From c73e9fc202f217a3c74103c27417c5243465a20f Mon Sep 17 00:00:00 2001 From: Vsevolod Stakhov Date: Mon, 30 Nov 2015 16:14:47 +0000 Subject: Rework ratelimit plugin - Switch to `rates` instead of old and stupid strings to setup - Check if a bucket is zero and disable the corresponding limits - Turn off all buckets by default - Check either `rcpt` or `user` buckets, not all together - Document new `rates` and `symbol` options - Inform user about what buckets are used in the configuration --- conf/modules.d/ratelimit.conf | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) (limited to 'conf/modules.d') diff --git a/conf/modules.d/ratelimit.conf b/conf/modules.d/ratelimit.conf index c6f243708..317957ac4 100644 --- a/conf/modules.d/ratelimit.conf +++ b/conf/modules.d/ratelimit.conf @@ -1,11 +1,21 @@ ratelimit { .include(try=true,priority=1) "${DBDIR}/dynamic/ratelimit.conf" - limit = "to:100:0.033333333"; - limit = "to_ip:30:0.025"; - limit = "to_ip_from:20:0.01666666667"; - limit = "bounce_to:10:0.000555556"; - limit = "bounce_to_ip:5:0.000277778"; - limit = "user:20:0.01666666667"; + rates { + # Limit for all mail per recipient (burst 100, rate 2 per minute) + to = [100, 0.033333333]; + # Limit for all mail per one source ip (burst 30, rate 1.5 per minute) + to_ip = [30, 0.025]; + # Limit for all mail per one source ip and from address (burst 20, rate 1 per minute) + to_ip_from = [20, 0.01666666667]; + # Limit for all bounce mail (burst 10, rate 2 per hour) + bounce_to = [10, 0.000555556]; + # Limit for bounce mail per one source ip (burst 5, rate 1 per hour) + bounce_to_ip = [5, 0.000277778]; + # Limit for all mail per authenticated user (burst 20, rate 1 per minute) + user = [20, 0.01666666667]; + } + # If symbol is specified, then it is inserted instead of setting result + #symbol = "R_RATELIMIT"; whitelisted_rcpts = "postmaster,mailer-daemon"; max_rcpt = 5; -} \ No newline at end of file +} -- cgit v1.2.3