Re: [exim] rate limit for maximum outgoing emails to mail-relay

2018-02-28 Thread Jasen Betts via Exim-users 
On 2018-02-28, Jakob Schürz via Exim-users  wrote:
> Hi!
>>
>>   event_action=${if eq{$event_name}{msg:delivery}\
>>{${acl{accept delay=1s
>>
>> to give a max rate close to 60 per minute.
>>
> Also thanks a lot. I'll try this out.
>

I keep forgetting details... you have to also turn off immediate delivery
else that slowness won't cause a ratelimit, and then also need to
increase the queue run rate so that emails get delivered reasonlby fast,

This is a different approach to the one Jeremy was suggesting using. And 
technically inferior to it because this keeps TCP sockets open for longer
than neeeded.

-- 
This email has not been checked by half-arsed antivirus software 

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] rate limit for maximum outgoing emails to mail-relay

2018-02-28 Thread Jeremy Harris via Exim-users 
On 28/02/18 18:33, Mike Brudenell via Exim-users wrote:
>  our policy is to use the package
> that comes with the LTS (Long Term Stable) release of Ubuntu on which we
> run the service. The next LTS release is due in April, at which point I
> leapfrog from 4.86 + security fixes to 4.90.1.

Once you have 4.90 you'll be able to use a msg:delivery Event to do the
ratelimit update, and only test the ratelimit value from the router;
then it doesn't matter how many times the latter is called.

Though, come to think of it, you could use a dummy expansion in the
transport to do the update now.  It'll be vulnerable to failed
delivery attempts, but preferable to doing it at routing time.
-- 
Cheers,
  Jeremy

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] rate limit for maximum outgoing emails to mail-relay

2018-02-28 Thread Mike Brudenell via Exim-users 
Hi, Jeremy -

Sadly we're not building from source, but our policy is to use the package
that comes with the LTS (Long Term Stable) release of Ubuntu on which we
run the service. The next LTS release is due in April, at which point I
leapfrog from 4.86 + security fixes to 4.90.1. (Yay!) A shame, as I'm
pretty sure being able to detect the pass number would be a quick fix for
the router/ACL combo.

By the way, having played with this now I'm beginning to come around to it
being a powerful and flexible way of managing rate limiting for outgoing
mail… well, if it worked with our -qq runners! :-) Maybe the way forward is
to flesh out the Wiki page you started: something I'm happy to try and do
if you/others would then check it and correct/improve any mistakes etc I
make.

I'm going to check whether the hosts I used to have to try and limit
connections to still have that restriction; I know there have been some
changes made to them. If so, I might be able to use the -q option to spark
queue runners instead of -qq as a workaround.

As for top-posting, that's a habit brought about by many modern email
programs. My preference used to be for interleaved (back in the days of
Pine!), then top-posting, followed by bottom-posting (wading through tons
of old stuff to reach the new is a pain). With G Suite's mail it not only
creates your reply to top-post but also conveniently hides all the included
content, making it easy to overlook and trim. As it hides included content
by default on received messages, us Gmail/G Suite users are now all used to
not having to see/worry about it. :-)

I'll try to remember, but it's already a faff replying to the list as it is:

   - Hitting Reply would send my message to you personally and not the list.
   - So to get the list's address included I have to change to Reply To All.
   - But that includes your own individual address too, which I know you
   also dislike, so then I have to edit your address out of the TO, and move
   the list address from CC to TO.
   - Manually trimming out included text is then yet another step:
   difficult to remember when (a) it's hidden from sight below a faint grey
   ellipsis character, (b) I'm used to not having to do it for the bulk of
   emails I send and (c) my mind is focussed on the problem/solution.

But I'll try… :-)

(And indeed have just managed to stop my fingers from clicking Send before
actually doing the trimming this time!)

