New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Multiple Exim ACLs to Limit outgoing mails
Hi everyone...
seek some advice, esp. from mail vendors @jarland, @Servercow, @mailcheap and @Falzo, @mikho
In my /etc/exim4/exim4.conf.template
I would define this only once ??
acl_not_smtp = acl_not_smtp
correct ?? If I try to define acl_not_smtp_s it throws error "acl_not_smtp" option set for the second time
Then
how do I define Multiple ACLs per hour, per minute, per second like this ??
acl_not_smtp_s:
deny message = Web site of $authenticated_id user is sending too much emails - rate overlimit = $sender_rate / $sender_rate_period
ratelimit = 5000 / 1d / $authenticated_id
accept
acl_not_smtp_h:
deny message = Web site of $authenticated_id user is sending too much emails - rate overlimit = $sender_rate / $sender_rate_period
ratelimit = 20 / 1s / $authenticated_id
accept
acl_not_smtp:
deny message = Web site of $authenticated_id user is sending too much emails - rate overlimit = $sender_rate / $sender_rate_period
ratelimit = 200 / 1h / $authenticated_id
accept
Am I doing it correctly ??
Sorry the Exim documentation is too "reference only" kind of, no good examples to show real syntax. Please help me for this.
P.S. I just need the ACLs only for not Authenticated SMTP mails that are fired by PHP mail() from the hosted portal.
Comments
Exim isn't exactly my forte; Jarland's your guy for this
Pavin.
I'm not sure you can ratelimit on more then one time intervall.
It's either second, minute or hour.
I do not understand why you would ratelimit on all intervalls?
Yes you can... as to why one should do it - Many OpenVZ based monitors would shut you down on a certain threshold of mails sent per second, Yahoo/Hotmail issue a soft ban on "per hour" (usually, though no fixed pattern) and Google/Gmail would monitor inflow per hour and per day from certain IPs.
so say I have a per hour limit of 1000 mails, those 1000 mails can be sent in around 15-20 seconds as well triggering a problem.
Many big ESP's already use Multiple ACLs to delay and control outflow for above reasons. Hope that explains
sorry to say but while using exim I haven't looked into this so far. I simply haven't felt the need to limit that detailed...
my best guess on this: while you can define multiple different ACLs like you did, with acl_not_smtp= you do choose which one will be applied. that said with your setup only the last rule or limit will apply.
I'd suggest looking into using ratelimit = x/y inside the ACL multiple times, but haven't tried that...
Someone has replied to your thread at vestacp, havent tried the answer yet.
https://forum.vestacp.com/viewtopic.php?f=41&p=56744#p56744
Yeah I figured it out with one of my friends who... just did not had time to test this. Thanks for the heads-up!!