Milter-greylist

Hi,

My purpose is to limit every user except that I defined ones.

#####################################################################
ratelimit "high_limit" rcpt 9 / 1h key "%M{auth_authen}"
sm_macro "null" "{auth_authen}" unset
racl blacklist \
  not sm_macro "null" \
  ratelimit "high_limit" \
  msg "High limit exceeded."

ratelimit "standart_limit" rcpt 3 / 1h key "%M{auth_authen}"
sm_macro "user1" "{auth_authen}" "user1"
sm_macro "user2" "{auth_authen}" "user2"
racl blacklist \
  not sm_macro "null" \
  not sm_macro "user1" \
  not sm_macro "user2" \
  ratelimit "standart_limit" \
  msg "Standart limit exceeded."
#####################################################################

In this case that you can see above, these two rules is matched for  
every authenticated user's message until standart limit users exceeds  
the standart limit. But there is a problem here. For every message  
passed from ratelimit conditions, counter is increased one by one in  
every matched rule. So for example when user3 sends a message; in the  
first message, its ratelimit counter will be 2, after the rule process  
finished . In second message of it will be 4.

My aim is just to add the high limit users to exception list of  
"standart limit" rule (by adding "not sm_macro blabla").Becuase of  
every ratelimit rule has a common counter; I cannot achieve this case.

I can achive this it by taking the standart limit rule above the high  
limit rule and then add the high limit rules for every user  
seperately. You can see below.

#####################################################################
ratelimit "standart_limit" rcpt 3 / 1h key "%M{auth_authen}"
sm_macro "user1" "{auth_authen}" "user1"
sm_macro "user2" "{auth_authen}" "user2"
racl blacklist \
  not sm_macro "null" \
  not sm_macro "user1" \
  not sm_macro "user2" \
  ratelimit "standart_limit" \
  msg "Standart limit exceeded."

ratelimit "high_limit" rcpt 9 / 1h key "%M{auth_authen}"
racl blacklist \
  not sm_macro "null" \
  sm_macro "user1" \
  ratelimit "high_limit" \
  msg "High limit exceeded."

ratelimit "high_limit" rcpt 9 / 1h key "%M{auth_authen}"
racl blacklist \
  not sm_macro "null" \
  sm_macro "user2" \
  ratelimit "high_limit" \
  msg "High limit exceeded."
#####################################################################

What is the disadvantage of taking counter seperated for every ratelimit rule?

You can take this as a feedback.

On Wed, Nov 09, 2016 at 03:22:26PM +0300, Can ?irin sirincan@... [milter-greylist] wrote:
> racl blacklist \
>   not sm_macro "null" \
>   ratelimit "high_limit" \
>   msg "High limit exceeded."

Why blacklist? If I understand correctly, the message cannot ever pass
the rule.

> What is the disadvantage of taking counter seperated for every ratelimit rule?

It is more difficult to maintain for you.


-- 
Emmanuel Dreyfus
manu@...

Quoting "Emmanuel Dreyfus manu@... [milter-greylist]"
<milter-greylist@yahoogroups.com>:

> �
>
>      On Wed, Nov 09, 2016 at 03:22:26PM +0300, Can ?irin
> sirincan@... [milter-greylist] wrote:
>> racl blacklist \
>> not sm_macro "null" \
>> ratelimit "high_limit" \
>> msg "High limit exceeded."
>
> Why blacklist? If I understand correctly, the message cannot ever pass
> the rule.
>

Blacklist, because I do not want the authenticated users to send too  
many messages in a particular time. This is ratelimiting, am i wrong?
If you look at my previous message, there are two ratelimit rule in my  
conf. The message will pass if the counter is lower than the limit.  
The point is when a message pass through n amount of ratelimit rule,  
which is matched for all; its counter increases n by n in one greylist  
rule checking process. I think it is clear so far.

>> What is the disadvantage of taking counter seperated for every
>> ratelimit rule?
>
> It is more difficult to maintain for you.

In my opinion, every ratelimit rule has its own counter. That's why  
rules can be written from generic to specific.

Thanks
Can

Can ?irin sirincan@... [milter-greylist]
<milter-greylist@yahoogroups.com> wrote:

> Blacklist, because I do not want the authenticated users to send too
> many messages in a particular time. This is ratelimiting, am i wrong?

You are right, I overlooked it and answered too fast.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...