[milters] Archive

Lists Index Date Thread Search

Article: 1345
From: Anthony Howe
Date: 2006-12-04 14:16:53 -0500
Subject: Re: Is milter-limit per IP aware?

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Christopher Lindsey wrote:
> I've been having problems getting this through to the list; I haven't 
> received a copy in my mailbox or seen it on the Web archive after posting
> twice last week.

Have you white listed the mailing list?

> Is there any way to limit inbound connections on a per IP basis with
> milter-limit?
> 
> I understand that I can say 'only allow n messages from this IP range',
> but is it possible to say 'only allow n messages for each system in
> this IP range?'

This sound like you want to look at Sendmail's access tags for:

	ClientRate
	ClientConn

See cf/README for:

	FEATURE(`conncontrol', `nodelay', `terminate')dnl
	FEATURE(`ratecontrol', `nodelay', `terminate')dnl
	define(`confCONNECTION_RATE_THROTTLE', `4')dnl

milter-limit limits messages, not connections. A single connection can 
pass multiple messages.

> In simpler terms, I only want to allow 100 messages per hour from any IP
> address, but I don't want to list each individual address in two /16s.
> 
> It wasn't clear to me if the 'cache-by-individual' option did this, or if
> it was just a way to store data so that multiple rule groups can share the
> same data.

Huh?

+cache-by-individual is what you want. In hind sight it should have been 
the original behaviour and not an option, but that evolution for ya.

-- 
Anthony C Howe          Skype: SirWumpus                    SnertSoft
+33 6 11 89 73 78         AIM: SirWumpus    Sendmail Milter Solutions
http://www.snert.com/     ICQ: 7116561
     http://www.snertsoft.com/

Lists Index Date Thread Search