Page 2 of 4

Re: Limit emails per hour per domain

Posted: Fri Sep 09, 2016 7:43 pm
by mike08
Would $auth1 be the right variable?

Code: Select all

######################################################################
#                   AUTHENTICATION CONFIGURATION                     #
######################################################################
begin authenticators

dovecot_plain:
  driver = dovecot
  public_name = PLAIN
  server_socket = /var/run/dovecot/auth-client
  server_set_id = $auth1

dovecot_login:
  driver = dovecot
  public_name = LOGIN
  server_socket = /var/run/dovecot/auth-client
  server_set_id = $auth1
This was taken from my exim config.

Edit: No, it isn't working, same issues the $authenticated_id variable.

Re: Limit emails per hour per domain

Posted: Fri Sep 09, 2016 7:55 pm
by dpeca
when you put:
deny message =
it makes a log to your exim log.

so if you put:
deny message = Let's see what is $sender_address
ratelimit = 2 / 1h / $sender_address

then you can look at exim log and see what is $sender_address

basicaly, we just need to find a variable that contain authenticated username.
sometning from these variables - http://www.exim.org/exim-html-current/d ... SECTexpvar

filtering with $sender_address works fine, but it can be easely changed by spammer.

Re: Limit emails per hour per domain

Posted: Fri Sep 09, 2016 8:03 pm
by dpeca
So, to conclude:

This works:
acl_not_smtp = acl_not_smtp

begin acl

acl_not_smtp:
deny message = Sender $sender_address rate overlimit - $sender_rate / $sender_rate_period
ratelimit = 2 / 1h / $sender_address
accept


But $sender_address is not truthful, we need to find other variable, that is in relation with authenticated username.

Re: Limit emails per hour per domain

Posted: Sat Sep 10, 2016 12:24 am
by dpeca
After 8 hours of researching, I finaly figured out what is going on.
All the time I'm testing Exim by sending emails via Roundcube - and guess what - Roundcube is not configured to send email via SMTP - it's sending email with classic mail() PHP function...

:facepalm:

Since I used https://my-hostname/webmail/ - web domain 'my-hostname' is under 'admin' vesta account - and that's why Exim's $authenticated_id has 'admin' value.
Tomorrow I will see to switch Roundcube to use SMTP for sending, and then we will see what will be value of Exim's $authenticated_id variable.

Re: Limit emails per hour per domain

Posted: Sat Sep 10, 2016 6:25 am
by mike08
That is interesting, in my case roundcube is running under www-data.

Anyway, wouldn't it be another solution to limit the emails sent by domain name instead of each authenticated user?

Re: Limit emails per hour per domain

Posted: Sat Sep 10, 2016 11:41 am
by dpeca
acl_not_smtp is for case when hosting PHP scripts is sending email via mail() function, so it will works fine with $authenticated_id - you will get 'username' of site that is sending email - and you can limit 'per user' that is hosting a site(s).

Not sure why your Roundcube is running as 'www-data' - do you access Roundcube via http://server-hostname/webmail/ and does 'server-hostname' is created under 'admin' account on Vesta? You are using Apache2+nginx combination?

Anyway.
I'll try (in next 2-3 days) to figure out how to force Roundcube to send emails via SMTP (it didn't work tonight when I tried to do that, it still used mail() function even I entered SMTP host in Roundcube config file).

Next we need to see what is a ACL section for authorized SMTP user - it's probably acl_check_rcpt that Skurudo already sugested - but I'll check.

Re: Limit emails per hour per domain

Posted: Sat Sep 10, 2016 2:02 pm
by mike08
So, the one that Skurudo mentioned for acl_check_rcpt isn't working on my remote smtp apps, even if I set the limit to 3 it doesn't reject the email, no error is being logged.

The reason why mine says www-data is because I have upgraded roundcube and moved it from it's original location.

Re: Limit emails per hour per domain

Posted: Sat Sep 10, 2016 2:46 pm
by dpeca
Actually it works! :D
But with little modifications.

This is what I did.

This example will limit user and website to send 20 emails per hour.

File to edit: /etc/exim4/exim4.conf.template
(I bolded parts that I added)

acl_not_smtp = acl_not_smtp

begin acl

# for PHP scripts, limit per vesta user
acl_not_smtp:
deny message = Web site of $authenticated_id user is sending too much emails - rate overlimit = $sender_rate / $sender_rate_period
ratelimit = 20 / 1h / $authenticated_id
accept


...

acl_check_rcpt:
accept hosts = :

# for SMTP authenticated users, limit per email account
deny message = Email account $authenticated_id is sending too much emails - rate overlimit = $sender_rate / $sender_rate_period
ratelimit = 20 / 1h / $authenticated_id

Re: Limit emails per hour per domain

Posted: Sat Sep 10, 2016 3:16 pm
by dpeca
Now I just need to figure out how to force Roundcube to use SMTP, because it still uses mail() function even I entered SMTP host in Roundcube config file...

Re: Limit emails per hour per domain

Posted: Sat Sep 10, 2016 3:50 pm
by dpeca
Solved.

/etc/roundcube/defaults.inc.php must be edited this way:

$config['smtp_server'] = 'localhost';

// SMTP port (default is 25; use 587 for STARTTLS or 465 for the
// deprecated SSL over SMTP (aka SMTPS))
$config['smtp_port'] = 25;

// SMTP username (if required) if you use %u as the username Roundcube
// will use the current username for login
$config['smtp_user'] = '
%u';

// SMTP password (if required) if you use %p as the password Roundcube
// will use the current user's password for login
$config['smtp_pass'] = '
%p';