Page 2 of 5
Re: Limit emails per hour per domain
Posted: Fri Sep 09, 2016 7:43 pm
by mike08
Would $auth1 be the right variable?
Code: Select all
######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################
begin authenticators
dovecot_plain:
driver = dovecot
public_name = PLAIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
dovecot_login:
driver = dovecot
public_name = LOGIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
This was taken from my exim config.
Edit: No, it isn't working, same issues the $authenticated_id variable.
Re: Limit emails per hour per domain
Posted: Fri Sep 09, 2016 7:55 pm
by dpeca
when you put:
deny message =
it makes a log to your exim log.
so if you put:
deny message = Let's see what is
$sender_address
ratelimit = 2 / 1h /
$sender_address
then you can look at exim log and see what is
$sender_address
basicaly, we just need to find a variable that contain authenticated username.
sometning from these variables -
http://www.exim.org/exim-html-current/d ... SECTexpvar
filtering with
$sender_address works fine, but it can be easely changed by spammer.
Re: Limit emails per hour per domain
Posted: Fri Sep 09, 2016 8:03 pm
by dpeca
So, to conclude:
This works:
acl_not_smtp = acl_not_smtp
begin acl
acl_not_smtp:
deny message = Sender $sender_address rate overlimit - $sender_rate / $sender_rate_period
ratelimit = 2 / 1h / $sender_address
accept
But $sender_address is not truthful, we need to find other variable, that is in relation with authenticated username.
Re: Limit emails per hour per domain
Posted: Sat Sep 10, 2016 12:24 am
by dpeca
After 8 hours of researching, I finaly figured out what is going on.
All the time I'm testing Exim by sending emails via Roundcube - and guess what - Roundcube is not configured to send email via SMTP - it's sending email with classic mail() PHP function...
:facepalm:
Since I used
https://my-hostname/webmail/ - web domain 'my-hostname' is under 'admin' vesta account - and that's why Exim's
$authenticated_id has 'admin' value.
Tomorrow I will see to switch Roundcube to use SMTP for sending, and then we will see what will be value of Exim's
$authenticated_id variable.
Re: Limit emails per hour per domain
Posted: Sat Sep 10, 2016 6:25 am
by mike08
That is interesting, in my case roundcube is running under www-data.
Anyway, wouldn't it be another solution to limit the emails sent by domain name instead of each authenticated user?
Re: Limit emails per hour per domain
Posted: Sat Sep 10, 2016 11:41 am
by dpeca
acl_not_smtp is for case when hosting PHP scripts is sending email via mail() function, so it will works fine with
$authenticated_id - you will get 'username' of site that is sending email - and you can limit 'per user' that is hosting a site(s).
Not sure why your Roundcube is running as 'www-data' - do you access Roundcube via
http://server-hostname/webmail/ and does 'server-hostname' is created under 'admin' account on Vesta? You are using Apache2+nginx combination?
Anyway.
I'll try (in next 2-3 days) to figure out how to force Roundcube to send emails via SMTP (it didn't work tonight when I tried to do that, it still used mail() function even I entered SMTP host in Roundcube config file).
Next we need to see what is a ACL section for authorized SMTP user - it's probably
acl_check_rcpt that Skurudo already sugested - but I'll check.
Re: Limit emails per hour per domain
Posted: Sat Sep 10, 2016 2:02 pm
by mike08
So, the one that Skurudo mentioned for acl_check_rcpt isn't working on my remote smtp apps, even if I set the limit to 3 it doesn't reject the email, no error is being logged.
The reason why mine says www-data is because I have upgraded roundcube and moved it from it's original location.
Re: Limit emails per hour per domain
Posted: Sat Sep 10, 2016 2:46 pm
by dpeca
Actually it works! :D
But with little modifications.
This is what I did.
This example will limit user and website to send 20 emails per hour.
File to edit: /etc/exim4/exim4.conf.template
(I bolded parts that I added)
acl_not_smtp = acl_not_smtp
begin acl
# for PHP scripts, limit per vesta user
acl_not_smtp:
deny message = Web site of $authenticated_id user is sending too much emails - rate overlimit = $sender_rate / $sender_rate_period
ratelimit = 20 / 1h / $authenticated_id
accept
...
acl_check_rcpt:
accept hosts = :
# for SMTP authenticated users, limit per email account
deny message = Email account $authenticated_id is sending too much emails - rate overlimit = $sender_rate / $sender_rate_period
ratelimit = 20 / 1h / $authenticated_id
Re: Limit emails per hour per domain
Posted: Sat Sep 10, 2016 3:16 pm
by dpeca
Now I just need to figure out how to force Roundcube to use SMTP, because it still uses mail() function even I entered SMTP host in Roundcube config file...
Re: Limit emails per hour per domain
Posted: Sat Sep 10, 2016 3:50 pm
by dpeca
Solved.
/etc/roundcube/defaults.inc.php must be edited this way:
$config['smtp_server'] = 'localhost';
// SMTP port (default is 25; use 587 for STARTTLS or 465 for the
// deprecated SSL over SMTP (aka SMTPS))
$config['smtp_port'] = 25;
// SMTP username (if required) if you use %u as the username Roundcube
// will use the current username for login
$config['smtp_user'] = '%u';
// SMTP password (if required) if you use %p as the password Roundcube
// will use the current user's password for login
$config['smtp_pass'] = '%p';