[Rspamd-Users] Custom ratelimit: leaking too fast

Thomas Klaube thomas at klaube.net
Wed Jul 3 15:56:39 UTC 2024 

----- Ursprüngliche Mail -----
> Von: "Vsevolod Stakhov" <vsevolod at rspamd.com>
> An: "User questions" <users at lists.rspamd.com>
> Gesendet: Mittwoch, 3. Juli 2024 15:52:21
> Betreff: Re: [Rspamd-Users] Custom ratelimit: leaking too fast
>
> On 03/07/2024 14:43, Thomas Klaube via Users wrote:
>> Hi there,
>> 
>> I have a custom ratelimit with a burst of 1000 and a leak of 0.035 (~2 per
>> Minute
>> or ~3000 per day) which is returning the correct ratelimit string.
>> However, the bucket seemed to be leaking too fast, so I enabled debug logging
>> for ratelimits (sorry for the long lines):
>> 
>> 2024-07-03 15:11:30 #134152(normal) <a16798>; ratelimit; ratelimit.lua:489: got
>> reply for limit rs_customrl_user at example.org (1000 / 0.035); 13.693034775
>> burst, 3.3898:10.1221 dyn, 0.022779456 leaked
>> 2024-07-03 15:11:30 #134152(normal) <d2b9c0>; ratelimit; ratelimit.lua:489: got
>> reply for limit rs_customrl_user at example.org (1000 / 0.035); 14.670627313
>> burst, 3.4236:10.1221 dyn, 0.022407462 leaked
>> 2024-07-03 15:11:30 #134152(normal) <cf8555>; ratelimit; ratelimit.lua:489: got
>> reply for limit rs_customrl_user at example.org (1000 / 0.035); 15.647632943
>> burst, 3.4578:10.1221 dyn, 0.02299437 leaked
>> 2024-07-03 15:12:27 #134152(normal) <ad7629>; ratelimit; ratelimit.lua:489: got
>> reply for limit rs_customrl_user at example.org (1000 / 0.035); 9.70665177 burst,
>> 3.4923:10.1221 dyn, 6.940981173 leaked
>> 
>> In the last line it is stated, that 6.94 items were leaked in 57 seconds
>> (calculated
>> from the timestamp of the last 2 lines). But my calculation says:
>> 
>> 57 * 0.035 = 1.995
>> 
>> I can't find a good explanation for this behavior and I have the feeling, that
>> I am missing something...
> 
> Yes, dyn.

Thanx for the subtle hint. I never really understood what the 2 numbers in "dyn" stand
for. After some juggling around with numbers it seems to me that the first "dyn" number is 
simply a multiplier for the leak. Im my scenario:

57 * 0.035 * 3.4923 = 6.9671385 which is very close to the reported leak of 6.94. But
what does 10.1221 stand for? 

What is the best way to disable these dynamic multipliers? Just by setting 
ham_factor_rate, spam_factor_rate, ham_factor_burst and spam_factor_burst to 1.00?

Thanx and regards
Thomas

> 
> --
> Users mailing list
> Users at lists.rspamd.com
> https://lists.rspamd.com/mailman/listinfo/users

More information about the Users mailing list