[Rspamd-Users] ratelimit-module behaves differently in rspamd 3.5

Simbürger, Andreas Andreas.Simbuerger at Uni-Passau.De
Fri Mar 31 10:17:01 UTC 2023


Hi,

rspamd 3.5 introduced a new behavior when checking ratelimit prefixes.
Since 3.5 it will consider the messages that will be sent out in the current
task as 'pending' messages. This will trigger the ratelimit earlier.

In the released 3.5 version exists a small bug in the check lua code that is
fixed in master: https://github.com/rspamd/rspamd/pull/4448
Here rspamd will factor in the number of recipients of the current task twice,
resulting in an even higher burst value for incoming messages.

As the leak rate has a lower bound between tries (the burst value is always clamped
to 0, if it becomes negative between tasks), you can end up in a situation where
you cannot send any new messages, no matter what rate you specified.

The fix is pretty easy, if you want to repair it in your deployed installation.

Cheers,
Andreas

Am Friday, dem 24.03.2023 um 14:44 +0000 schrieb Daniel, Sebastian:
> I can observe the same thing.
> 
> A little strange, but the configured values do not seem to be interpreted correctly. It makes the impression that it
> ignores the burst value....
> 
> > -----Ursprüngliche Nachricht-----
> > Von: Users <users-bounces at lists.rspamd.com> Im Auftrag von Andreas
> > Piper via Users
> > Gesendet: Dienstag, 21. März 2023 09:13
> > An: users at lists.rspamd.com
> > Cc: Andreas Piper <piper at hrz.uni-marburg.de>
> > Betreff: [Rspamd-Users] ratelimit-module behaves differently in rspamd 3.5
> > 
> > Hello,
> > 
> > after upgrading to rspamd-3.5 lots of 'Ratelimit exceeded'-events started to
> > appear and blocked a lot of legitimate sending-attempts.
> > Downgrading to rspamd-3.4 solved this immediately. The log-entries do not
> > show any differing reasons, but ratelimiting in 3.5 appears to be triggered
> > much more often than in 3.4 with identical configuration.
> > 
> > Is there any hint to what may be changed in the configuration to get
> > ratelimiting working again correctly?
> > 
> > I use rspamd on Debian 11 (bullseye), here is my local.d/ratelimit.conf, which
> > is derived directly from the rspamd-documentation
> > (https://rspamd.com/doc/modules/ratelimit.html).
> > 
> > Thanks for any help,
> > Andreas
> > 

-- 
Andreas Simbürger
IT-Sicherheitsberater
Zentrum für Informationstechnologie und Medienmanagement

Universität Passau
Innstr. 33, 94032 Passau
Telefon: +49 (0)851/509-1851
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6387 bytes
Desc: not available
URL: <https://lists.rspamd.com/pipermail/users/attachments/20230331/fab3af62/attachment.bin>


More information about the Users mailing list