Mercurial > dnsbl

diff xml/dnsbl.in @ 136:f4746d8a12a3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
add smtp auth rate limits
author carl
date Tue, 26 Sep 2006 13:59:14 -0700
parents 2b1a4701e856
children 4028de9b46dd
line wrap: on
line diff
--- a/xml/dnsbl.in	Wed Aug 02 21:33:34 2006 -0700
+++ b/xml/dnsbl.in	Tue Sep 26 13:59:14 2006 -0700
@@ -171,6 +171,11 @@
                 specified limit.
             </para>
             <para>
+                This milter can also impose hourly rate limits on the number of
+                recipients accepted from SMTP AUTH connections, that would otherwise be
+                allowed to relay thru this mail server with no spam filtering.
+            </para>
+            <para>
                 The DNSBL milter reads a text configuration file (dnsbl.conf) on
                 startup, and whenever the config file (or any of the referenced include
                 files) is changed.  The entire configuration file is case insensitive.
@@ -247,10 +252,12 @@
         <refsect1 id='filtering.1'>
             <title>Filtering Procedure</title>
             <para>
-                If the client has authenticated with sendmail, the mail is accepted, the
-                filtering contexts are not used, the dns lists are not checked, and the
-                body content is not scanned.  Otherwise, we follow these steps for each
-                recipient.
+                If the client has authenticated with sendmail, the rate limits are
+                checked.  If the authenticated user has not exceeded the hourly rate
+                limits, then the mail is accepted, the filtering contexts are not used,
+                the dns lists are not checked, and the body content is not scanned.  If
+                the client has not authenticated with sendmail, we follow these steps
+                for each recipient.
             </para>
             <orderedlist>
                 <listitem><para>
@@ -449,11 +456,6 @@
                 The following ideas are under consideration.
             </para>
             <para>
-                Add mail volume limits based on smtp auth accounts, to prevent
-                customers from sending too much mail. This should catch customers
-                that get infected with malware that knows about smtp auth.
-            </para>
-            <para>
                 Add a per-context option to reject mail if the number of digits in
                 the reverse dns client name exceeds some threshold.
             </para>
@@ -523,7 +525,7 @@
 CONFIG     = {CONTEXT ";"}+
 CONTEXT    = "context" NAME "{" {STATEMENT}+ "}"
 STATEMENT  = (DNSBL | DNSBLLIST | CONTENT | ENV-TO | VERIFY |
-                                           CONTEXT | ENV-FROM) ";"
+                             CONTEXT | ENV-FROM | RATE-LIMIT) ";"
 
 DNSBL      = "dnsbl" NAME DNSPREFIX ERROR-MSG1
 
@@ -560,6 +562,10 @@
 ENV_FROM   = "env_from" [DEFAULT] "{" {(FROM-ADDR | DCC-FROM)}+ "}"
 FROM-ADDR  = ADDRESS VALUE [";"]
 DCC-FROM   = "dcc_from" "{" DCCINCLUDEFILE "}" ";"
+
+RATE-LIMIT = "rate_limit" "{" (RATE)+ "}"
+RATE       = USER LIMIT [";"]
+
 DEFAULT    = ("white" | "black" | "unknown" | "inherit" | "")
 ADDRESS    = (USER@ | DOMAIN | USER@DOMAIN)
 VALUE      = ("white" | "black" | "unknown" | CHILD-CONTEXT-NAME)]]></literallayout>
@@ -595,6 +601,13 @@
     env_from unknown {
         "<>"    black;
     };
+
+    // per recipient rates - only available in the default (first top level) context
+    rate_limit {
+        " "  30;    // default specified by user name composed of a single blank
+        fred 100;   // override default limits
+        joe  10;
+    };
 };
 
 context sample {