Cheers,
Mike B-)

-- 
Systems Administrator & Change Manager
IT Services, University of York, Heslington, York YO10 5DD, UK
Tel: +44-(0)1904-323811

Web: www.york.ac.uk/it-services
Disclaimer: www.york.ac.uk/docs/disclaimer/email.htm
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] rate limit for maximum outgoing emails to mail-relay

2018-02-28 Thread Jeremy Harris via Exim-users 
On 28/02/18 17:29, Mike Brudenell via Exim-users wrote:
> I think I need to stop the second pass of the -qq queue runner from using
> this router again? Is there a way of doing that? Or have I got the
> fundamental design of router and ACL wrong?

Could I encourage you to not top-post, and to trim inclusions?  I do
that traditional mail etiquette is not in fashion, but...

There's no programmatic visibility of the phases of the two-phase
queue-run.  It wouldn't be hard to add; there's a global flag there
just waiting to be pointed-to by a new exim-variable specification,
if we decide that's the best or only way to go.

If you're building from source, it'd be a two minute job; I can point
in the right direction.
-- 
Cheers,
  Jeremy


-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] rate limit for maximum outgoing emails to mail-relay

2018-02-28 Thread Mike Brudenell via Exim-users 
I think I can see what's happening now, but not how to fix it…

   1. I have 5 test messages in the queue going to my mailbox.
   2. I delete the ratelimit and retry hints databases so I'm starting from
   a clean base.
   3. I do an "exim -d+all -qq"
   4. The first routing run of the -qq option activates and accepts the
   first couple of messages, increasing the computed ratelimit as it does so.
   This reaches the limit I've set, so the remaining messages are then
   deferred. So far so good.
   5. The second routing run of the -qq option then activates to perform
   deliveries. This routes each message *again*, uses the ratelimiting
   router and in doing so sees the high computed ratelimit so now *all* of
   the messages now get deferred.

There might also be an (as yet unconfirmed) problem with my setup in that
if the first pass didn't reach the rate limit then the second pass might
when it re-routes the messages: effectively counting each message twice
towards the computed rate (once in the first pass, once in the second). If
so, then some or all of the messages in the second pass might be deferred
when really they should be delivered.

I think I need to stop the second pass of the -qq queue runner from using
this router again? Is there a way of doing that? Or have I got the
fundamental design of router and ACL wrong?

Cheers,
Mike B-)

On 28 February 2018 at 17:06, Mike Brudenell 
wrote:

