Environment: Exim 4.69 on RedHat Enterprise Linux 4 I am trying to set up rate limiting for the exact same reason Tony Finch described in his paper proposing adding it to Exim: compromised internal accounts are being used to send out thousands of spams and I need to slow them down enough to make it not worth their while. So I added a deny stanza in the acl_smtp_rcpt ACL with the following ratelimit:
ratelimit = 1000 / 4h / per_rcpt / leaky / $authenticated_id This seems to do the job, but I am concerned about how it works when legitimate users send mail to multiple recipients. The above config increments a sender's rate by one per recipient whether the mail is actually sent or not. For example, if a user has already sent mail to 910 recipients and now wants to send a note to 100 more, the first 90 will be accepted, running his rate up to 1000 and then the message will be rejected. His rate is now set at 1000 even though those last 90 were not actually sent. If he waits a while before trying again, but not quite long enough for the rate to drop below 900, it will get run up to 1000 again and his mail will still not be sent. I can see where this would be a bit frustrating. What I would like to be able to do is set a ratelimit like the above, in the smtp_data or better yet, the smtp_predata ACL and have it check whether the current rate plus the number of recipients in the current message ($recipients_count) puts you over the limit. With the leaky option set it should not update the database unless you are under the limit and presumably the message will be sent. This sounds similar to what is described in the docs when using the per_rcpt option in the not_smtp ACL. I am not able to tell from the docs whether what I have described would work or not, since there isn't much detail on what effect the various options have when used in various ACLs. I checked the wiki and didn't find anything useful on ratelimiting, so I am hoping many of you will have set up ratelimiting to block outgoing spam and can tell me the best ways to do it. I thank you in advance for any help Russ -- Russell D. Wilton E Mail: [EMAIL PROTECTED] Info Tech Systems Analyst Voice: (403) 329-2525 University of Lethbridge FAX: (403) 382-7108 4401 University Drive Lethbridge, Alberta, CANADA T1K 3M4 -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
