Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: exim: users

Using ratelimit to count the number of rejected delivery attempts

 

 

exim users RSS feed   Index | Next | Previous | View Threaded


daniel at pocos

Dec 30, 2011, 10:49 AM

Post #1 of 3 (492 views)
Permalink
Using ratelimit to count the number of rejected delivery attempts

In order to throttle bad senders I was thinking about using ratelimit to count
the number of bad attempts per period.

in acl_smtp_rcpt and acl_smtp_data I try to establish the rates:

acl_smtp_rcpt:

warn ratelimit = 0 / 1h / strict / $sender_host_address
set acl_c10 = $sender_rate

warn ratelimit = 0 / 1h / readonly / rejected:$sender_host_address
set acl_c11 = $sender_rate

So here acl_c10 contains the total rate for a sender. acl_c11 should contain
the rejected rate, but this is always 0 at this point in the ACL.

Logging these with
warn log_message = Sender Rate: junk:$acl_c11 / total:$acl_c10 per
$sender_rate_period

To increase the rate for key rejected:$sender_host_address. I generate some
mails that will fail on recipient check:

deny message = Recipient verification failed
ratelimit = 0 / 1h / strict / rejected:$sender_host_address
log_message = DENY - Recipient verification failed for $local_part@$domain
with $acl_verify_message rate: $sender_rate
!verify = recipient

Log shows that $sender_rate is greater than 0 and increases on each try:

2011-12-30 19:31:31 H=mail.office.pocos.nl [109.235.34.226] Warning: Sender
Rate: junk:0.0 / total:1.3 per 1h
2011-12-30 19:31:31 H=mail.office.pocos.nl [109.235.34.226]
F=<daniel [at] pocos> rejected RCPT <asdfsadfsdfa [at] example>: DENY - Recipient
verification failed for asdfsadfsdfa [at] example with response to "RCPT
TO:<asdfsadfsdfa [at] example>" from example.org [1.2.3.4] was: 550 unknown
user rate: 1.3

Next try:
2011-12-30 19:32:18 H=mail.office.pocos.nl [109.235.34.226] Warning: Sender
Rate: junk:0.0 / total:2.3 per 1h
2011-12-30 19:32:18 H=mail.office.pocos.nl [109.235.34.226]
F=<daniel [at] pocos> ejected RCPT <asdfsadfsdfa [at] example>: DENY - Recipient
verification failed for asdfsadfsdfa [at] example with response to "RCPT
TO:<asdfsadfsdfa [at] example>" from example.org [1.2.3.4] was: 550 unknown
user rate: 2.3

So the readonly ratelimit always returns 0 initially and on updates it is
suddenly the same as the default key ratelimit. But the default key isn't
incrementing at twice the rate so something else is being updated.

http://www.exim.org/exim-html-
current/doc/html/spec_html/ch40.html#SECTratelimiting
isn't particulary helpful to find what is going wrong in either my logic or
exims counting. I guess I'm missing something, could someone point out to me
how and if I can accomplish this?

BTW Exim version 4.72

--

POCOS B.V. - Croy 9c - 5653 LC Eindhoven
Telefoon: 040 293 8661 - Fax: 040 293 8658
http://www.pocos.nl/ - http://www.sipo.nl/
K.v.K. Eindhoven 17097024

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


Ruairi.Hickey at collon

Dec 30, 2011, 2:09 PM

Post #2 of 3 (473 views)
Permalink
Re: Using ratelimit to count the number of rejected delivery attempts [In reply to]

I've been doing this for a while ...

acl_check_rcpt:

warn
!hosts = : +relay_from_hosts
condition = ${lookup{$local_part@$domain}dbm{CONFDIR/validEmailAddresses.dbm} {no} {yes}
}
ratelimit = 4 / 1h / strict / per_cmd
logwrite = RATE UPDATE: $sender_rate/$sender_rate_period (max $sender_rate_limit)



deny
ratelimit = 4 / 1h / strict / per_cmd / noupdate
!hosts = : +relay_from_hosts
message = local error
log_message = X-Host-Recipient-Verification-Count-Failed: Message Denied due to exceessive failures: $sender_rate/$sender_rate_period (max $sender_rate_limit)
condition = ${if le{$sender_rate}{$sender_rate_limit} {no} {yes} }