> Bug/RFE: I'll have a think about whether I can phrase something.
>
> In the meantime, I've been playing around with the outline Jeremy
> suggested on the Wiki and thought I had it working. Indeed my testing with
> an artificially low rate of 2 messages per 1 minute showed:
>
>- submitting several messages to Exim let the first few through, then
>kept the rest in the queue marked "deferred"
>- running "exim -q" periodically allowed more to be delivered whenever
>the calculate rate dropped sufficiently
>
> So far so good.
> *But…* then I let my test server do its own thing and messages didn't go
> out from the queue! :-(
>
> After a lot of digging I discovered that the problem lies with my queue
> runners being launched using Exim's "-qq2m" option rather than "-q2m",
> which I do for efficiency purposes as some hosts I deliver to limit the
> number of concurrent connections.
>
> Peering closely at the debugging output from "exim -qq -d+all" it appears
> that the double queue run the -qq option triggers is doing something odd:
> possibly updating the ratelimit database twice, causing my artificially low
> rate limit to be reached before a single message is actually delivered. As
> the Specification says,
>
>
> In the first stage, the queue is scanned as if the queue_smtp_domains
> option matched every domain. Addresses are routed, local deliveries happen,
> but no remote transports are run.
>
> The hints database that remembers which messages are waiting for specific
> hosts is updated, as if delivery to those hosts had been deferred. After
> this is complete, a second, normal queue scan happens, with routing and
> delivery taking place as normal.
>
>
> I have no_verify set on my router, but of course this only stops it
> activating during address verification. With the -qq option Exim is
> actually doing two full routing runs.
>
> *Question:* Is there some option I've not spotted that says something
> along the lines of "update the ratelimit database for the first run of the
> -qq option but not the second"?
>
> In case it helps, here is my ACL:
>
> acl_ratelimit_outbound:
>   accept  message = :defer: Sending messages to $acl_arg1 too fast:
> deferred \
> [$sender_rate/$sender_rate_period (max
> $sender_rate_limit/$sender_rate_period)]
>   ratelimit = $acl_arg2 / readonly / outbound:${lc:$acl_arg1}
>
>   warnratelimit = $acl_arg2 / strict / outbound:${lc:$acl_arg1}
>
>   accept  message = $acl_arg1
>
>
> and my router:
>
> ratelimit_outbound:
>   driver  = redirect
>   no_verify
>   allow_defer
>   condition   = ${if exists {CFG_D/ratelimit-table}}
>   data= ${lookup {$local_part@$domain} lsearch*@
> {CFG_D/ratelimit-table} \
>  { ${acl {acl_ratelimit_outbound} 
> {$local_part@$domain}
> {$value}} } \
>  fail}
>
>
> Cheers,
> Mike B-)
>
> On 28 February 2018 at 10:34, Jeremy Harris via Exim-users <
> exim-users@exim.org> wrote:
>
>> On 28/02/18 10:17, Mike Brudenell via Exim-users wrote:
>> > So despite being a profound advocate of Exim, it is a little
>> embarrassing
>> > to tell people who ask me about outbound rate limiting that it's so
>> > difficult in it
>> Perhaps you could come up with a clean set of requirements?
>> In a bug/RFE, so that others could chip in, and the need
>> wouldn't be forgotten?
>> --
>> Cheers,
>>   Jeremy
>>
>> --
>> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
>> ## Exim details at http://www.exim.org/
>> ## Please

Re: [exim] rate limit for maximum outgoing emails to mail-relay

2018-02-28 Thread Mike Brudenell via Exim-users 
Bug/RFE: I'll have a think about whether I can phrase something.

In the meantime, I've been playing around with the outline Jeremy suggested
on the Wiki and thought I had it working. Indeed my testing with an
artificially low rate of 2 messages per 1 minute showed:

   - submitting several messages to Exim let the first few through, then
   kept the rest in the queue marked "deferred"
   - running "exim -q" periodically allowed more to be delivered whenever
   the calculate rate dropped sufficiently

So far so good.
*But…* then I let my test server do its own thing and messages didn't go
out from the queue! :-(

After a lot of digging I discovered that the problem lies with my queue
runners being launched using Exim's "-qq2m" option rather than "-q2m",
which I do for efficiency purposes as some hosts I deliver to limit the
number of concurrent connections.

Peering closely at the debugging output from "exim -qq -d+all" it appears
that the double queue run the -qq option triggers is doing something odd:
possibly updating the ratelimit database twice, causing my artificially low
rate limit to be reached before a single message is actually delivered. As
the Specification says,


In the first stage, the queue is scanned as if the queue_smtp_domains
option matched every domain. Addresses are routed, local deliveries happen,
but no remote transports are run.

The hints database that remembers which messages are waiting for specific
hosts is updated, as if delivery to those hosts had been deferred. After
this is complete, a second, normal queue scan happens, with routing and
delivery taking place as normal.


I have no_verify set on my router, but of course this only stops it
activating during address verification. With the -qq option Exim is
actually doing two full routing runs.

*Question:* Is there some option I've not spotted that says something along
the lines of "update the ratelimit database for the first run of the -qq
option but not the second"?

