We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Limit emails per hour per domain
Re: Limit emails per hour per domain
Would $auth1 be the right variable?
This was taken from my exim config.
Edit: No, it isn't working, same issues the $authenticated_id variable.
Code: Select all
######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################
begin authenticators
dovecot_plain:
driver = dovecot
public_name = PLAIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
dovecot_login:
driver = dovecot
public_name = LOGIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
Edit: No, it isn't working, same issues the $authenticated_id variable.
Re: Limit emails per hour per domain
when you put:
deny message =
it makes a log to your exim log.
so if you put:
deny message = Let's see what is $sender_address
ratelimit = 2 / 1h / $sender_address
then you can look at exim log and see what is $sender_address
basicaly, we just need to find a variable that contain authenticated username.
sometning from these variables - http://www.exim.org/exim-html-current/d ... SECTexpvar
filtering with $sender_address works fine, but it can be easely changed by spammer.
deny message =
it makes a log to your exim log.
so if you put:
deny message = Let's see what is $sender_address
ratelimit = 2 / 1h / $sender_address
then you can look at exim log and see what is $sender_address
basicaly, we just need to find a variable that contain authenticated username.
sometning from these variables - http://www.exim.org/exim-html-current/d ... SECTexpvar
filtering with $sender_address works fine, but it can be easely changed by spammer.
Re: Limit emails per hour per domain
So, to conclude:
This works:
acl_not_smtp = acl_not_smtp
begin acl
acl_not_smtp:
deny message = Sender $sender_address rate overlimit - $sender_rate / $sender_rate_period
ratelimit = 2 / 1h / $sender_address
accept
But $sender_address is not truthful, we need to find other variable, that is in relation with authenticated username.
This works:
acl_not_smtp = acl_not_smtp
begin acl
acl_not_smtp:
deny message = Sender $sender_address rate overlimit - $sender_rate / $sender_rate_period
ratelimit = 2 / 1h / $sender_address
accept
But $sender_address is not truthful, we need to find other variable, that is in relation with authenticated username.
Re: Limit emails per hour per domain
After 8 hours of researching, I finaly figured out what is going on.
All the time I'm testing Exim by sending emails via Roundcube - and guess what - Roundcube is not configured to send email via SMTP - it's sending email with classic mail() PHP function...
:facepalm:
Since I used https://my-hostname/webmail/ - web domain 'my-hostname' is under 'admin' vesta account - and that's why Exim's $authenticated_id has 'admin' value.
Tomorrow I will see to switch Roundcube to use SMTP for sending, and then we will see what will be value of Exim's $authenticated_id variable.
All the time I'm testing Exim by sending emails via Roundcube - and guess what - Roundcube is not configured to send email via SMTP - it's sending email with classic mail() PHP function...
:facepalm:
Since I used https://my-hostname/webmail/ - web domain 'my-hostname' is under 'admin' vesta account - and that's why Exim's $authenticated_id has 'admin' value.
Tomorrow I will see to switch Roundcube to use SMTP for sending, and then we will see what will be value of Exim's $authenticated_id variable.
Re: Limit emails per hour per domain
That is interesting, in my case roundcube is running under www-data.
Anyway, wouldn't it be another solution to limit the emails sent by domain name instead of each authenticated user?
Anyway, wouldn't it be another solution to limit the emails sent by domain name instead of each authenticated user?
Re: Limit emails per hour per domain
acl_not_smtp is for case when hosting PHP scripts is sending email via mail() function, so it will works fine with $authenticated_id - you will get 'username' of site that is sending email - and you can limit 'per user' that is hosting a site(s).
Not sure why your Roundcube is running as 'www-data' - do you access Roundcube via http://server-hostname/webmail/ and does 'server-hostname' is created under 'admin' account on Vesta? You are using Apache2+nginx combination?
Anyway.
I'll try (in next 2-3 days) to figure out how to force Roundcube to send emails via SMTP (it didn't work tonight when I tried to do that, it still used mail() function even I entered SMTP host in Roundcube config file).
