Chris Edwards wrote: > Andrew Hearn wrote:
> > We're an ISP and use exim as a smarthost/relay for our customers. > > is there a way to ratelimit or deny hosts based on how many messages > > they've sent that have been rejected/deferred by the recipients MX? Deferred can be normal (non-selective greylisting - I don't recommend it, but some recipients' MX do use it). So, I'd count rejections only. > > Eg, if we've tried to relay messages for a host, and 100 in the past > > hour have been denied or deferred by the recipients MX, then we can > > block the sender from sending more. (as well as log it and contact the > > customer) I assume that all your customers have static IP-addresses listed in +relay_from_hosts (in case of dynamic IP-addresses you need to map $sender_host_address to a customer ID in the first "warn" line; if the mapping operation is expensive then you can move that line to acl_check_connect). > We do this. Local senders who trip a limit are added to a list such that > everything they send is frozen, until a human can investigate. > > I'm not aware this can be achieved purely inside Exim. Not tested: LIM = 100 PERIOD = 1h WARNTO = [email protected] DIR = /var/spool/exim EXIMBINARY = /usr/local/sbin/exim SHELL = /bin/sh ... acl_check_rcpt: ... warn set acl_c_customer = $sender_host_address warn set acl_c_msg = The customer $acl_c_customer is blocked because \ has sent mail to more than LIM invalid recipients during PERIOD. deny hosts = +relay_from_hosts condition = ${if exists{DIR/blocked_customers}} condition = ${if eq{${lookup{$acl_c_customer}lsearch\ {DIR/blocked_customers}{1}{0}}}{1}} message = $acl_c_msg warn set acl_m_invrec = hosts = +relay_from_hosts !verify = recipient/defer_ok/callout=10s,defer_ok,use_sender set acl_m_invrec = recipient verification: $recipient_verify_failure \ failed: $acl_verify_message drop condition = $acl_m_invrec ratelimit = LIM / PERIOD / per_rcpt / strict / customer-$acl_c_customer continue = ${run{SHELL -c "echo $acl_c_customer \ >>DIR/blocked_customers; \N{\N echo Subject: customer \ $acl_c_customer blocked; echo; echo automatic message:; \ echo $acl_c_msg; \N}\N | EXIMBINARY WARNTO"}} message = $acl_c_msg deny condition = $acl_m_invrec message = $acl_m_invrec accept hosts = +relay_from_hosts control = submission/domain= ... After the customer is fined (according to contract), the abuse staff can manually delete the line with the customer ID from the blocked_customers file. You can change the two "message = $acl_c_msg" lines to two lines: control = freeze add_header = X-Customer: $acl_c_customer and "deny" and "drop" to "accept" in those paragraphs. Then after deleting the line the abuse staff can either unfreeze or delete accumulated messages using exipick. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