In case it helps, here is my ACL:

acl_ratelimit_outbound:
  accept  message = :defer: Sending messages to $acl_arg1 too fast:
deferred \
[$sender_rate/$sender_rate_period (max
$sender_rate_limit/$sender_rate_period)]
  ratelimit = $acl_arg2 / readonly / outbound:${lc:$acl_arg1}

  warnratelimit = $acl_arg2 / strict / outbound:${lc:$acl_arg1}

  accept  message = $acl_arg1


and my router:

ratelimit_outbound:
  driver  = redirect
  no_verify
  allow_defer
  condition   = ${if exists {CFG_D/ratelimit-table}}
  data= ${lookup {$local_part@$domain} lsearch*@
{CFG_D/ratelimit-table} \
 { ${acl {acl_ratelimit_outbound} {$local_part@$domain}
{$value}} } \
 fail}


Cheers,
Mike B-)

On 28 February 2018 at 10:34, Jeremy Harris via Exim-users <
exim-users@exim.org> wrote:

> On 28/02/18 10:17, Mike Brudenell via Exim-users wrote:
> > So despite being a profound advocate of Exim, it is a little embarrassing
> > to tell people who ask me about outbound rate limiting that it's so
> > difficult in it
> Perhaps you could come up with a clean set of requirements?
> In a bug/RFE, so that others could chip in, and the need
> wouldn't be forgotten?
> --
> Cheers,
>   Jeremy
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>

-- 
Systems Administrator & Change Manager
IT Services, University of York, Heslington, York YO10 5DD, UK
Tel: +44-(0)1904-323811 <01904%20323811>

Web: www.york.ac.uk/it-services
Disclaimer: www.york.ac.uk/docs/disclaimer/email.htm
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] Exim-users Digest, Vol 165, Issue 23

2018-02-28 Thread Luciano InfoCultura via Exim-users 
Hi,
require
  message=starttls required
  encrypted=*
  
in the smtp mail ACL "acl_check_mail" on debian systems.

It's works.Thanks
 

Em Domingo, 25 de Fevereiro de 2018 9:02, "exim-users-requ...@exim.org" 
 escreveu:
 

 Send Exim-users mailing list submissions to
    exim-users@exim.org

To subscribe or unsubscribe via the World Wide Web, visit
    https://lists.exim.org/mailman/listinfo/exim-users
or, via email, send a message with subject or body 'help' to
    exim-users-requ...@exim.org

You can reach the person managing the list at
    exim-users-ow...@exim.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Exim-users digest..."
Today's Topics:

  1. Question TLS (Luciano InfoCultura)
  2. Re: Question TLS (Phil Pennock)
  3. Re: Question TLS (Jasen Betts)
How do I make connections initiated on ports 25 or 587 in plain text only allow 
the sending of messages after using STARTTLS.
my brief configuration:The message exchange is between servers and do not use 
authentication.
..MAIN_TLS_ENABLE = truedaemon_smtp_ports = 25: 465: 587tls_on_connect_ports = 
465..


Luciano da Silva


On 2018-02-22 at 17:34 +, Luciano InfoCultura via Exim-users wrote:
> How do I make connections initiated on ports 25 or 587 in plain text only 
> allow the sending of messages after using STARTTLS.
> my brief configuration:The message exchange is between servers and do not use 
> authentication.
> ..MAIN_TLS_ENABLE = truedaemon_smtp_ports = 25: 465: 587tls_on_connect_ports 
> = 465..

The MAIN_TLS_ENABLE setting is a sign of the Debianized configuration.

All of the Exim settings you have listed above are for how Exim listens,
not how it sends; sending is controlled via the SMTP "Transport" linked
to whichever "Router" accepted the message/recipient and chose remote
delivery via SMTP for it.

Ports 465 and 587 are for initial Submission by clients and not for
server-to-server traffic (except in special hacky situations such as
having your mail-server pretend to be a client, of Gmail/whatever).
Unless you've got a special arrangement in place, you're sending on port
25 and using STARTTLS to upgrade the connection.

I don't see a Debian control knob for this.  From Exim's side, you want
the SMTP Transport to include:

  hosts_require_tls = *

-Phil



On 2018-02-22, Luciano InfoCultura via Exim-users  wrote:
> How do I make connections initiated on ports 25 or 587 in plain text only 
> allow the sending of messages after using STARTTLS.
> my brief configuration:The message exchange is between servers and do not use 
> authentication.
> ..MAIN_TLS_ENABLE = truedaemon_smtp_ports = 25: 465: 587tls_on_connect_ports 
> = 465..

