[Rspamd-Users] rate limit: match multiple domains in one bucket

Tue Jul 4 20:47:48 UTC 2023

Le 04/07/2023 à 17:46, Steve Witten a écrit :
> On Tue, Jul 4, 2023 at 7:59 AM Yvan Masson via Users <users at lists.rspamd.com>
> wrote:
> 
>> Hi list,
>>
>> In the rate limit module, I am trying to match multiple domains in one
>> limit.
>>
>> I first tried with a selector and a regexp but can not find the proper
>> syntax of the "or" part (probably because it is a Lua regexp which can
>> not "or" but I am not sure):
>>
>>     selector = from('smtp'):domain.regexp("^(domain1.com|domain2.com)$")
>>
> 
> The regexp should probably be '^(domain1\.com <http://domain1.com>|
> domain2\.com <http://domain2.com>)$'. The '.' character
> means 'any character' so names like *domain1acom, domain2Xcom,* etc. would
> match.  I've
> used this site:
> 
> https://regex101.com >
> for testing regexps against anticipated input.

You are right, thanks! I suppose I was a bit tired when doing my 
tests... As there is an URL in the regex above, I clarify what worked 
for me:

selector = from('smtp'):domain.regexp("^(domain1\.com|domain2\.com)$")

But it is still not working as I expect: rspamd creates one bucket (ie 
one Redis entry) for each domain, whereas I wanted to have one bucket 
for both. Any suggestion about how I could modify my selector?
> 
> I would make this part of the mail server configuration.  For *postfix*:
> 
> #           The  maximal number of message delivery requests that any client
>> #           is allowed to make to this service per time unit, regardless
>>   of
>> #           whether or not Postfix actually accepts those messages.
>> #
>> smtpd_client_message_rate_limit     = 35
> 
> 
> 
> #           The  maximal  number  of  recipient addresses that any client is
>> #           allowed to send to this service per  time  unit,  regardless
>>   of
>> #           whether or not Postfix actually accepts those recipients.
>> #
>> smtpd_client_recipient_rate_limit   = 10
> 
> 
>> #           Clients  that  are  excluded  from  connection count,
>> connection
>> #           rate, or SMTP request rate restrictions.
>> #
>> smtpd_client_event_limit_exceptions =
>> /srv/mail/var/db/sender-rate-limit-xcptns
> 
> 
> You can look up the directives here:  http://www.postfix.org/postconf.5.html
> 
> Note that these limits apply to *all* smtpd clients (senders)...with the
> exception of those
> listed in the file specified by *smtpd_client_event_limit_exceptions.  *By
> default,
> clients in trusted networks are excluded. That file can contain a list of
> network blocks,
> hostnames or .domain names (the initial dot causes the domain to match any
> name below it).
> 
> This way, a rate-limit violation will be spotted and dealt with before
> *rspamd* gets bothered.

Tanks for the hint, configuring Postfix is indeed an interesting way of 
having a rate limit for outgoing email. Unfortunately it seems it does 
not allow to have one limit for many domains. Said in another way, if I 
set a limit of 10 sent mails per hour, domain1.com can send 7 emails and 
then domain2.com will have only 3 emails left before being hitting the 
limit.

I will have a closer look to postfix configuration.

Regards,
Yvan
> 
> Steve Witten
> caponecicero at gmail.com