I have managed to put in the ACL some kind of ratelimit information, which is
as follows:
# Log all sender's rate
warn ratelimit = 15 / 10s / per_rcpt / strict
log_message = SENDER RATE: $sender_rate/$sender_rate_period from
$sender_address
# system wide rate limit (4800/hour)
warn ratelimit = 40 / 30s / $primary_hostname
log_message = SYSTEM RATE LIMIT: exceeds
$sender_rate/$sender_rate_period
What I do need though, is a warning when a particular user gets above certain
number of e-mail. This one example of the problem we had when an account was
compromised:
Top 50 local destinations by message count
------------------------------------------
Messages Addresses Bytes Average Local
destination
89904 89904 367MB 4280
[email protected]
269 272 17MB 65KB
[email protected]
Usually from looking at eximstats, the max e-mail one person gets from the
gateway is less than 500. There is no way to find out or warn us about this
kind of escalation of e-mail from ratelimit. It is based on sender's address
not on how many recipients got.
The eximstats, I used was eximstats -nr -t_remote_users
Regards
Sujit
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
