The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

New ACL RateLimit feature

Discussion in 'General Discussion' started by bsasninja, Sep 12, 2007.

  1. bsasninja

    bsasninja Well-Known Member

    Joined:
    Sep 2, 2004
    Messages:
    528
    Likes Received:
    0
    Trophy Points:
    16
    I want to ask something about the ratelimit feature, cause I didnt find anything at the web of how it works.

    at the top are these lines

    acl_smtp_notquit = acl_notquit
    acl_smtp_connect = acl_connect

    and at ACL section is:

    acl_connect:


    # ignore pop before smtp
    accept condition = ${if match_ip{$sender_host_address}{iplsearch;/etc/relayhost
    s}{1}{${if eq{$sender_host_address}{127.0.0.1}{1}{0}}}}
    accept hosts = +relay_hosts

    #only rate limit port 25
    accept condition = ${if eq {$interface_port}{25}{no}{yes}}

    defer
    message = The server has reached its limit for processing requests from your
    host. Please try again later.
    log_message = Host is ratelimited
    ratelimit = 1 / 2h / per_conn / noupdate

    accept

    # do not change the comment in the line below, it is required for /usr/local/cpa
    nel/bin/check_exim_config
    #acl_smtp_notquit is required for this to work (exim 4.68)

    acl_notquit:

    # ignore authenticated hosts
    accept authenticated = *

    # ignore pop before smtp
    accept condition = ${if match_ip{$sender_host_address}{iplsearch;/etc/relayhost
    s}{1}{${if eq{$sender_host_address}{127.0.0.1}{1}{0}}}}
    accept hosts = +relay_hosts

    #only rate limit port 25
    accept condition = ${if eq {$interface_port}{25}{no}{yes}}

    warn condition = ${if match {$smtp_notquit_reason}{command}{yes}{no}}
    logwrite = Host Ratelimited: ${sender_host_address}: $smtp_notquit_reason
    ratelimit = 1 / 2h / per_conn


    I want to know how the rule works and what ratelimit = 1 / 2h / per_conn / noupdate and ratelimit = 1 / 2h / per_conn means.

    These values are fine for normal use? Could I have some problems with ratelimit?¿
     
  2. anton_latvia

    anton_latvia Well-Known Member
    PartnerNOC

    Joined:
    May 11, 2004
    Messages:
    348
    Likes Received:
    3
    Trophy Points:
    18
    Location:
    Latvia
    cPanel Access Level:
    Root Administrator
    Today one of our customers, which emails are being processed by third-party and then forwarded to our server, stopped receiving emails. On that third-party admins told me, they are getting this error, when trying to connect to exim:

    The server has reached its limit for processing requests from your host. Please try again later.

    Question is - where can I set this limit? In WHM->Tweak Settings it's all set to 0/unlimited.

    Please advice. :confused:

    Anton.
     
  3. vidarn

    vidarn Member

    Joined:
    Jun 22, 2007
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
  4. opt2bout

    opt2bout Well-Known Member

    Joined:
    Nov 10, 2006
    Messages:
    58
    Likes Received:
    0
    Trophy Points:
    6
    The ACLS for the ratelimit Exim functionality are "compiled" into the running exim.conf build using the [% ACL_CONNECT_BLOCK %] parameter.

    cPanel retrieves a file named ratelimit.bz2 from cPanel during an update (it places it in the /usr/local/cpanel/etc/exim/acls/ACL_CONNECT_BLOCK directory as a file named "ratelimit") and then (I assume) it uses the content of that file to build the running exim.conf.

    This file contains (as of today) the following...

    I assume that, since this file is retrieved every time a cPanel update is made, it would be useless to edit this specific file.

    So I guess you can remark out the line [% ACL_CONTENT_BLOCK %] line in the ACL section of the Advanced Exim config in WHM and then add the above content with the adjustments you need (based on the Exim documentation on the ratelimit feature).

    Here is another thread on the matter for whitelisting ratelimits ...

    http://forums.cpanel.net/showthread.php?t=70994&highlight=acl_connect

    The only other thing I have found is to turn off the rate limit function in the basic section of the Exim configuration...as we are constantly warned...if you change the exim.conf outside of whm, your changes will be lost!

    Kevin
     
    #4 opt2bout, Sep 18, 2007
    Last edited: Sep 18, 2007
  5. anton_latvia

    anton_latvia Well-Known Member
    PartnerNOC

    Joined:
    May 11, 2004
    Messages:
    348
    Likes Received:
    3
    Trophy Points:
    18
    Location:
    Latvia
    cPanel Access Level:
    Root Administrator
    yep, I have also saw, that latest WHM build has got an option to disable ratelimit feature. This, though looks as a good one, except that I would like to have more control over it - set hosts, for which ratelimit would not be applied, set ratelimit amount and so on. Do you know how to do that?

    Anton.
     
  6. opt2bout

    opt2bout Well-Known Member

    Joined:
    Nov 10, 2006
    Messages:
    58
    Likes Received:
    0
    Trophy Points:
    6
    Anton,

    I had edited my post (I thought) before anyone replied, but just to make sure...

    I think the aforementioned thread on this forum would address your concerns for whitelisting specific hosts. I would then check the exim configuration options on ratelimits to adjust the default settings.

    Kevin
     
Loading...

Share This Page