Re: [exim] Ratelimiting recipients per sender_address
On 3/9/23 21:08, Jeremy Harris via Exim-users wrote: On 09/03/2023 19:30, Slavko via Exim-users wrote: Dňa 9. marca 2023 16:08:08 UTC používateľ Jeremy Harris via Exim-users napísal: On 09/03/2023 15:47, Olaf Hopp (SCC) via Exim-users wrote: "x recipients per distinct sender per time period y > z" ? If yoe used $sender_address@$recipient as the key, would it do what you want? Are not per_rcpt/per_addr option for that? Probably; it depends on exactly what's being asked for. Yes, indeed the option "per_rcpt" is what I was looking for ratelimit = 100 / 60s / per_rcpt / strict / $sender_address does exactly what I want. Thanks to you all, Olaf -- Karlsruher Institut für Technologie (KIT) Steinbuch Centre for Computing (SCC) Dipl.-Geophys. Olaf Hopp Zirkel 2 Gebäude 20.21, Raum 316 76131 Karlsruhe Telefon: +49 721 608-48009 E-Mail: olaf.h...@kit.edu Web: www.scc.kit.edu Sitz der Körperschaft: Kaiserstraße 12, 76131 Karlsruhe KIT - Die Forschungsuniversität in der Helmholtz-Gemeinschaft smime.p7s Description: S/MIME Cryptographic Signature -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Ratelimiting recipients per sender_address
On 09/03/2023 19:30, Slavko via Exim-users wrote: Dňa 9. marca 2023 16:08:08 UTC používateľ Jeremy Harris via Exim-users napísal: On 09/03/2023 15:47, Olaf Hopp (SCC) via Exim-users wrote: "x recipients per distinct sender per time period y > z" ? If yoe used $sender_address@$recipient as the key, would it do what you want? Are not per_rcpt/per_addr option for that? Probably; it depends on exactly what's being asked for. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Ratelimiting recipients per sender_address
Dňa 9. marca 2023 16:08:08 UTC používateľ Jeremy Harris via Exim-users napísal: >On 09/03/2023 15:47, Olaf Hopp (SCC) via Exim-users wrote: >> "x recipients per distinct sender per time period y > z" ? > >If yoe used $sender_address@$recipient as the key, would >it do what you want? Are not per_rcpt/per_addr option for that? regards -- Slavko https://www.slavino.sk/ -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Ratelimiting recipients per sender_address
On Thu, Mar 09, 2023 at 04:47:32PM +0100, Olaf Hopp (SCC) via Exim-users wrote:
> Dear list,
> we want to ratelimit incomming mail bursts (e.g. due
> to phishing attacks).
> To get an idea of reasonable values I have
>
> warn
> ratelimit = 100 / 60s / strict / $sender_address
> log_message = RATELIMIT EXCEEDED for $sender_address $sender_rate
> messages / $sender_rate_period
>
> But when the mail has two or more recipients this is also just counted as one
> mail
Probably something like that would work:
defer
condition = ${if !eq{$sender_address}{$acl_c_sender_seen}}
ratelimit = 100 / 60s / strict / $sender_address
log_message = RATELIMIT EXCEEDED for $sender_address ...
warn
set acl_c_sender_seen = $sender_address
Not tested.
--
Eugene Berdnikov
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Ratelimiting recipients per sender_address
On 09/03/2023 15:47, Olaf Hopp (SCC) via Exim-users wrote: "x recipients per distinct sender per time period y > z" ? If yoe used $sender_address@$recipient as the key, would it do what you want? -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Ratelimiting recipients per sender_address
Dear list, we want to ratelimit incomming mail bursts (e.g. due to phishing attacks). To get an idea of reasonable values I have warn ratelimit = 100 / 60s / strict / $sender_address log_message = RATELIMIT EXCEEDED for $sender_address $sender_rate messages / $sender_rate_period But when the mail has two or more recipients this is also just counted as one mail Is it somehow possible to configure a rate limit like "x recipients per distinct sender per time period y > z" ? Greetings, Olaf -- Karlsruher Institut für Technologie (KIT) Steinbuch Centre for Computing (SCC) Dipl.-Geophys. Olaf Hopp Zirkel 2 Gebäude 20.21, Raum 316 76131 Karlsruhe Telefon: +49 721 608-48009 E-Mail: olaf.h...@kit.edu Web: www.scc.kit.edu Sitz der Körperschaft: Kaiserstraße 12, 76131 Karlsruhe KIT - Die Forschungsuniversität in der Helmholtz-Gemeinschaft smime.p7s Description: S/MIME Cryptographic Signature -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
