Hi, Sebastian - I'm wracking my memory here as I had the exact same problem when setting up a very similar mechanism. If memory serves, the trick is to change the *leaky* to instead be *strict*: certainly that's what we're using now and it's working.
When using the leaky setting the computed rate never seemed to go over the threshold but just hover slightly under it. This is probably described in the *Specification* where it says: The *leaky* (default) option means that the client’s recorded rate is not updated if it is above the limit. The effect of this is that Exim measures the client’s average rate of successfully sent email, which cannot be greater than the maximum allowed. If the client is over the limit it may suffer some counter-measures (as specified in the ACL), but it will still be able to send email at the configured maximum rate, whatever the rate of its attempts. … Cheers, Mike B-) On Fri, 9 Aug 2019 at 14:40, Sebastian Arcus via Exim-users < [email protected]> wrote: > I have a set of ACL's in place to ban connections from IP's after a > number of retries. The first one checks if connections from an IP > address have already been rejected 5 times or more in 24 hours and drops > them, while the second one just adds to the count (up to 10 max) every > time we reject a connection: > > acl_check_connect: > > drop message = Temporary ban - too many retries > ratelimit = 5 / 24h / per_conn / readonly > > > drop message = PTR record check failed > ! condition = ${lookup > dnsdb{defer_never,ptr=$sender_host_address}{yes}{no}} > ! ratelimit = 10 / 24h / per_conn / leaky > > > However, the above doesn't seem to work - the second acl matches 10 > times, and after that exim just accepts the connection - the first acl > never kicks in: > > </snip> > > 2019-07-29 06:39:12 H=[185.208.211.29] rejected connection in "connect" > ACL: "Reject: PTR record check failed (185.208.211.29)" > 2019-07-29 06:39:12 no host name found for IP address 185.208.211.29 > 2019-07-29 06:39:27 H=[185.208.211.29] rejected connection in "connect" > ACL: "Reject: PTR record check failed (185.208.211.29)" > 2019-07-29 06:39:27 no host name found for IP address 185.208.211.29 > 2019-07-29 06:39:33 1hryNd-0003te-FT <= [email protected] > H=(WIN-JOFTN72POB6) [185.208.211.29] P=esmtp S=1309 > 2019-07-29 06:39:34 1hryNd-0003te-FT => [email protected] > R=send_direct T=remote_smtp H=gmail-smtp-in.l.google.com [64.233.184.26] > X=TLSv1.2:ECD> > 2019-07-29 06:39:34 1hryNd-0003te-FT Completed > > > It is possible that I am misunderstanding how ratelimit works though. > Any helps would be appreciated. > > > > > > -- > ## List details at https://lists.exim.org/mailman/listinfo/exim-users > ## Exim details at http://www.exim.org/ > ## Please use the Wiki with this list - http://wiki.exim.org/ > -- *My normal working days are Tuesdays, Wednesdays and Thursdays.* Systems Administrator working in Teaching & Learning IT Services, University of York, Heslington, York YO10 5DD, UK Tel: +44-(0)1904-323811 Web: www.york.ac.uk/it-services Disclaimer: www.york.ac.uk/docs/disclaimer/email.htm -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
