> defer authenticated = *
> ratelimit = 100 / 1d / strict / $authenticated_id
> message = \
> $authenticated_id may not send more then 100 messages per day
> log_message = RATE_LIMIT $authenticated_id
>
> ðÒÁ×ÄÁ, ÏÎÏ ÎÅ ×ÓÅÇÄÁ ÐÒÉÍÅÎÉÍÏ.
îÉÖÅÐÒÉ×ÅÄÅÎÎÙÊ ÔÒÀË ÂÅÚÏÐÁÓÎÅÅ. ôÒÀË ÏÓÎÏ×ÁÎ ÎÁ ÔÏÍ, ÞÔÏ ÓÐÁÍÅÒÙ ÒÁÓÓÙÌÁÀÔ
ÐÏ ÓÐÉÓËÁÍ email ÁÄÒÅÓÏ×, × ËÏÔÏÒÙÈ ÐÏÌÎÏ ÎÅÓÕÝÅÓÔ×ÕÀÝÉÈ ÁÄÒÅÓÏ×.
ôÁË ×ÏÔ, 100 ÎÅÓÕÝÅÓÔ×ÕÀÝÉÈ ÁÄÒÅÓÏ× ÐÏÌÕÞÁÔÅÌÅÊ ÚÁ ÞÁÓ - É ÁÄÍÉÎ
Á×ÔÏÍÁÔÉÞÅÓËÉ Õ×ÅÄÏÍÌÑÅÔÓÑ (ÎÁ ÁÄÒÅÓ WARNTO), Á ×ÓÅ ÐÉÓØÍÁ ÏÔ ÜÔÏÇÏ
ÐÏÌØÚÏ×ÁÔÅÌÑ ÚÁÍÏÒÁÖÉ×ÁÀÔÓÑ × ÏÞÅÒÅÄÉ. áÄÍÉÎ, ÐÏÌÕÞÉ× Á×ÔÏÍÁÔÉÞÅÓËÏÅ ÐÉÓØÍÏ,
ÓÍÏÔÒÉÔ ÎÁ ÎÅÓËÏÌØËÏ ÚÁÍÏÒÏÖÅÎÎÙÈ ÐÉÓÅÍ. åÓÌÉ ÜÔÏ ÎÅ ÓÐÁÍ, ÔÏ ÐÉÓØÍÁ
ÍÏÖÎÏ ÒÁÚÍÏÒÏÚÉÔØ (Ó ÐÏÍÏÝØÀ exipick). åÓÌÉ ÓÐÁÍ, ÔÏ ÐÁÒÏÌØ ÐÏÌØÚÏ×ÁÔÅÌÑ
ÎÕÖÎÏ ÐÏÍÅÎÑÔØ (ÓÐÁÍ ÕÄÁÌÉÔØ ÐÏÚÖÅ, ×ÒÅÍÅÎÎÏ ÓÏÈÒÁÎÉ× ÅÇÏ × ËÁÞÅÓÔ×Å
ÄÏËÁÚÁÔÅÌØÓÔ×Á ÄÌÑ ÏÂÕÓÌÏ×ÌÅÎÎÏÇÏ ÄÏÇÏ×ÏÒÏÍ ×ÚÉÍÁÎÉÑ ÛÔÒÁÆÁ Ó ÐÏÌØÚÏ×ÁÔÅÌÑ,
ÐÒÏÈÌÏÐÁ×ÛÅÇÏ ËÒÁÖÕ ÐÁÒÏÌÑ).
ðÏÓÌÅ ÜÔÏÇÏ ÍÏÖÎÏ ÔÅËÓÔÏ×ÙÍ ÒÅÄÁËÔÏÒÏÍ ÕÄÁÌÉÔØ ÓÔÒÏËÕ Ó ÉÄÅÎÔÉÆÉËÁÔÏÒÏÍ
ÚÁÂÌÏËÉÒÏ×ÁÎÎÏÇÏ ÐÏÌØÚÏ×ÁÔÅÌÑ (ÉÌÉ, ÅÓÌÉ ÓÔÒÏËÁ × ÆÁÊÌÅ ÅÄÉÎÓÔ×ÅÎÎÁÑ,
ÞÔÏ ×ÅÓØÍÁ ×ÅÒÏÑÔÎÏ, ÔÏ ÍÏÖÎÏ ÐÒÏÓÔÏ ÕÄÁÌÉÔØ ÆÁÊÌ).
ðÅÒ×ÙÅ ÔÒÉ "accept" - ÄÌÑ ËÏÎÔÒÏÌÑ ÐÏÌØÚÏ×ÁÔÅÌÅÊ × ÌÏËÁÌØÎÏÊ ÓÅÔÉ
(Õ ËÏÇÏ ÅÓÔØ), ×ÔÏÒÙÅ ÔÒÉ - ÞÔÏÂÙ ÐÏÊÍÁÔØ ÓÌÕÞÁÉ ËÒÁÖÉ ÐÁÒÏÌÅÊ.
LIM = 100
PERIOD = 1h
WARNTO = abuse ÎÁ example.com
EXIMBINARY = /usr/local/sbin/exim
SHELL = /bin/sh
...
acl_check_rcpt:
...
accept hosts = !@[] : +relay_from_hosts
set acl_m_user = $sender_host_address
# or an userid from RADIUS
condition = ${if exists{$spool_directory/blocked_relay_users}}
condition = ${if eq{${lookup{$acl_m_user}lsearch\
{$spool_directory/blocked_relay_users}{1}{0}}}{1}}
control = freeze/no_tell
add_header = X-Relayed-From: $acl_m_user
accept hosts = !@[] : +relay_from_hosts
!verify = recipient/defer_ok/callout=10s,defer_ok,use_sender
ratelimit = LIM / PERIOD / per_rcpt / relayuser-$acl_m_user
continue = ${run{SHELL -c "echo $acl_m_user \
>>$spool_directory/blocked_relay_users; \
\N{\N echo Subject: relay user $acl_m_user blocked; echo; echo \
because has sent mail to LIM invalid recipients during PERIOD.; \
\N}\N | EXIMBINARY WARNTO"}}
control = freeze/no_tell
add_header = X-Relayed-From: $acl_m_user
accept hosts = +relay_from_hosts
control = submission/domain=
accept authenticated = *
set acl_m_user = $authenticated_id
# in case of mailboxes in /var/mail: ${sg{$authenticated_id}{\N\W.*$\N}{}}
condition = ${if exists{$spool_directory/blocked_authenticated_users}}
condition = ${if eq{${lookup{$acl_m_user}lsearch\
{$spool_directory/blocked_authenticated_users}{1}{0}}}{1}}
control = freeze/no_tell
add_header = X-Authenticated-As: $acl_m_user
accept authenticated = *
!verify = recipient/defer_ok/callout=10s,defer_ok,use_sender
ratelimit = LIM / PERIOD / per_rcpt / user-$acl_m_user
continue = ${run{SHELL -c "echo $acl_m_user \
>>$spool_directory/blocked_authenticated_users; \
\N{\N echo Subject: user $acl_m_user blocked; echo; echo because \
has sent mail to LIM invalid recipients during PERIOD.; \
\N}\N | EXIMBINARY WARNTO"}}
control = freeze/no_tell
add_header = X-Authenticated-As: $acl_m_user
accept authenticated = *
condition = ${if !={$received_port}{25}}
control = submission/domain=
