Ratelimit ACL

[4u123]

Could someone possibly tell me if anything I'm saying here is wrong...

I'm totally baffled by this new ACL - it looks like it allows only one email per hour in to the server from any particular address. 1 per hour ?! are you kidding ?

It looks like the default limit is 1.2 / 1h which, according to the explanation here http://www.exim-new-users.co.uk/content/view/65/39/ (section 39.30) means 1.2 messages per hour.

How can you have .2 of a message ?

So basically, under the new ACL - if a host sends more than 1 message per hour in to the server, that host is "ratelimited" i.e the email is rejected - "temporarily". is this like greylisting ? Does it delay the message and ask the sending mta to retry ? I dont think so. I think it returns the message to the sender saying something like - sorry youve reached your 1 email per hour quota - please try later.

Example from my log....

temporarily rejected connection in "connect" ACL: "Host is ratelimited (2.0/1h max:1.2)"

The sender has sent 2 emails into the server within an hour - so the connection is "temporarily rejected".

Thats pretty crap if you ask me. Its perfectly normal for people to send 5 or 6 emails to each other within an hour - then theres corporate mail servers and of course ISP and other mail providers such as hotmail etc etc - where one mail server could realistically send 10 or 20 messages to different domains or addresses on your server within an hour.

Apart from disabling this ACL completely, which seems to be the only sensible option - is there anything that could be done to improve this ? Can the 1.2 / 1h rate be changed to something a bit more realistic ?

[4u123]

Ok I'm confused....

I sent 4 test emails to a random address on one of our servers and then watched the log.

I saw the mail being delivered with the following warnings..

Warning: Sender rate 2.1 / 1h

Warning: Sender rate 3.0 / 1h

Warning: Sender rate 4.0 / 1h etc

I wasnt rate limited, the mail was delivered fine. I've obviously mis-understood how this works, even after reading the documentation. Its clearly gone over my head. Could someone possibly explain to me in simple terms how this works exactly ?

When I see in the log...

temporarily rejected connection in "connect" ACL: "Host is ratelimited (2.0/1h max:1.2)"

Is this an average over a number of hours ? Why does that host get rejected when I dont and my sender rate is 4.0 - higher than the rejected host which is 2.0 ?

I'm just trying to understand it.

[cpanelnick]

Sender Rates are just shown (not enforced if you have it checked) for connivence

Add sender rates to the mail log is the option for this in the exim config editor

Ratelimits for connections are enforced if you have

Ratelimit: incoming SMTP connections that do not send QUIT. [?] checked

[4u123]

Thanks for your reply...

So to clarify,

If the option is enabled, only connections that dont send QUIT are ratelimited ?

[Arvy]

In general, connections that do not send QUIT most times are spam tools. Real mail servers must follow the RFC specs, and all known mail servers send, if the mail was sent ok or not. I myself like this cPanel option.

[4u123]

Yeah I think its great, now that I understand it.

[valkira]

Is there a way to use ratelimits but to allow some IP's to be whitelisted?

But not "Whitelist: Bypass all SMTP time recipient/sender/spam/relay checks", only ratelimits?

[InfiniteNetwork]

I would like to know this one too, I have email delays as the cpanel will not accept mail from my spam gateway. I would like to whitelist certain servers.

[ramorse]

You add the mail server to "** Whitelist: Backup Mail Hosts (bypass all smtp ratelimits) [EDIT] [?]". That's what I have had to do for a couple servers that refuse to fix their mail servers, but it's crucial clients get the email from them. I don't know of another way.