chibenwa commented on a change in pull request #833: URL: https://github.com/apache/james-project/pull/833#discussion_r782233633
########## File path: src/adr/0053-email-rate-limiting.md ########## @@ -0,0 +1,65 @@ +# 53. Email rate limiting + +Date: 2021-01-10 + +## Status + +Accepted (lazy consensus). + +Not yet implemented. + +## Context + +Rate limiting is one of the common features expected from an email system. Examples: SaaS is +one https://www.fastmail.help/hc/en-us/articles/1500000277382-Account-limits#sending/receiving +, https://support.google.com/mail/answer/22839 + +They limit how many emails users can send/receive from/to each email account over a given period of time. +We believe the rate-limiting will help James to have more benefits: + +- Control of the resource +- Easy to dynamic config the user policy. +- Complements the storage quota +- Can be a security requirement for SaaS deployments. +- Minimise impacts of Open-relay types of compression. +- Limiting the amount of email sent to third parties can also prevent them from considering you as an open relay and can + be beneficial as well. + +## Decision + +Set up a new maven project dedicated to rating limiting. This allows the rate limiting mailets to be embedded in a James +server as a soft dependency using the external-jar loading mechanism. Please note that this will take the form of an +extension jars, that could be dropped in one's James installation, and thus is optional, and not of a runtime +dependency. + +Rate limiting will be enabled per sender, per receiver and globally. For each we will provide options for email size and +email count. + +- This can be done via mailets: + - PerSenderRateLimit is per sender + - PerRecipientRateLimit is per recipient + - GlobalRateLimit for everyone Depending on the position in the pipeline this could allow rating limit all emails in + transit, relayed emails or locally delivered emails. + The rate limit will be config + in [mailetcontainer.xml](/server/apps/distributed-app/sample-configuration/mailetcontainer.xml). + +- Those mailets will be based on a generic RateLimiter interface. We will propose two implementations for it: + - In memory (guava based) suitable for single instance deployments + - [Redis](https://redis.io) based, suitable for distributed deployments. Review comment: > Isn't Cassandra good enough? Cassandra counters are terrible. Actually I want to try alternatives > or you really want non-persistent data storage to have better performance? Yes here the tradeoffs of loosing state IMO is outwaited by better performance. > What about using Pulsar or Rabbit to propagate counters and use an in-memory datastructure on each node? Others are free not to use it and come up with imaginative solutions to implement this. @vttranlina that's nonetheless interesting remarks, we could have an `alternative` section explaining that 1. we do not use Cassandra and its counters for performance reasons nor a Cassandra time serie (because it seems complex) and want to avoid the hammer-nail syndrom. We can then explain that streaming based systems could be used - but might have implications in term of scalability and implementation complexity. Of course our choice should not be exclusive of alternative solutions. We can show that by splitting the rate limiting maven plugin in two: one for the RateLimiter API and the mailet tooling, one for the Redis implementation.... Would this sound fair to you @mbaechler ? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
