Community Forums
Connect with us on LinkedIn
Community Notice
+ Reply to Thread
Results 1 to 9 of 9
  1. #1
    cPanel Partner NOC cPanel Partner NOC Badge
    Join Date
    Jan 2006
    Posts
    640

    Default Ratelimit ACL

    Could someone possibly tell me if anything I'm saying here is wrong...

    I'm totally baffled by this new ACL - it looks like it allows only one email per hour in to the server from any particular address. 1 per hour ?! are you kidding ?

    It looks like the default limit is 1.2 / 1h which, according to the explanation here http://www.exim-new-users.co.uk/content/view/65/39/ (section 39.30) means 1.2 messages per hour.

    How can you have .2 of a message ?

    So basically, under the new ACL - if a host sends more than 1 message per hour in to the server, that host is "ratelimited" i.e the email is rejected - "temporarily". is this like greylisting ? Does it delay the message and ask the sending mta to retry ? I dont think so. I think it returns the message to the sender saying something like - sorry youve reached your 1 email per hour quota - please try later.

    Example from my log....

    temporarily rejected connection in "connect" ACL: "Host is ratelimited (2.0/1h max:1.2)"

    The sender has sent 2 emails into the server within an hour - so the connection is "temporarily rejected".

    Thats pretty crap if you ask me. Its perfectly normal for people to send 5 or 6 emails to each other within an hour - then theres corporate mail servers and of course ISP and other mail providers such as hotmail etc etc - where one mail server could realistically send 10 or 20 messages to different domains or addresses on your server within an hour.

    Apart from disabling this ACL completely, which seems to be the only sensible option - is there anything that could be done to improve this ? Can the 1.2 / 1h rate be changed to something a bit more realistic ?
    Last edited by 4u123; 01-06-2008 at 01:15 PM. Reason: sp

  2. #2
    cPanel Partner NOC cPanel Partner NOC Badge
    Join Date
    Jan 2006
    Posts
    640

    Default

    Ok I'm confused....

    I sent 4 test emails to a random address on one of our servers and then watched the log.

    I saw the mail being delivered with the following warnings..

    Warning: Sender rate 2.1 / 1h

    Warning: Sender rate 3.0 / 1h

    Warning: Sender rate 4.0 / 1h etc

    I wasnt rate limited, the mail was delivered fine. I've obviously mis-understood how this works, even after reading the documentation. Its clearly gone over my head. Could someone possibly explain to me in simple terms how this works exactly ?

    When I see in the log...

    temporarily rejected connection in "connect" ACL: "Host is ratelimited (2.0/1h max:1.2)"

    Is this an average over a number of hours ? Why does that host get rejected when I dont and my sender rate is 4.0 - higher than the rejected host which is 2.0 ?

    I'm just trying to understand it.

  3. #3
    cPanel Staff cpanelnick's Avatar
    Join Date
    Feb 2003
    Location
    Houston, TX
    Posts
    4,514

    Default

    Sender Rates are just shown (not enforced if you have it checked) for connivence

    Add sender rates to the mail log is the option for this in the exim config editor

    Ratelimits for connections are enforced if you have

    Ratelimit: incoming SMTP connections that do not send QUIT. [?] checked

  4. #4
    cPanel Partner NOC cPanel Partner NOC Badge
    Join Date
    Jan 2006
    Posts
    640

    Default

    Thanks for your reply...

    So to clarify,

    If the option is enabled, only connections that dont send QUIT are ratelimited ?

  5. #5
    Member
    Join Date
    Oct 2006
    Location
    Brazil
    Posts
    50

    Default

    In general, connections that do not send QUIT most times are spam tools. Real mail servers must follow the RFC specs, and all known mail servers send, if the mail was sent ok or not. I myself like this cPanel option.

  6. #6
    cPanel Partner NOC cPanel Partner NOC Badge
    Join Date
    Jan 2006
    Posts
    640

    Default

    Yeah I think its great, now that I understand it.

  7. #7
    Member
    Join Date
    May 2004
    Location
    Croatia
    Posts
    36

    Default

    Is there a way to use ratelimits but to allow some IP's to be whitelisted?

    But not "Whitelist: Bypass all SMTP time recipient/sender/spam/relay checks", only ratelimits?

  8. #8
    Member
    Join Date
    Jun 2003
    Location
    Canberra, Australia
    Posts
    24

    Default

    I would like to know this one too, I have email delays as the cpanel will not accept mail from my spam gateway. I would like to whitelist certain servers.

  9. #9
    Member
    Join Date
    Sep 2003
    Posts
    68

    Default

    You add the mail server to "** Whitelist: Backup Mail Hosts (bypass all smtp ratelimits) [EDIT] [?]". That's what I have had to do for a couple servers that refuse to fix their mail servers, but it's crucial clients get the email from them. I don't know of another way.

Similar Threads & Tags
Similar threads

  1. Ratelimit Backscatter ACL ?
    By RickG in forum E-mail Discussions
    Replies: 3
    Last Post: 07-31-2008, 04:49 PM
  2. exim_mainlog x acl ratelimit
    By webstyler in forum E-mail Discussions
    Replies: 1
    Last Post: 06-13-2008, 05:26 AM
  3. New ACL RateLimit feature
    By bsasninja in forum cPanel and WHM Discussions
    Replies: 5
    Last Post: 09-19-2007, 09:56 AM
  4. Exim 4.60 and ratelimit
    By fmalekpour in forum cPanel and WHM Discussions
    Replies: 9
    Last Post: 09-08-2007, 05:18 AM
  5. Upgrade to 11.6.0-C14666: Internal Error! Missing acl group for acl
    By isputra in forum cPanel and WHM Discussions
    Replies: 7
    Last Post: 08-10-2007, 10:58 AM
Linkedin       Facebook       Twitter       RSS       Flickr       YouTube