[Rspamd-Users] rate limit: match multiple domains in one bucket
Yvan Masson
yvan.masson at algoo.fr
Tue Jul 18 08:59:15 UTC 2023
Le 05/07/2023 à 08:49, Yvan Masson via Users a écrit :
> Le 04/07/2023 à 22:47, Yvan Masson via Users a écrit :
>>
>>
>> Le 04/07/2023 à 17:46, Steve Witten a écrit :
>>> On Tue, Jul 4, 2023 at 7:59 AM Yvan Masson via Users
>>> <users at lists.rspamd.com>
>>> wrote:
>>>
>>>> Hi list,
>>>>
>>>> In the rate limit module, I am trying to match multiple domains in one
>>>> limit.
>>>>
>>>> I first tried with a selector and a regexp but can not find the proper
>>>> syntax of the "or" part (probably because it is a Lua regexp which can
>>>> not "or" but I am not sure):
>>>>
>>>> selector =
>>>> from('smtp'):domain.regexp("^(domain1.com|domain2.com)$")
>>>>
>>>
>>> The regexp should probably be '^(domain1\.com <http://domain1.com>|
>>> domain2\.com <http://domain2.com>)$'. The '.' character
>>> means 'any character' so names like *domain1acom, domain2Xcom,* etc.
>>> would
>>> match. I've
>>> used this site:
>>>
>>> https://regex101.com >
>>> for testing regexps against anticipated input.
>>
>> You are right, thanks! I suppose I was a bit tired when doing my
>> tests... As there is an URL in the regex above, I clarify what worked
>> for me:
>>
>> selector = from('smtp'):domain.regexp("^(domain1\.com|domain2\.com)$")
>>
>> But it is still not working as I expect: rspamd creates one bucket (ie
>> one Redis entry) for each domain, whereas I wanted to have one bucket
>> for both. Any suggestion about how I could modify my selector?
>
> An idea came to my mind. I am still discovering Rspamd, but maybe I can:
> - define a custom symbol for each domain group (ie one symbol for
> domain1.com and domain2.com, another symbol for domain3.com and
> domain4.com)
> - use a regexp module that sets the symbol if email comes from matching
> domain
> - use the ratelimit module with a selector matching the symbol
>
> Any comment or suggestion is very welcome.
I asked the same question on
https://github.com/rspamd/rspamd/discussions/4530 and got a working answer:
selector =
from('smtp'):domain.regexp("^(domain1\.com|domain2\.com)$").id('my_bucket')
Hope it helps.
>>>
>>> I would make this part of the mail server configuration. For *postfix*:
>>>
>>> # The maximal number of message delivery requests that any
>>> client
>>>> # is allowed to make to this service per time unit,
>>>> regardless
>>>> of
>>>> # whether or not Postfix actually accepts those messages.
>>>> #
>>>> smtpd_client_message_rate_limit = 35
>>>
>>>
>>>
>>> # The maximal number of recipient addresses that any
>>> client is
>>>> # allowed to send to this service per time unit,
>>>> regardless
>>>> of
>>>> # whether or not Postfix actually accepts those recipients.
>>>> #
>>>> smtpd_client_recipient_rate_limit = 10
>>>
>>>
>>>> # Clients that are excluded from connection count,
>>>> connection
>>>> # rate, or SMTP request rate restrictions.
>>>> #
>>>> smtpd_client_event_limit_exceptions =
>>>> /srv/mail/var/db/sender-rate-limit-xcptns
>>>
>>>
>>> You can look up the directives here:
>>> http://www.postfix.org/postconf.5.html
>>>
>>> Note that these limits apply to *all* smtpd clients (senders)...with the
>>> exception of those
>>> listed in the file specified by *smtpd_client_event_limit_exceptions.
>>> *By
>>> default,
>>> clients in trusted networks are excluded. That file can contain a
>>> list of
>>> network blocks,
>>> hostnames or .domain names (the initial dot causes the domain to
>>> match any
>>> name below it).
>>>
>>> This way, a rate-limit violation will be spotted and dealt with before
>>> *rspamd* gets bothered.
>>
>> Tanks for the hint, configuring Postfix is indeed an interesting way
>> of having a rate limit for outgoing email. Unfortunately it seems it
>> does not allow to have one limit for many domains. Said in another
>> way, if I set a limit of 10 sent mails per hour, domain1.com can send
>> 7 emails and then domain2.com will have only 3 emails left before
>> being hitting the limit.
>>
>> I will have a closer look to postfix configuration.
>>
>> Regards,
>> Yvan
>>>
>>> Steve Witten
>>> caponecicero at gmail.com
>>
>
--
Bien « collaborativement »,
Yvan Masson
Administrateur Système et Support Technique
Le logiciel de collaboration Libre MadeinFrance conçu et édité par Algoo SAS
e-Mail : @algoo.fr <mailto:@algoo.fr>
Tel : 09 72 49 72 20
Web : www.algoo.fr <https://www.algoo.fr>
More information about the Users
mailing list