I'm guessing you mean inbound.

Put this

 require
  message=starttls required
  encrypted=*
  
in the smtp mail ACL "acl_check_mail" on debian systems.

-- 
This email has not been checked by half-arsed antivirus software 



--

## List details at https://lists.exim.org/mailman/listinfo/exim-users Exim 
details at http://www.exim.org/ ##


   
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] rate limit for maximum outgoing emails to mail-relay

2018-02-28 Thread Jeremy Harris via Exim-users 
On 28/02/18 10:17, Mike Brudenell via Exim-users wrote:
> So despite being a profound advocate of Exim, it is a little embarrassing
> to tell people who ask me about outbound rate limiting that it's so
> difficult in it
Perhaps you could come up with a clean set of requirements?
In a bug/RFE, so that others could chip in, and the need
wouldn't be forgotten?
-- 
Cheers,
  Jeremy

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] rate limit for maximum outgoing emails to mail-relay

2018-02-28 Thread Jeremy Harris via Exim-users 
On 28/02/18 10:02, Jakob Schürz via Exim-users wrote:
> Is this simple with Exim?

Exim is infinitely configurable, as reading the manual
should show you.  Simple, well, that's in the eye of
the beholder.
-- 
Jeremy


-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] rate limit for maximum outgoing emails to mail-relay

2018-02-28 Thread Mike Brudenell via Exim-users 
Of course the need for outbound rate limiting is not confined to sending to
Gmail/G Suite recipients. For example we see problems when a group here has
a fault with one of their software systems and it triggers umpteen emails
to their alerts/support address. This is *not* hosted at Gmail/G Suite but
the hosting service nevertheless employs rate limiting of incoming messages.

So despite being a profound advocate of Exim, it is a little embarrassing
to tell people who ask me about outbound rate limiting that it's so
difficult in it, but simple in other MTAs. But I guess it stems from a
design decision made early on and hence is difficult to address.

Mike B.

On 28 February 2018 at 09:59, Jeremy Harris via Exim-users <
exim-users@exim.org> wrote:

> On 28/02/18 09:33, Jasen Betts via Exim-users wrote:
> > there may be better solutions but this is the easiest.
>
> I've put a skeleton description on
>   https://github.com/Exim/exim/wiki/RatelimitOutbound
>
> Filling out the detail will required perusing of multiple
> separate parts of the manual.  (Translation: I haven't
> the time or the interest.  Dump Gmail.)
> --
> Jeremy
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>



-- 
Systems Administrator & Change Manager
IT Services, University of York, Heslington, York YO10 5DD, UK
Tel: +44-(0)1904-323811

Web: www.york.ac.uk/it-services
Disclaimer: www.york.ac.uk/docs/disclaimer/email.htm
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] rate limit for maximum outgoing emails to mail-relay

2018-02-28 Thread James via Exim-users 

On 28/02/2018 10:02, Jakob Schürz via Exim-users wrote:

Am 28.02.2018 um 10:29 schrieb James via Exim-users:

We use gmail suite as our email-provider, and gmail has some
send-limitations.


Dump gmail.  Install exim and just let exim send directly.


This is not my decision. The whole company uses the gmail-suite
including drive, docs and so on. Google is a evil company... we know.
But the products are very good for some kind of business.


I mean dump gmail from the sending loop [although dumping gmail 
completely would suit me].


I'll expand using the OP's/Jakob's own link.  Google themselves suggest 
cutting gmail from the sending loop:



https://support.google.com/a/answer/166852?hl=en;>

Recommendations for sending bulk email
...
Use a local mail server—If you have a local mail server, use it to send 
mail directly to recipients to avoid sending limits. This local server 
should also be added to your SPF record to stop the messages from being 
marked as spam.





