Re: [Mimedefang] rate-limiting for outbound mails per sender

2014-02-10 Thread David F. Skoll 
On Mon, 10 Feb 2014 07:08:38 +0100 (CET)
Steffen Kaiser skmimedef...@smail.inf.fh-bonn-rhein-sieg.de wrote:

  what would be a good way to implement rate-limiting for outbound
  mails per sender e.g. 50 recipients per smtp_auth sender per hour?

 I do this in filter_begin. There I detect the sender, assign a
 SenderID based on different rules and query a SQL database about
 the sum of recipients of this SenderID in the last hour  day. If the
 SMTP quota is not exceeded, the tuple (scalar(@Recipients), SenderID,
 NOW()) as added to the database.

Our CanIt product also implements rate-limiting, but we do it slightly
differently.  We keep a table like this (PostgreSQLisms, sorry...)

CREATE TABLE sender_rate_limit (
   sender TEXT PRIMARY KEY,
   first_seen TIMESTAMP WITH TIME ZONE,
   count  INTEGER
);

Then when we see a RCPT from a sender (which can actually be an
envelope sender, the SMTP AUTH user, or the sending relay IP address)
we do the equivalent of:

BEGIN;
# Update existing bucket
UPDATE sender_rate_limit SET count = count + 1 WHERE sender = '$sender' AND 
first_seen = now() - '1 hour'::interval;
# If the previous update did not update any rows, then:
   # The next delete deletes a potential row where first_seen is
   # more than one hour old
   DELETE FROM sender_rate_limit WHERE sender = '$sender';

   # And start a new bucket.
   INSERT INTO sender_rate_limit(sender, first_seen, count) VALUES('$sender', 
now(), 1);
COMMIT;

When it comes time to impose a rate limit, we can just do a:

SELECT count FROM sender_rate_limit WHERE sender = '$sender';

The lookups are very fast and don't require a SUM operation.  The
downside is that it doesn't keep a running hourly sum, but resets
(more-or-less) once an hour so a sender can actually exceed the rate
limit for a while if the timing window is just right.  In practice,
this has not been a problem.

Regards,

David.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] rate-limiting for outbound mails per sender

2014-02-09 Thread Steffen Kaiser 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sun, 9 Feb 2014, Marcus Schopen wrote:


what would be a good way to implement rate-limiting for outbound mails
per sender e.g. 50 recipients per smtp_auth sender per hour?


I do this in filter_begin. There I detect the sender, assign a SenderID 
based on different rules and query a SQL database about the sum of 
recipients of this SenderID in the last hour  day. If the SMTP quota is 
not exceeded, the tuple (scalar(@Recipients), SenderID, NOW()) as added to 
the database.


I purge old entries daily.

- -- 
Steffen Kaiser

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBUvhs5pSHNCne69JnAQLikQf+Iqg9/E3QAhWSb9b0DMKlGBym5qKnO2uc
L1U3QHCh2cIyjbMfjtEGjtZkuN7MJoTcSc9uWqxLQXGIg4ujfnJ7yKCHYSRpd/v9
GgvjL6UbgVFYIZjfghK2azCSYeOLwHbo2rq2nWkJf5EQkhvLs1fct+3nnVfvkpF8
sFrN8ibgEoawasQ/NwYAnn4E3sMSIpy20ae/IH6kWkUcq2t0BbXwQyrK8sE3xfiu
j9qhATfhEJ/Uhepb9oF04r3e+iDVKTMT35vfCujipJxjmu4TXv/EBvrQEIc6p/d9
OBZLUmut/g/tcyMfZWW+jIVSm4Pl148VEg8Bx/9c8QWO34SWFlunZQ==
=6YV3
-END PGP SIGNATURE-
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang