diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2016-01-22 18:20:09 +0000 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2016-01-22 18:20:09 +0000 |
| commit | 20df8e568ba3d77900847fd3612d2047d45f54af (patch) | |
| tree | d78386f7ac579317a9d120d290ec11daa93f9faa /doc/markdown/modules | |
| parent | f9cdbed9ded932d7e54aef4b4936d70c84646f1f (diff) | |
| download | rspamd-20df8e568ba3d77900847fd3612d2047d45f54af.tar.gz rspamd-20df8e568ba3d77900847fd3612d2047d45f54af.zip | |
Rework ratelimits documentation
Diffstat (limited to 'doc/markdown/modules')
| -rw-r--r-- | doc/markdown/modules/ratelimit.md | 60 |
1 files changed, 32 insertions, 28 deletions
diff --git a/doc/markdown/modules/ratelimit.md b/doc/markdown/modules/ratelimit.md index dc0ac3ae0..9c20c16d7 100644 --- a/doc/markdown/modules/ratelimit.md +++ b/doc/markdown/modules/ratelimit.md @@ -4,6 +4,38 @@ Ratelimit plugin is designed to limit messages coming from certain senders, to certain recipients from certain IP addresses combining these parameters into a separate limits. +All limits are stored in [redis](http://redis.io) server (or servers cluster) to enable +shared cache between different scanners. + +## Module configuration + +In the default configuration, there are no cache servers specified, hence, the module won't work unless you add this option to the configuration. + +`Ratelimit` module supports the following configuration options: + +- `servers` - list of servers where ratelimit data is stored +- `whitelisted_rcpts` - comma separated list of whitelisted recipients. By default +the value of this option is 'postmaster, mailer-daemon' +- `whitelisted_ip` - a map of ip addresses or networks whitelisted +- `max_rcpts` - do not apply ratelimit if it contains more than this value of recipients (5 by default). This +option allows to avoid too many work for setting buckets if there are a lot of recipients in a message). +- `rates` - a table of allowed rates in form: + + type = [burst,leak]; + +Where `type` is one of: + +- `to` +- `to_ip` +- `to_ip_from` +- `bounce_to` +- `bounce_to_ip` + +`burst` is a capacity of a bucket and `leak` is a rate in messages per second. +Both these attributes are floating point values. + +- `symbol` - if this option is specified, then `ratelimit` plugin just adds the corresponding symbol instead of setting pre-result, the value is scaled as $$ 2 * tanh(\frac{bucket}{threshold * 2}) $$, where `tanh` is the hyperbolic tanhent function + ## Principles of work The basic principle of ratelimiting in rspamd is called `leaked bucket`. It could @@ -60,31 +92,3 @@ local settings = { user = {0, 0.01666666667} } ~~~ - -All limits are stored in [redis](http://redis.io) server (or servers cluster). - -## Module configuration - -`Ratelimit` module can be configured to setup the following: - -- `whitelisted_rcpts` - comma separated list of whitelisted recipients. By default -the value of this option is 'postmaster, mailer-daemon' -- `whitelisted_ip` - a map of ip addresses or networks whitelisted -- `max_rcpts` - do not apply ratelimit if it contains more than this value of recipients (5 by default). This -option allows to avoid too many work for setting buckets if there are a lot of recipients in a message). -- `rates` - a table of allowed rates in form: - - type = [burst,leak]; - -Where `type` is one of: - -- `to` -- `to_ip` -- `to_ip_from` -- `bounce_to` -- `bounce_to_ip` - -`burst` is a capacity of a bucket and `leak` is a rate in messages per second. -Both these attributes are floating point values. - -- `symbol` - if this option is specified, then `ratelimit` plugin just adds the corresponding symbol instead of setting pre-result, the value is scaled as $$ 2 * tanh(\frac{bucket}{threshold * 2}) $$, where `tanh` is the hyperbolic tanhent function |