Tell your PHB's you are following Google's excellent advice.


James.

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] rate limit for maximum outgoing emails to mail-relay

2018-02-28 Thread Jakobus Schürz via Exim-users 



Am 28.02.2018 um 10:59 schrieb Jeremy Harris via Exim-users:

On 28/02/18 09:33, Jasen Betts via Exim-users wrote:

there may be better solutions but this is the easiest.

I've put a skeleton description on
   https://github.com/Exim/exim/wiki/RatelimitOutbound

Filling out the detail will required perusing of multiple
separate parts of the manual.  (Translation: I haven't
the time or the interest.  Dump Gmail.)

Thanks a lot!

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] rate limit for maximum outgoing emails to mail-relay

2018-02-28 Thread Jakob Schürz via Exim-users 

Hi!


Am 28.02.2018 um 10:48 schrieb Jasen Betts via Exim-users:

On 2018-02-27, Jakob Schürz via Exim-users  wrote:

How can i handle this with exim4?

my pervious advice was wrong, as Jeremey says it's not simple:

it should be

  event_action=${acl{accept delay=1s}}

or better

  event_action=${if eq{$event_name}{msg:delivery}\
   {${acl{accept delay=1s

to give a max rate close to 60 per minute.


Also thanks a lot. I'll try this out.

Jakob

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] rate limit for maximum outgoing emails to mail-relay

2018-02-28 Thread Jakob Schürz via Exim-users 

Am 28.02.2018 um 10:29 schrieb James via Exim-users:

On 27/02/2018 15:39, Jakob Schürz via Exim-users wrote:


We have a application, which creates many emails. Notifications from a
ticketsystem to the subscribed users for each ticket on changes, or
something else.

We use gmail suite as our email-provider, and gmail has some
send-limitations.


Dump gmail.  Install exim and just let exim send directly.


This is not my decision. The whole company uses the gmail-suite 
including drive, docs and so on. Google is a evil company... we know. 
But the products are very good for some kind of business.


One possible solution is, to deliver the emails from this bulks which 
are directed to our own recipients directly. And the emails to customers 
via gmail-relay.
The problem delivering emails direct to recipients mailserver, the 
possibility that emails marked as spam is high. Relaying them through a 
well known Relayhost reduces ths problem a lot.


So the next step is, to use a local mailserver to sort emails. 
Recipients with the same domain as the sending bot should be deliverd 
direct, all other through gmail-relay.

Is this simple with Exim?

jakob

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] rate limit for maximum outgoing emails to mail-relay

2018-02-28 Thread Jeremy Harris via Exim-users 
On 28/02/18 09:33, Jasen Betts via Exim-users wrote:
> there may be better solutions but this is the easiest.

I've put a skeleton description on
  https://github.com/Exim/exim/wiki/RatelimitOutbound

Filling out the detail will required perusing of multiple
separate parts of the manual.  (Translation: I haven't
the time or the interest.  Dump Gmail.)
-- 
Jeremy

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] rate limit for maximum outgoing emails to mail-relay

2018-02-28 Thread Jasen Betts via Exim-users 
On 2018-02-27, Jakob Schürz via Exim-users  wrote:
> Hi!
>
> We have a application, which creates many emails. Notifications from a 
> ticketsystem to the subscribed users for each ticket on changes, or 
> something else.
>
> We use gmail suite as our email-provider, and gmail has some 
> send-limitations. So, if many tickets are created as a bulk, many many 
> emails are created from the app, and the mailserver blocks the sender 
> for 10 minutes. Most of the created emails go to the error-mail-queue 
> from the app and must be resent manually.
>
> There is a workaround on the vendor-site, because the app itself cannot 
> handle to ratelimit the sent emails.
>
> The workaround is, to put a local mailqueue in between, which ratelimits 
> the outgoing message-count.
>
> I want to realize this with exim4, if there is a possibility to set a 
> hard limit for a specific smart/relayhost for outgoing emails. The app 
> can send as much emails as used, and the mailserver queues them all and 
> send them to gmail-relay-host in packages of 80 mails per minute. Not more!
>
> How can i handle this with exim4?

my pervious advice was wrong, as Jeremey says it's not simple:

it should be 

 event_action=${acl{accept delay=1s}}

or better

 event_action=${if eq{$event_name}{msg:delivery}\
  {${acl{accept delay=1s

to give a max rate close to 60 per minute.


