On 14 Sep 2015, at 12:05, Marius Stan <[email protected]> wrote:
> I have the following snippet running in acl_check_rcpt, which limits
> authenticated users to a number of messages per hour:
If you have it in the RCPT ACL, it is run (and the database updated) for every
RCPT TO command from the connecting system; not only that but in your provided
ACL section it runs & updates *twice* per RCPT TO:
> warn authenticated = *
> ratelimit = ${lookup mysql{Q_RATELIMIT}} / 1h / strict /
> $authenticated_id
> log_message = Authenticated sender rate $authenticated_id
> $authenticated_sender $sender_rate / $sender_rate_period
>
> deny authenticated = *
> ratelimit = ${lookup mysql{Q_RATELIMIT}} / 1h / strict /
> $authenticated_id
> log_message = Authenticated sender rate $authenticated_id
> $authenticated_sender $sender_rate / $sender_rate_period
>
> accept authenticated = *
> control = submission/sender_retain
To lookup, and not update, the ratelimit DB, use the 'readonly' parameter:
http://www.exim.org/exim-html-current/doc/html/spec_html/ch-access_control_lists.html#SECTratelimiting
Better still, get the positioning of the ratelimit checks right, do a lookup
(with an update or without, depending where in the flow you are) and store the
returned value in an ACL variable. Then you can make logical decisions at
various points in the ACL flow without doing any further lookups.
Graeme
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