Next we need to see what is a ACL section for authorized SMTP user - it's probably acl_check_rcpt that Skurudo already sugested - but I'll check.
Not sure why your Roundcube is running as 'www-data' - do you access Roundcube via http://server-hostname/webmail/ and does 'server-hostname' is created under 'admin' account on Vesta? You are using Apache2+nginx combination?
Anyway.
I'll try (in next 2-3 days) to figure out how to force Roundcube to send emails via SMTP (it didn't work tonight when I tried to do that, it still used mail() function even I entered SMTP host in Roundcube config file).
Next we need to see what is a ACL section for authorized SMTP user - it's probably acl_check_rcpt that Skurudo already sugested - but I'll check.
Re: Limit emails per hour per domain
So, the one that Skurudo mentioned for acl_check_rcpt isn't working on my remote smtp apps, even if I set the limit to 3 it doesn't reject the email, no error is being logged.
The reason why mine says www-data is because I have upgraded roundcube and moved it from it's original location.
The reason why mine says www-data is because I have upgraded roundcube and moved it from it's original location.
Re: Limit emails per hour per domain
Actually it works! :D
But with little modifications.
This is what I did.
This example will limit user and website to send 20 emails per hour.
File to edit: /etc/exim4/exim4.conf.template
(I bolded parts that I added)
acl_not_smtp = acl_not_smtp
begin acl
# for PHP scripts, limit per vesta user
acl_not_smtp:
deny message = Web site of $authenticated_id user is sending too much emails - rate overlimit = $sender_rate / $sender_rate_period
ratelimit = 20 / 1h / $authenticated_id
accept
...
acl_check_rcpt:
accept hosts = :
# for SMTP authenticated users, limit per email account
deny message = Email account $authenticated_id is sending too much emails - rate overlimit = $sender_rate / $sender_rate_period
ratelimit = 20 / 1h / $authenticated_id
But with little modifications.
This is what I did.
This example will limit user and website to send 20 emails per hour.
File to edit: /etc/exim4/exim4.conf.template
(I bolded parts that I added)
acl_not_smtp = acl_not_smtp
begin acl
# for PHP scripts, limit per vesta user
acl_not_smtp:
deny message = Web site of $authenticated_id user is sending too much emails - rate overlimit = $sender_rate / $sender_rate_period
ratelimit = 20 / 1h / $authenticated_id
accept
...
acl_check_rcpt:
accept hosts = :
# for SMTP authenticated users, limit per email account
deny message = Email account $authenticated_id is sending too much emails - rate overlimit = $sender_rate / $sender_rate_period
ratelimit = 20 / 1h / $authenticated_id
Re: Limit emails per hour per domain
Now I just need to figure out how to force Roundcube to use SMTP, because it still uses mail() function even I entered SMTP host in Roundcube config file...
Re: Limit emails per hour per domain
Solved.
/etc/roundcube/defaults.inc.php must be edited this way:
$config['smtp_server'] = 'localhost';
// SMTP port (default is 25; use 587 for STARTTLS or 465 for the
// deprecated SSL over SMTP (aka SMTPS))
$config['smtp_port'] = 25;
// SMTP username (if required) if you use %u as the username Roundcube
// will use the current username for login
$config['smtp_user'] = '%u';
// SMTP password (if required) if you use %p as the password Roundcube
// will use the current user's password for login
$config['smtp_pass'] = '%p';
/etc/roundcube/defaults.inc.php must be edited this way:
$config['smtp_server'] = 'localhost';
// SMTP port (default is 25; use 587 for STARTTLS or 465 for the
// deprecated SSL over SMTP (aka SMTPS))
$config['smtp_port'] = 25;
// SMTP username (if required) if you use %u as the username Roundcube
// will use the current username for login
$config['smtp_user'] = '%u';
// SMTP password (if required) if you use %p as the password Roundcube
// will use the current user's password for login
$config['smtp_pass'] = '%p';