-- 
This email has not been checked by half-arsed antivirus software 

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] rate limit for maximum outgoing emails to mail-relay

2018-02-28 Thread Jasen Betts via Exim-users 
On 2018-02-27, Jakob Schürz via Exim-users  wrote:
> Hi!
>
> We have a application, which creates many emails. Notifications from a 
> ticketsystem to the subscribed users for each ticket on changes, or 
> something else.
>
> We use gmail suite as our email-provider, and gmail has some 
> send-limitations. So, if many tickets are created as a bulk, many many 
> emails are created from the app, and the mailserver blocks the sender 
> for 10 minutes. Most of the created emails go to the error-mail-queue 
> from the app and must be resent manually.
>
> There is a workaround on the vendor-site, because the app itself cannot 
> handle to ratelimit the sent emails.
>
> The workaround is, to put a local mailqueue in between, which ratelimits 
> the outgoing message-count.
>
> I want to realize this with exim4, if there is a possibility to set a 
> hard limit for a specific smart/relayhost for outgoing emails. The app 
> can send as much emails as used, and the mailserver queues them all and 
> send them to gmail-relay-host in packages of 80 mails per minute. Not more!
>
> How can i handle this with exim4?

one way is to teergrube yourself:

untested:

1> set serialize hosts to include gmail 
2> set "event_action=accept delay=1s" on the transport that contcts gmail.

That'll reduce the rate to below 60 per minute. (maybe to about 20 per minute)

there may be better solutions but this is the easiest.

-- 
This email has not been checked by half-arsed antivirus software 

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] rate limit for maximum outgoing emails to mail-relay

2018-02-28 Thread James via Exim-users 

On 27/02/2018 15:39, Jakob Schürz via Exim-users wrote:


We have a application, which creates many emails. Notifications from a
ticketsystem to the subscribed users for each ticket on changes, or
something else.

We use gmail suite as our email-provider, and gmail has some
send-limitations.


Dump gmail.  Install exim and just let exim send directly.


James.

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] Checking if a list of domains contains a domain contained in another list?

2018-02-28 Thread Sebastian Arcus via Exim-users 


On 27/02/18 19:18, Jeremy Harris via Exim-users wrote:

On 27/02/18 18:35, Sebastian Arcus via Exim-users wrote:

condition = ${if match_domain {${lookup
dnsdb{mx=$sender_address_domain}}}{+no_extended_callout_mxs}}


For example the mx query might return:

10 mx1.exampledomain.com
20 mx2.exampledomain.com
0 exampledomain-com.mail.protection.outlook.com


For example I'm interested in the *.outlook.com domain - I want to know
if it is in the list of mx's - but I am essentially comparing a list
(the list of mx records) with another list (of whitelisted domains)-
which I guess is not possible.


Have a look at the foreach/forany expansion conditions, and to
trim the mx priorities away from the mx lookup try the map expansion.


Thank you very much for that suggestion - somehow I never noticed the 
foreach/forany operators. As to the mx priorities, I just used the mxh 
type lookup which removes them - so it worked out perfectly. I've 
enclosed below what I ended up with - in case it helps others:



domainlist no_extended_callout_mxs = *.fussy_mx1.com : *.fussy_mx2.com

condition  = ${if forany {${lookup dnsdb{>: 
mxh=$sender_address_domain}}} {match_domain 
{$item}{+no_extended_callout_mxs}} {true} {false} }



--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/