Following feedback from a user, I have revised the ACL ratelimit documentation. Patch below...
Tony. -- <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> http://dotat.at/ ${sg{\N${sg{\ N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\ \N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}} Index: doc-docbook/spec.ascd =================================================================== RCS file: /home/cvs/exim/exim-doc/doc-docbook/spec.ascd,v retrieving revision 1.4 diff -u -r1.4 spec.ascd --- doc-docbook/spec.ascd 5 Dec 2005 14:38:18 -0000 1.4 +++ doc-docbook/spec.ascd 19 Dec 2005 14:57:02 -0000 @@ -14930,12 +14930,19 @@ %smtp_ratelimit_hosts%, Use: 'main', Type: 'host list'!!, Default: 'unset' === +[revisionflag="changed"] cindex:[SMTP,rate limiting] cindex:[limit,rate of message arrival] cindex:[RCPT,rate limiting] Some sites find it helpful to be able to limit the rate at which certain hosts can send them messages, and the rate at which an individual message can specify -recipients. When a host matches %smtp_ratelimit_hosts%, the values of +recipients. +Exim has two rate-limiting facilities. This section describes the +older facility, which can limit rates within a single connection. The +newer ratelimit ACL condition can limit rates across all connections. +See <<SECTratelimit>> for details. + +When a host matches %smtp_ratelimit_hosts%, the values of %smtp_ratelimit_mail% and %smtp_ratelimit_rcpt% are used to control the rate of acceptance of MAIL and RCPT commands in a single SMTP session, respectively. Each option, if set, must contain a set of four comma-separated @@ -27506,9 +27513,7 @@ which clients can send email. This is more powerful than the %smtp_ratelimit_*% options, because those options control the rate of commands in a single SMTP session only, whereas the %ratelimit% condition works across all connections -(concurrent and sequential) from the same client host. There's a script in -_util/ratelimit.pl_ which extracts sending rates from log files, to assist with -choosing appropriate settings when deploying the %ratelimit% ACL condition. +(concurrent and sequential) from the same client host. The syntax of the %ratelimit% condition is: [revisionflag="changed"] @@ -27521,23 +27526,39 @@ period 'p' then the condition is false; otherwise it is true. [revisionflag="changed"] +As a side-effect, the %ratelimit% condition sets the expansion variable +$sender_rate$ to the client's computed rate, $sender_rate_limit$ to the +configured value of 'm', and $sender_rate_period$ to the configured value of +'p'. + +[revisionflag="changed"] The parameter 'p' is the smoothing time constant, in the form of an Exim time interval, for example, `8h` for eight hours. A larger time constant means that it takes Exim longer to forget a client's past behaviour. The parameter -'m' is the maximum number of messages that a client is permitted to send in a +'m' is the maximum number of messages that a client is permitted to send in +each time interval. It also specifies the number of messages permitted in a fast burst. By increasing both 'm' and 'p' but keeping 'm/p' constant, you can allow a client to send more messages in a burst without changing its overall sending rate limit. Conversely, if 'm' and 'p' are both small, messages must be sent at an even rate. [revisionflag="changed"] +There's a script in _util/ratelimit.pl_ which extracts sending rates from log +files, to assist with choosing appropriate settings for 'm' and 'p' when +deploying the %ratelimit% ACL condition. The script prints usage instructions +when it is run with no arguments. + +[revisionflag="changed"] The key is used to look up the data for calculating the client's average sending rate. This data is stored in a database maintained by Exim in its spool -directory, alongside the retry and other hints databases. You can limit the -sending rate of each authenticated user, independent of the computer they are -sending from, by setting the key to $authenticated_id$. The default key is -$sender_host_address$, which applies the limit to the client host, independent -of the sender. +directory, alongside the retry and other hints databases. The default key is +$sender_host_address$, which applies the limit to each client host IP address. +By changing the key you can change how Exim identifies clients for the purpose +of ratelimiting. For example, to limit the sending rate of each authenticated +user, independent of the computer they are sending from, set the key to +$authenticated_id$. You must ensure that the lookup key is meaningful; for +example, $authenticated_id$ is only meaningful if the client has +authenticated, and you can check with with the %authenticated% ACL condition. [revisionflag="changed"] Internally, Exim includes the smoothing constant 'p' and the options in the @@ -27553,9 +27574,11 @@ the other parameters. [revisionflag="changed"] -The %per_conn% option limits the client's connection rate. The %per_mail% -option limits the client's rate of sending messages. This is the default if -none of the %per_*% options is specified. +The %per_conn% option limits the client's connection rate. + +[revisionflag="changed"] +The %per_mail% option limits the client's rate of sending messages. This is +the default if none of the %per_*% options is specified. [revisionflag="changed"] The %per_byte% option limits the sender's email bandwidth. Note that it is best @@ -27598,13 +27621,8 @@ average rate of successfully sent email, which cannot be greater than the maximum. If the client is over the limit it will suffer some counter-measures, but it will still be able to send email at the configured maximum rate, -whatever the rate of its attempts. - -[revisionflag="changed"] -As a side-effect, the %ratelimit% condition sets the expansion variable -$sender_rate$ to the client's computed rate, $sender_rate_limit$ to the -configured value of 'm', and $sender_rate_period$ to the configured value of -'p'. +whatever the rate of its attempts. This is generally the better choice if you +have clients that retry automatically. [revisionflag="changed"] Exim's other ACL facilities are used to define what counter-measures are taken @@ -27627,6 +27645,7 @@ # Keep authenticated users under control deny + authenticated = * ratelimit = 100 / 1d / strict / $authenticated_id # System-wide rate limit -- ## List details at http://www.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
