[Rspamd-Users] rate limit: match multiple domains in one bucket
Yvan Masson
yvan.masson at algoo.fr
Wed Jul 5 06:49:13 UTC 2023
Le 04/07/2023 à 22:47, Yvan Masson via Users a écrit :
>
>
> Le 04/07/2023 à 17:46, Steve Witten a écrit :
>> On Tue, Jul 4, 2023 at 7:59 AM Yvan Masson via Users
>> <users at lists.rspamd.com>
>> wrote:
>>
>>> Hi list,
>>>
>>> In the rate limit module, I am trying to match multiple domains in one
>>> limit.
>>>
>>> I first tried with a selector and a regexp but can not find the proper
>>> syntax of the "or" part (probably because it is a Lua regexp which can
>>> not "or" but I am not sure):
>>>
>>> selector = from('smtp'):domain.regexp("^(domain1.com|domain2.com)$")
>>>
>>
>> The regexp should probably be '^(domain1\.com <http://domain1.com>|
>> domain2\.com <http://domain2.com>)$'. The '.' character
>> means 'any character' so names like *domain1acom, domain2Xcom,* etc.
>> would
>> match. I've
>> used this site:
>>
>> https://regex101.com >
>> for testing regexps against anticipated input.
>
> You are right, thanks! I suppose I was a bit tired when doing my
> tests... As there is an URL in the regex above, I clarify what worked
> for me:
>
> selector = from('smtp'):domain.regexp("^(domain1\.com|domain2\.com)$")
>
> But it is still not working as I expect: rspamd creates one bucket (ie
> one Redis entry) for each domain, whereas I wanted to have one bucket
> for both. Any suggestion about how I could modify my selector?
An idea came to my mind. I am still discovering Rspamd, but maybe I can:
- define a custom symbol for each domain group (ie one symbol for
domain1.com and domain2.com, another symbol for domain3.com and domain4.com)
- use a regexp module that sets the symbol if email comes from matching
domain
- use the ratelimit module with a selector matching the symbol
Any comment or suggestion is very welcome.
>>
>> I would make this part of the mail server configuration. For *postfix*:
>>
>> # The maximal number of message delivery requests that any
>> client
>>> # is allowed to make to this service per time unit, regardless
>>> of
>>> # whether or not Postfix actually accepts those messages.
>>> #
>>> smtpd_client_message_rate_limit = 35
>>
>>
>>
>> # The maximal number of recipient addresses that any
>> client is
>>> # allowed to send to this service per time unit, regardless
>>> of
>>> # whether or not Postfix actually accepts those recipients.
>>> #
>>> smtpd_client_recipient_rate_limit = 10
>>
>>
>>> # Clients that are excluded from connection count,
>>> connection
>>> # rate, or SMTP request rate restrictions.
>>> #
>>> smtpd_client_event_limit_exceptions =
>>> /srv/mail/var/db/sender-rate-limit-xcptns
>>
>>
>> You can look up the directives here:
>> http://www.postfix.org/postconf.5.html
>>
>> Note that these limits apply to *all* smtpd clients (senders)...with the
>> exception of those
>> listed in the file specified by *smtpd_client_event_limit_exceptions.
>> *By
>> default,
>> clients in trusted networks are excluded. That file can contain a list of
>> network blocks,
>> hostnames or .domain names (the initial dot causes the domain to match
>> any
>> name below it).
>>
>> This way, a rate-limit violation will be spotted and dealt with before
>> *rspamd* gets bothered.
>
> Tanks for the hint, configuring Postfix is indeed an interesting way of
> having a rate limit for outgoing email. Unfortunately it seems it does
> not allow to have one limit for many domains. Said in another way, if I
> set a limit of 10 sent mails per hour, domain1.com can send 7 emails and
> then domain2.com will have only 3 emails left before being hitting the
> limit.
>
> I will have a closer look to postfix configuration.
>
> Regards,
> Yvan
>>
>> Steve Witten
>> caponecicero at gmail.com
>
--
Bien « collaborativement »,
Yvan Masson
Administrateur Système et Support Technique
Le logiciel de collaboration Libre MadeinFrance conçu et édité par Algoo SAS
e-Mail : @algoo.fr <mailto:@algoo.fr>
Tel : 09 72 49 72 20
Web : www.algoo.fr <https://www.algoo.fr>
More information about the Users
mailing list