diff options
| author | eneq123 <you@example.com> | 2014-05-07 16:31:04 +0400 |
|---|---|---|
| committer | eneq123 <you@example.com> | 2014-05-07 16:31:04 +0400 |
| commit | 444b45d955b6072ab4940f29430f669859934e05 (patch) | |
| tree | 00556f44201488a77b49b16055921010f637cf7d | |
| parent | 6ec0f7ee2a708df13863c938c1918a62c6f3ebb0 (diff) | |
| download | rspamd-444b45d955b6072ab4940f29430f669859934e05.tar.gz rspamd-444b45d955b6072ab4940f29430f669859934e05.zip | |
* use the "User:" rspamc proto param for ratelimit
* fix rspamd_actions typo
* rspamd_logger added for 'Ratelimit exceeded' case
| -rw-r--r-- | conf/modules.conf | 1 | ||||
| -rw-r--r-- | src/plugins/lua/ratelimit.lua | 18 |
2 files changed, 16 insertions, 3 deletions
diff --git a/conf/modules.conf b/conf/modules.conf index 0640def55..e01575803 100644 --- a/conf/modules.conf +++ b/conf/modules.conf @@ -209,6 +209,7 @@ ratelimit { limit = "to_ip_from:20:0.01666666667"; limit = "bounce_to:10:0.000555556"; limit = "bounce_to_ip:5:0.000277778"; + limit = "user:20:0.01666666667"; whitelisted_rcpts = "postmaster,mailer-daemon"; max_rcpt = 5; } diff --git a/src/plugins/lua/ratelimit.lua b/src/plugins/lua/ratelimit.lua index 4e6a7e353..fc838dd9a 100644 --- a/src/plugins/lua/ratelimit.lua +++ b/src/plugins/lua/ratelimit.lua @@ -14,10 +14,14 @@ local settings = { -- Limit for all bounce mail (burst 10, rate 2 per hour) bounce_to = {[1] = 10, [2] = 0.000555556, [3] = 4}, -- Limit for bounce mail per one source ip (burst 5, rate 1 per hour) - bounce_to_ip = {[1] = 5 , [2] = 0.000277778, [3] = 5} + bounce_to_ip = {[1] = 5 , [2] = 0.000277778, [3] = 5}, + + -- Limit for all mail per user (authuser) (burst 20, rate 1 per minute) + user = {[1] = 20, [2] = 0.01666666667, [3] = 6} + } -- Senders that are considered as bounce -local bounce_senders = {'postmaster', 'mailer-daemon', '', 'null', 'fetchmail-daemon'} +local bounce_senders = {'postmaster', 'mailer-daemon', '', 'null', 'fetchmail-daemon', 'mdaemon'} -- Do not check ratelimits for these senders local whitelisted_rcpts = {'postmaster', 'mailer-daemon'} local whitelisted_ip = nil @@ -61,7 +65,8 @@ local function check_specific_limit (task, limit, key) rspamd_redis.make_request(task, upstream:get_ip_string(), upstream:get_port(), rate_set_key_cb, 'SET %b %b', key, lstr) if bucket > limit[1] then - task:set_pre_result(rspamd_actions['soft reject'], 'Ratelimit exceeded') + rspamd_logger.info(string.format('[%s]:soft_reject - Ratelimit exceeded', key)) + task:set_pre_result(rspamd_actions['soft_reject'], 'Ratelimit exceeded') end else rspamd_redis.make_request(task, upstream:get_ip_string(), upstream:get_port(), rate_set_key_cb, @@ -186,6 +191,11 @@ local function rate_test_set(task, func) if from then from_user = get_local_part(from[1]['addr']) end + -- Get user (authuser) + local auser = task:get_user() + if auser then + func(task, settings['user'], make_rate_key (auser, '<auth>', nil)) + end if not from_user or not rcpts_user[1] then -- Nothing to check @@ -270,6 +280,8 @@ local function parse_limit(str) set_limit(settings['bounce_to'], params[2], params[3]) elseif params[1] == 'bounce_to_ip' then set_limit(settings['bounce_to_ip'], params[2], params[3]) + elseif params[1] == 'user' then + set_limit(settings['user'], params[2], params[3]) else rspamd_logger.err('invalid limit type: ' .. params[1]) end |