your guy for this :)

    Pavin.

    Thanked by 1mehargags

    Mailcheap.co (Cyberlabs s.r.o. & Cyberlabs Inc.) | Dedicated Email Servers | Complete API support | AI Spam Filtering
    Affiliate program w/ 50% commission

  • mikhomikho Member, Provider

    I'm not sure you can ratelimit on more then one time intervall.

    It's either second, minute or hour.
    I do not understand why you would ratelimit on all intervalls?

    I can now be found at https://talk.lowendspirit.com
    or on twitter
    Come say HI! :)
  • mehargagsmehargags Member
    edited February 2017

    @mikho said:
    I do not understand why you would ratelimit on all intervalls?

    Yes you can... as to why one should do it - Many OpenVZ based monitors would shut you down on a certain threshold of mails sent per second, Yahoo/Hotmail issue a soft ban on "per hour" (usually, though no fixed pattern) and Google/Gmail would monitor inflow per hour and per day from certain IPs.

    so say I have a per hour limit of 1000 mails, those 1000 mails can be sent in around 15-20 seconds as well triggering a problem.

    Many big ESP's already use Multiple ACLs to delay and control outflow for above reasons. Hope that explains

  • sorry to say but while using exim I haven't looked into this so far. I simply haven't felt the need to limit that detailed...

    my best guess on this: while you can define multiple different ACLs like you did, with acl_not_smtp= you do choose which one will be applied. that said with your setup only the last rule or limit will apply.

    I'd suggest looking into using ratelimit = x/y inside the ACL multiple times, but haven't tried that...

    acl_not_smtp:
      deny message = Web site of $authenticated_id user is sending too much emails - rate overlimit = $sender_rate / $sender_rate_period
      deny ratelimit = 5000 / 1d / $authenticated_id
      deny ratelimit = 200 / 1h / $authenticated_id
      deny ratelimit = 20 / 1s / $authenticated_id
      accept
    
    Thanked by 1mikho

    UltraVPS.eu KVM in US/UK/NL/DE: 15% off first 6 month | Netcup VPS/rootDS - 5€ off: 36nc15279180197 (ref)

  • rivermiguerivermigue Member, Provider

    Someone has replied to your thread at vestacp, havent tried the answer yet.
    https://forum.vestacp.com/viewtopic.php?f=41&p=56744#p56744

    Att. Miguel Rivera
    TempleServers.com Debian WebHosting | Nginx | Apache | Daily backups
    KVM and OpenVZ virtualization in Germany and Canada. A registered trademark of Breinz S.A de C.V NIT: 0614-051216-105-5

  • Yeah I figured it out with one of my friends who... just did not had time to test this. Thanks for the heads-up!!

Sign In or Register to comment.