New ACL RateLimit feature

[bsasninja]

I want to ask something about the ratelimit feature, cause I didnt find anything at the web of how it works.

at the top are these lines

acl_smtp_notquit = acl_notquit
acl_smtp_connect = acl_connect

and at ACL section is:

acl_connect:


# ignore pop before smtp
accept condition = ${if match_ip{$sender_host_address}{iplsearch;/etc/relayhost
s}{1}{${if eq{$sender_host_address}{127.0.0.1}{1}{0}}}}
accept hosts = +relay_hosts

#only rate limit port 25
accept condition = ${if eq {$interface_port}{25}{no}{yes}}

defer
message = The server has reached its limit for processing requests from your
host. Please try again later.
log_message = Host is ratelimited
ratelimit = 1 / 2h / per_conn / noupdate

accept

# do not change the comment in the line below, it is required for /usr/local/cpa
nel/bin/check_exim_config
#acl_smtp_notquit is required for this to work (exim 4.68)

acl_notquit:

# ignore authenticated hosts
accept authenticated = *

# ignore pop before smtp
accept condition = ${if match_ip{$sender_host_address}{iplsearch;/etc/relayhost
s}{1}{${if eq{$sender_host_address}{127.0.0.1}{1}{0}}}}
accept hosts = +relay_hosts

#only rate limit port 25
accept condition = ${if eq {$interface_port}{25}{no}{yes}}

warn condition = ${if match {$smtp_notquit_reason}{command}{yes}{no}}
logwrite = Host Ratelimited: ${sender_host_address}: $smtp_notquit_reason
ratelimit = 1 / 2h / per_conn


I want to know how the rule works and what ratelimit = 1 / 2h / per_conn / noupdate and ratelimit = 1 / 2h / per_conn means.

These values are fine for normal use? Could I have some problems with ratelimit?¿

[anton_latvia]

Today one of our customers, which emails are being processed by third-party and then forwarded to our server, stopped receiving emails. On that third-party admins told me, they are getting this error, when trying to connect to exim:

The server has reached its limit for processing requests from your host. Please try again later.

Question is - where can I set this limit? In WHM->Tweak Settings it's all set to 0/unlimited.

Please advice.

Anton.

[vidarn]

This is the relevant part of Exim's documentation:
http://exim.org/exim-html-current/do...html#useratlim

I still can't seem to find ways to change this in WHM..

[opt2bout]

The ACLS for the ratelimit Exim functionality are "compiled" into the running exim.conf build using the [% ACL_CONNECT_BLOCK %] parameter.

cPanel retrieves a file named ratelimit.bz2 from cPanel during an update (it places it in the /usr/local/cpanel/etc/exim/acls/ACL_CONNECT_BLOCK directory as a file named "ratelimit") and then (I assume) it uses the content of that file to build the running exim.conf.

This file contains (as of today) the following...

# ignore pop before smtp
accept condition = ${if match_ip{$sender_host_address}{iplsearch;/etc/relayhosts}{1}{${if eq{$sender_host_address}{127.0.0.1}{1}{0}}}}
accept hosts = +relay_hosts

#only rate limit port 25
accept condition = ${if eq {$interface_port}{25}{no}{yes}}

defer
message = The server has reached its limit for processing requests from your host. Please try again later.
log_message = Host is ratelimited
ratelimit = 1 / 2h / per_conn / noupdate

accept

I assume that, since this file is retrieved every time a cPanel update is made, it would be useless to edit this specific file.

So I guess you can remark out the line [% ACL_CONTENT_BLOCK %] line in the ACL section of the Advanced Exim config in WHM and then add the above content with the adjustments you need (based on the Exim documentation on the ratelimit feature).

Here is another thread on the matter for whitelisting ratelimits ...

http://forums.cpanel.net/showthread....ht=acl_connect

The only other thing I have found is to turn off the rate limit function in the basic section of the Exim configuration...as we are constantly warned...if you change the exim.conf outside of whm, your changes will be lost!

Kevin

[anton_latvia]

yep, I have also saw, that latest WHM build has got an option to disable ratelimit feature. This, though looks as a good one, except that I would like to have more control over it - set hosts, for which ratelimit would not be applied, set ratelimit amount and so on. Do you know how to do that?

Anton.

[opt2bout]

Anton,

I had edited my post (I thought) before anyone replied, but just to make sure...

So I guess you can remark out the line [% ACL_CONTENT_BLOCK %] line in the ACL section of the Advanced Exim config in WHM and then add the above content with the adjustments you need (based on the Exim documentation on the ratelimit feature).

Here is another thread on the matter for whitelisting ratelimits ...

http://forums.cpanel.net/showthread....ht=acl_connect

I think the aforementioned thread on this forum would address your concerns for whitelisting specific hosts. I would then check the exim configuration options on ratelimits to adjust the default settings.

Kevin