Ruairi



On Friday 30 December 2011 19:49:19 Daniel Tryba wrote:
> In order to throttle bad senders I was thinking about using ratelimit to
> count the number of bad attempts per period.
>
> in acl_smtp_rcpt and acl_smtp_data I try to establish the rates:
>
> acl_smtp_rcpt:
>
> warn ratelimit = 0 / 1h / strict / $sender_host_address
> set acl_c10 = $sender_rate
>
> warn ratelimit = 0 / 1h / readonly / rejected:$sender_host_address
> set acl_c11 = $sender_rate
>
> So here acl_c10 contains the total rate for a sender. acl_c11 should contain
> the rejected rate, but this is always 0 at this point in the ACL.
>
> Logging these with
> warn log_message = Sender Rate: junk:$acl_c11 / total:$acl_c10 per
> $sender_rate_period
>
> To increase the rate for key rejected:$sender_host_address. I generate some
> mails that will fail on recipient check:
>
> deny message = Recipient verification failed
> ratelimit = 0 / 1h / strict / rejected:$sender_host_address
> log_message = DENY - Recipient verification failed for $local_part@$domain
> with $acl_verify_message rate: $sender_rate
> !verify = recipient
>
> Log shows that $sender_rate is greater than 0 and increases on each try:
>
> 2011-12-30 19:31:31 H=mail.office.pocos.nl [109.235.34.226] Warning: Sender
> Rate: junk:0.0 / total:1.3 per 1h
> 2011-12-30 19:31:31 H=mail.office.pocos.nl [109.235.34.226]
> F=<daniel [at] pocos> rejected RCPT <asdfsadfsdfa [at] example>: DENY -
> Recipient verification failed for asdfsadfsdfa [at] example with response to
> "RCPT TO:<asdfsadfsdfa [at] example>" from example.org [1.2.3.4] was: 550
> unknown user rate: 1.3
>
> Next try:
> 2011-12-30 19:32:18 H=mail.office.pocos.nl [109.235.34.226] Warning: Sender
> Rate: junk:0.0 / total:2.3 per 1h
> 2011-12-30 19:32:18 H=mail.office.pocos.nl [109.235.34.226]
> F=<daniel [at] pocos> ejected RCPT <asdfsadfsdfa [at] example>: DENY -
> Recipient verification failed for asdfsadfsdfa [at] example with response to
> "RCPT TO:<asdfsadfsdfa [at] example>" from example.org [1.2.3.4] was: 550
> unknown user rate: 2.3
>
> So the readonly ratelimit always returns 0 initially and on updates it is
> suddenly the same as the default key ratelimit. But the default key isn't
> incrementing at twice the rate so something else is being updated.
>
> http://www.exim.org/exim-html-
> current/doc/html/spec_html/ch40.html#SECTratelimiting
> isn't particulary helpful to find what is going wrong in either my logic or
> exims counting. I guess I'm missing something, could someone point out to me
> how and if I can accomplish this?
>
> BTW Exim version 4.72

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


daniel at pocos

Dec 31, 2011, 2:02 PM

Post #3 of 3 (470 views)
Permalink
Re: Using ratelimit to count the number of rejected delivery attempts [In reply to]

On Fri, Dec 30, 2011 at 10:09:04PM +0000, Ruairi Hickey wrote:
> I've been doing this for a while ...
>
> acl_check_rcpt:
>
> warn
> ratelimit = 4 / 1h / strict / per_cmd
>
> deny
> ratelimit = 4 / 1h / strict / per_cmd / noupdate

Actually this isn't the same. Your implementation has hardcoded bad
rates. It doesn't take into account that a good sender (tens/hundreths
mails/hour) can send a few (like about 5 mails per hour) to non existing
adresses.

I was thinking about using different keys ($sender_address for total
mail and rejected:$sender_address for bad mail) and to compute a bad
ratelimit from both.

But the keys don't appear to work like I read them in manual. Your deny
rate doesn't even comply with the documentation:
"Each ratelimit condition can have up to four options."
and noupdate isn't in the manual anymore (it was in older docs).


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

exim users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.