Milter-greylist

Hello

After some clients in our internal network started using our mail relays
to send spam, I decided to create a rate limiting feature in
milter-greylist. For now it is experimental, and available from CVS.
Feedbacks are welcome

Here is an excerpt from the man page:

RATE LIMIT
       The ratelimit keyword specifies a ratelimit configuration to be
       used in access lists. It must be followed by the rate limit
       configuration name, the maximum of messages, the sampling period.
       Example:

                ratelimit "internalclients" 100 / 1m

                racl blacklist addr 192.0.2.0/24 \
          ratelimit "internalclients" \
                   msg "you speak too much"

       The  ratelimit  keyword  can  also  have an option key statement,
       which determine the set of key for message accounting. The
       default is %i  for per IP address accounting (see the FORMAT
       STRINGS sections for the pos- sible syntax of this field). Here
       is an example that configures a  rate limit of 100 messages per
       hour for each individual recipient-IP set.

              ratelimit "internalclients" 100 / 1h key "%r%i"

              racl blacklist addr 192.0.2.0/24 \
          ratelimit "internalclients" \
                   msg "you speak too much"

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

Hi Emmanuel,

> Hello
> 
> After some clients in our internal network started using our mail relays
> to send spam, I decided to create a rate limiting feature in
> milter-greylist. For now it is experimental, and available from CVS.
> Feedbacks are welcome
> 
> Here is an excerpt from the man page:
> 
> RATE LIMIT
>        The ratelimit keyword specifies a ratelimit configuration to 
> be       used in access lists. It must be followed by the rate limit 
>       configuration name, the maximum of messages, the sampling period.
>        Example:
> 
>                 ratelimit "internalclients" 100 / 1m
> 
>                 racl blacklist addr 192.0.2.0/24 \
>           ratelimit "internalclients" \
>                    msg "you speak too much"
> 
>        The  ratelimit  keyword  can  also  have an option key 
> statement,       which determine the set of key for message 
> accounting. The       default is %i  for per IP address accounting 
> (see the FORMAT       STRINGS sections for the pos- sible syntax of 
> this field). Here       is an example that configures a  rate limit 
> of 100 messages per       hour for each individual recipient-IP set.
> 
>               ratelimit "internalclients" 100 / 1h key "%r%i"
> 
>               racl blacklist addr 192.0.2.0/24 \
>           ratelimit "internalclients" \
>                    msg "you speak too much"

I think this is a top feature, I normally use another milter to do this but if
milter-greylist supports it I'll give the other milter the flick.

One feature which would really be useful though, is in addition to controlling
the "number" of messages handled outbound, can you add a feature which can
control the "bandwidth" used by the MTA outbound?

For example, only allow the MTA to consume 100kbps outbound of the link?

I have some clients which would really make use of this, since they share a
broadband connection and when a large emails are sent, the MTA consumes the
outbound bandwidth so much so that other functions (like viewing streams or
videos or youtube etc) die and drop out until the emails are completely sent.

Would this be a function/facility that could be added?

Michael.

Michael Mansour <mic@...> wrote:

> One feature which would really be useful though, is in addition to controlling
> the "number" of messages handled outbound, can you add a feature which can
> control the "bandwidth" used by the MTA outbound?

That could easily be done, as we already track the message size at DATA
stage. The ratelimit statement already has a "key" option to specify on
what you will agregate statistics (IP, recipient, whetever...), we can
add a "value" to select between SMTP sessions, recipients, or message
size (anything else?).

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

Michael Mansour <mic@...> wrote:

> One feature which would really be useful though, is in addition to controlling
> the "number" of messages handled outbound, can you add a feature which can
> control the "bandwidth" used by the MTA outbound?
> 
> For example, only allow the MTA to consume 100kbps outbound of the link?

In added in latest CVS a data ratelimit (and SMTP session as well, it
might be useful some day). But this is probably not what you want: it
rejects messages that overflow the limit. You would like to throttle
them, right? 

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...