[Rspamd-Users] rate limit: match multiple domains in one bucket

Yvan Masson yvan.masson at algoo.fr
Tue Jul 18 08:59:15 UTC 2023 

Le 05/07/2023 à 08:49, Yvan Masson via Users a écrit :
> Le 04/07/2023 à 22:47, Yvan Masson via Users a écrit :
>>
>>
>> Le 04/07/2023 à 17:46, Steve Witten a écrit :
>>> On Tue, Jul 4, 2023 at 7:59 AM Yvan Masson via Users 
>>> <users at lists.rspamd.com>
>>> wrote:
>>>
>>>> Hi list,
>>>>
>>>> In the rate limit module, I am trying to match multiple domains in one
>>>> limit.
>>>>
>>>> I first tried with a selector and a regexp but can not find the proper
>>>> syntax of the "or" part (probably because it is a Lua regexp which can
>>>> not "or" but I am not sure):
>>>>
>>>>     selector = 
>>>> from('smtp'):domain.regexp("^(domain1.com|domain2.com)$")
>>>>
>>>
>>> The regexp should probably be '^(domain1\.com <http://domain1.com>|
>>> domain2\.com <http://domain2.com>)$'. The '.' character
>>> means 'any character' so names like *domain1acom, domain2Xcom,* etc. 
>>> would
>>> match.  I've
>>> used this site:
>>>
>>> https://regex101.com >
>>> for testing regexps against anticipated input.
>>
>> You are right, thanks! I suppose I was a bit tired when doing my 
>> tests... As there is an URL in the regex above, I clarify what worked 
>> for me:
>>
>> selector = from('smtp'):domain.regexp("^(domain1\.com|domain2\.com)$")
>>
>> But it is still not working as I expect: rspamd creates one bucket (ie 
>> one Redis entry) for each domain, whereas I wanted to have one bucket 
>> for both. Any suggestion about how I could modify my selector?
> 
> An idea came to my mind. I am still discovering Rspamd, but maybe I can:
> - define a custom symbol for each domain group (ie one symbol for 
> domain1.com and domain2.com, another symbol for domain3.com and 
> domain4.com)
> - use a regexp module that sets the symbol if email comes from matching 
> domain
> - use the ratelimit module with a selector matching the symbol
> 
> Any comment or suggestion is very welcome.

I asked the same question on 
https://github.com/rspamd/rspamd/discussions/4530 and got a working answer:

selector = 
from('smtp'):domain.regexp("^(domain1\.com|domain2\.com)$").id('my_bucket')

Hope it helps.
>>>
>>> I would make this part of the mail server configuration.  For *postfix*:
>>>
>>> #           The  maximal number of message delivery requests that any 
>>> client
>>>> #           is allowed to make to this service per time unit, 
>>>> regardless
>>>>   of
>>>> #           whether or not Postfix actually accepts those messages.
>>>> #
>>>> smtpd_client_message_rate_limit     = 35
>>>
>>>
>>>
>>> #           The  maximal  number  of  recipient addresses that any 
>>> client is
>>>> #           allowed to send to this service per  time  unit,  
>>>> regardless
>>>>   of
>>>> #           whether or not Postfix actually accepts those recipients.
>>>> #
>>>> smtpd_client_recipient_rate_limit   = 10
>>>
>>>
>>>> #           Clients  that  are  excluded  from  connection count,
>>>> connection
>>>> #           rate, or SMTP request rate restrictions.
>>>> #
>>>> smtpd_client_event_limit_exceptions =
>>>> /srv/mail/var/db/sender-rate-limit-xcptns
>>>
>>>
>>> You can look up the directives here: 
>>> http://www.postfix.org/postconf.5.html
>>>
>>> Note that these limits apply to *all* smtpd clients (senders)...with the
>>> exception of those
>>> listed in the file specified by *smtpd_client_event_limit_exceptions. 
>>> *By
>>> default,
>>> clients in trusted networks are excluded. That file can contain a 
>>> list of
>>> network blocks,
>>> hostnames or .domain names (the initial dot causes the domain to 
>>> match any
>>> name below it).
>>>
>>> This way, a rate-limit violation will be spotted and dealt with before
>>> *rspamd* gets bothered.
>>
>> Tanks for the hint, configuring Postfix is indeed an interesting way 
>> of having a rate limit for outgoing email. Unfortunately it seems it 
>> does not allow to have one limit for many domains. Said in another 
>> way, if I set a limit of 10 sent mails per hour, domain1.com can send 
>> 7 emails and then domain2.com will have only 3 emails left before 
>> being hitting the limit.
>>
>> I will have a closer look to postfix configuration.
>>
>> Regards,
>> Yvan
>>>
>>> Steve Witten
>>> caponecicero at gmail.com
>>
> 

-- 
Bien « collaborativement »,

Yvan Masson
Administrateur Système et Support Technique


Le logiciel de collaboration Libre MadeinFrance conçu et édité par Algoo SAS
e-Mail : @algoo.fr <mailto:@algoo.fr>
Tel : 09 72 49 72 20
Web : www.algoo.fr <https://www.algoo.fr>

More information about the Users mailing list