The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Ratelimit ACL

Discussion in 'E-mail Discussions' started by 4u123, Jan 6, 2008.

  1. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    765
    Likes Received:
    1
    Trophy Points:
    18
    Could someone possibly tell me if anything I'm saying here is wrong...

    I'm totally baffled by this new ACL - it looks like it allows only one email per hour in to the server from any particular address. 1 per hour ?! are you kidding ?

    It looks like the default limit is 1.2 / 1h which, according to the explanation here http://www.exim-new-users.co.uk/content/view/65/39/ (section 39.30) means 1.2 messages per hour.

    How can you have .2 of a message ?

    So basically, under the new ACL - if a host sends more than 1 message per hour in to the server, that host is "ratelimited" i.e the email is rejected - "temporarily". is this like greylisting ? Does it delay the message and ask the sending mta to retry ? I dont think so. I think it returns the message to the sender saying something like - sorry youve reached your 1 email per hour quota - please try later.

    Example from my log....

    temporarily rejected connection in "connect" ACL: "Host is ratelimited (2.0/1h max:1.2)"

    The sender has sent 2 emails into the server within an hour - so the connection is "temporarily rejected".

    Thats pretty crap if you ask me. Its perfectly normal for people to send 5 or 6 emails to each other within an hour - then theres corporate mail servers and of course ISP and other mail providers such as hotmail etc etc - where one mail server could realistically send 10 or 20 messages to different domains or addresses on your server within an hour.

    Apart from disabling this ACL completely, which seems to be the only sensible option - is there anything that could be done to improve this ? Can the 1.2 / 1h rate be changed to something a bit more realistic ?
     
    #1 4u123, Jan 6, 2008
    Last edited: Jan 6, 2008
  2. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    765
    Likes Received:
    1
    Trophy Points:
    18
    Ok I'm confused....

    I sent 4 test emails to a random address on one of our servers and then watched the log.

    I saw the mail being delivered with the following warnings..

    Warning: Sender rate 2.1 / 1h

    Warning: Sender rate 3.0 / 1h

    Warning: Sender rate 4.0 / 1h etc

    I wasnt rate limited, the mail was delivered fine. I've obviously mis-understood how this works, even after reading the documentation. Its clearly gone over my head. Could someone possibly explain to me in simple terms how this works exactly ?

    When I see in the log...

    temporarily rejected connection in "connect" ACL: "Host is ratelimited (2.0/1h max:1.2)"

    Is this an average over a number of hours ? Why does that host get rejected when I dont and my sender rate is 4.0 - higher than the rejected host which is 2.0 ?

    I'm just trying to understand it.
     
  3. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    Sender Rates are just shown (not enforced if you have it checked) for connivence

    Add sender rates to the mail log is the option for this in the exim config editor

    Ratelimits for connections are enforced if you have

    Ratelimit: incoming SMTP connections that do not send QUIT. [?] checked
     
  4. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    765
    Likes Received:
    1
    Trophy Points:
    18
    Thanks for your reply...

    So to clarify,

    If the option is enabled, only connections that dont send QUIT are ratelimited ?
     
  5. Arvy

    Arvy Well-Known Member

    Joined:
    Oct 3, 2006
    Messages:
    92
    Likes Received:
    3
    Trophy Points:
    8
    Location:
    Brazil
    cPanel Access Level:
    Root Administrator
    Twitter:
    In general, connections that do not send QUIT most times are spam tools. Real mail servers must follow the RFC specs, and all known mail servers send, if the mail was sent ok or not. I myself like this cPanel option.
     
  6. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    765
    Likes Received:
    1
    Trophy Points:
    18
    Yeah I think its great, now that I understand it.
     
  7. valkira

    valkira Active Member

    Joined:
    May 3, 2004
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Croatia
    cPanel Access Level:
    Root Administrator
    Is there a way to use ratelimits but to allow some IP's to be whitelisted?

    But not "Whitelist: Bypass all SMTP time recipient/sender/spam/relay checks", only ratelimits?
     
  8. InfiniteNetwork

    Joined:
    Jun 25, 2003
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canberra, Australia
    I would like to know this one too, I have email delays as the cpanel will not accept mail from my spam gateway. I would like to whitelist certain servers.
     
  9. ramorse

    ramorse Well-Known Member

    Joined:
    Sep 6, 2003
    Messages:
    201
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    You add the mail server to "** Whitelist: Backup Mail Hosts (bypass all smtp ratelimits) [EDIT] [?]". That's what I have had to do for a couple servers that refuse to fix their mail servers, but it's crucial clients get the email from them. I don't know of another way.
     
Loading...

Share This Page