[Rspamd-Users] rate limit: match multiple domains in one bucket

Steve Witten caponecicero at gmail.com
Tue Jul 4 15:46:32 UTC 2023 

On Tue, Jul 4, 2023 at 7:59 AM Yvan Masson via Users <users at lists.rspamd.com>
wrote:

> Hi list,
>
> In the rate limit module, I am trying to match multiple domains in one
> limit.
>
> I first tried with a selector and a regexp but can not find the proper
> syntax of the "or" part (probably because it is a Lua regexp which can
> not "or" but I am not sure):
>
>    selector = from('smtp'):domain.regexp("^(domain1.com|domain2.com)$")
>

The regexp should probably be '^(domain1\.com <http://domain1.com>|
domain2\.com <http://domain2.com>)$'. The '.' character
means 'any character' so names like *domain1acom, domain2Xcom,* etc. would
match.  I've
used this site:

https://regex101.com

for testing regexps against anticipated input.

I would make this part of the mail server configuration.  For *postfix*:

#           The  maximal number of message delivery requests that any client
> #           is allowed to make to this service per time unit, regardless
>  of
> #           whether or not Postfix actually accepts those messages.
> #
> smtpd_client_message_rate_limit     = 35



#           The  maximal  number  of  recipient addresses that any client is
> #           allowed to send to this service per  time  unit,  regardless
>  of
> #           whether or not Postfix actually accepts those recipients.
> #
> smtpd_client_recipient_rate_limit   = 10


> #           Clients  that  are  excluded  from  connection count,
> connection
> #           rate, or SMTP request rate restrictions.
> #
> smtpd_client_event_limit_exceptions =
> /srv/mail/var/db/sender-rate-limit-xcptns


You can look up the directives here:  http://www.postfix.org/postconf.5.html

Note that these limits apply to *all* smtpd clients (senders)...with the
exception of those
listed in the file specified by *smtpd_client_event_limit_exceptions.  *By
default,
clients in trusted networks are excluded. That file can contain a list of
network blocks,
hostnames or .domain names (the initial dot causes the domain to match any
name below it).

This way, a rate-limit violation will be spotted and dealt with before
*rspamd* gets bothered.

Steve Witten
caponecicero at gmail.com

More information about the Users mailing list