[milters] Archive

Lists Index Date Thread Search

Article: 182
From: Anthony Howe
Date: 2009-11-19 10:48:27 -0500
Subject: Re: milter-limit: different limits based

Edda uttered...:
> We want to limit the number of messages sent via SMTP AUTH (because of
> possibly stolen accounts). This limit should only be implemented for
> sender IPs from outside the customers networks.
> 
> Because the auth tags precede the connect tags I don't see how this
> can be done. Is it possible to configure it?

The current precedence order of the tags is not the issue as I see it.
Connect would always have lowest precedence. You would need combo-tags
like a milter-limit-connect:ip:auth:user or some such. BarricadeMX has
some combo-tags (nothing like this suggestion), but none of the milters do.

To tie AUTH limits to different IPs so that you could say something like:

milter-limit-connect:192.168:auth:fred		-1
milter-limit-connect:				10

Would require the introduction of combo tags and some thought as to
precedence and interaction. Other combo tags, based on the work done in
BarricadeMX would also be considered, but the number of combinations
possible for generic all purpose use makes things a little messy.

In BarricadeMX we have a limited set of combo tags for B/W listing and
none applied to limits:

connect:from:
connect:to:
from:to:

If you treat AUTH like MAIL FROM: then I'd need to consider:

connect:auth:
auth:to:

and the precedence order; probably off the top of my head:

connect:auth:
auth:to:
auth:
connect:to:
from:to:
to:
connect:from:
from:
connect:

Not sure. Just idle brain storm.

-- 
Anthony C Howe            Skype: SirWumpus                  SnertSoft
+33 6 11 89 73 78       Twitter: SirWumpus      BarricadeMX & Milters
http://snert.com/      http://nanozen.info/     http://snertsoft.com/

Lists Index Date Thread Search