Mailing List Archive

Ratelimiting recipients per sender_address
Dear list,
we want to ratelimit incomming mail bursts (e.g. due
to phishing attacks).
To get an idea of reasonable values I have

warn
ratelimit = 100 / 60s / strict / $sender_address
log_message = RATELIMIT EXCEEDED for $sender_address $sender_rate messages / $sender_rate_period

But when the mail has two or more recipients this is also just counted as one mail

Is it somehow possible to configure a rate limit like

"x recipients per distinct sender per time period y > z" ?

Greetings, Olaf

--
Karlsruher Institut für Technologie (KIT)
Steinbuch Centre for Computing (SCC)

Dipl.-Geophys. Olaf Hopp

Zirkel 2
Gebäude 20.21, Raum 316
76131 Karlsruhe

Telefon: +49 721 608-48009
E-Mail: Olaf.Hopp@kit.edu
Web: www.scc.kit.edu

Sitz der Körperschaft:
Kaiserstraße 12, 76131 Karlsruhe

KIT - Die Forschungsuniversität in der Helmholtz-Gemeinschaft
Re: Ratelimiting recipients per sender_address [ In reply to ]
On 09/03/2023 15:47, Olaf Hopp (SCC) via Exim-users wrote:
>      "x recipients per distinct sender per time period y  > z" ?

If yoe used $sender_address@$recipient as the key, would
it do what you want?
--
Cheers,
Jeremy


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Ratelimiting recipients per sender_address [ In reply to ]
On Thu, Mar 09, 2023 at 04:47:32PM +0100, Olaf Hopp (SCC) via Exim-users wrote:
> Dear list,
> we want to ratelimit incomming mail bursts (e.g. due
> to phishing attacks).
> To get an idea of reasonable values I have
>
> warn
> ratelimit = 100 / 60s / strict / $sender_address
> log_message = RATELIMIT EXCEEDED for $sender_address $sender_rate messages / $sender_rate_period
>
> But when the mail has two or more recipients this is also just counted as one mail

Probably something like that would work:

defer
condition = ${if !eq{$sender_address}{$acl_c_sender_seen}}
ratelimit = 100 / 60s / strict / $sender_address
log_message = RATELIMIT EXCEEDED for $sender_address ...

warn
set acl_c_sender_seen = $sender_address

Not tested.
--
Eugene Berdnikov

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Ratelimiting recipients per sender_address [ In reply to ]
D?a 9. marca 2023 16:08:08 UTC používate? Jeremy Harris via Exim-users <exim-users@exim.org> napísal:
>On 09/03/2023 15:47, Olaf Hopp (SCC) via Exim-users wrote:
>>      "x recipients per distinct sender per time period y  > z" ?
>
>If yoe used $sender_address@$recipient as the key, would
>it do what you want?

Are not per_rcpt/per_addr option for that?

regards


--
Slavko
https://www.slavino.sk/

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Ratelimiting recipients per sender_address [ In reply to ]
On 09/03/2023 19:30, Slavko via Exim-users wrote:
> D?a 9. marca 2023 16:08:08 UTC používate? Jeremy Harris via Exim-users <exim-users@exim.org> napísal:
>> On 09/03/2023 15:47, Olaf Hopp (SCC) via Exim-users wrote:
>>>      "x recipients per distinct sender per time period y  > z" ?
>>
>> If yoe used $sender_address@$recipient as the key, would
>> it do what you want?
>
> Are not per_rcpt/per_addr option for that?

Probably; it depends on exactly what's being asked for.
--
Cheers,
Jeremy


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Ratelimiting recipients per sender_address [ In reply to ]
On 3/9/23 21:08, Jeremy Harris via Exim-users wrote:
> On 09/03/2023 19:30, Slavko via Exim-users wrote:
>> D?a 9. marca 2023 16:08:08 UTC používate? Jeremy Harris via Exim-users <exim-users@exim.org> napísal:
>>> On 09/03/2023 15:47, Olaf Hopp (SCC) via Exim-users wrote:
>>>>        "x recipients per distinct sender per time period y  > z" ?
>>>
>>> If yoe used $sender_address@$recipient as the key, would
>>> it do what you want?
>>
>> Are not per_rcpt/per_addr option for that?
>
> Probably; it depends on exactly what's being asked for.

Yes, indeed the option "per_rcpt" is what I was looking for
ratelimit = 100 / 60s / per_rcpt / strict / $sender_address
does exactly what I want.

Thanks to you all,
Olaf
--
Karlsruher Institut für Technologie (KIT)
Steinbuch Centre for Computing (SCC)

Dipl.-Geophys. Olaf Hopp

Zirkel 2
Gebäude 20.21, Raum 316
76131 Karlsruhe

Telefon: +49 721 608-48009
E-Mail: Olaf.Hopp@kit.edu
Web: www.scc.kit.edu

Sitz der Körperschaft:
Kaiserstraße 12, 76131 Karlsruhe

KIT - Die Forschungsuniversität in der Helmholtz-Gemeinschaft