On 27/09/11 06:00, Caines, Max wrote:
> We're running rate-limiting based on sender address, which has been
> very effective in reducing the consequences of compromised accounts.
> Until now, I've been relying on some code on a server that's
> archiving Exim logs to recognise the blocking message, and email us
> once per sender, but it's not very reliable. Really I'd like to get
> Exim to send a notification when someone crosses the threshold for
> the first time in, say, a 24-hour period, but I can't see a way to do
> it. The rate-limiting's via an ACL, and I don't have Perl embedded,
> and don't really have the memory to do so. Anyone got any ideas?
Use a "continue" verb? (action? wtb term to use here) on your existing
ACL block to both check for the existence of a flag file on the system
specific to that user, and if it's not present, ${run} something that
creates the file and sends an email. (pid & file lock on the program
that runs to prevent it running more than once)
Use a cron script to check the state directory every N and expire any
files that are more then N hours/minutes/seconds old. Basically, however
long you want between being notified.
Use more than one ratelimit to have greater notification granularity.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
