Postfwd rate limit per recipient domain

Discussion in 'Installation/Configuration' started by Lmay, Mar 29, 2016.

  1. Lmay

    Lmay New Member

    Hello,
    Can anyone suggest how to configure postfwd (w/ postfix) to rate limit incoming messages per the 'destination recipient domain'?
    I tried numerous commands in postfwd.cf, while in main.cf postfwd is set under 'smtpd_recipient_restrictions', but I can never reach the desired result.

    id=RATE01 ; recipient_domain=~/.*/ ; action=rate(recipient_domain/100/60/450 4.7.1 Message delivery request rate limit exceeded)
    id=RATE01 ; action=rate($$recipient_domain/100/60/450 4.7.1 Message delivery request rate limit exceeded)
    id=RATE01 ; action=rate(recipient_domain/100/60/450 4.7.1 Message delivery request rate limit exceeded)


    Any ideas?
    Thanks!o_O
     
    Last edited: Mar 30, 2016
  2. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    This one sure looks right to me:
    The rules are first match wins, is something else matching ahead of that? What do logs say? (run with -v or even -vv)
     
  3. Lmay

    Lmay New Member

    Thanks for your reply Jesse
    with that configured, see log below... however the 150 emails I sent a specific domain still go through :confused:
    As far as the order of things, in postfix its on the top recipient_restrictions and in fwd its the only rule.

    postfwd[26632]: [STATS] postfwd 1.35: up since 0 days, 00:10:00 hours
    postfwd[26632]: [STATS] Requests: 108 overall, 108 last interval, 0.0% cache hits, 0.0% rate hits
    postfwd[26632]: [STATS] Averages: 10.8 overall, 10.8 last interval, 10.8 top
    postfwd[26632]: [STATS] Contents: 0 rules, 0 cached requests, 0 cached dns results, 29 rate limits
    postfwd[26632]: [STATS] 108 matches for id: RATE01


    Any ideas?
    Thanks
     
  4. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Looks like your postfwd rule is matching. What was the timestamp for the first and last of those? If it was within 60 seconds should have gotten the 450 reply you expected; I expect the timestamps will show more than 60 seconds, as the '0.0% rate hits' looks like it didn't reach the limit (100hits/60 seconds).

    You said you sent 150 messages, but postfwd reported 108; those should match up, are some messages being rejected ahead of postfwd(ie. before recipient restrictions) or ?

    Maybe change your limit to something very easy to reach, eg. 5/60 seconds, and send another batch of messages - that should be easy to see the rate limit hitting, to verify it works. Then just sort out why the number of messages hitting postfwd is less than expected (most likely the reason should be hidden in your mail logs).
     
  5. Lmay

    Lmay New Member

    Thanks Jesse
    It WAS whitelist above postfwd in main.cf

    Thanks!!:)
     
  6. Guilherme Oliveira

    Guilherme Oliveira New Member

    Hello,
    Jesse, could you help me ? I need to make this rule to my domain send one e-mail per-time, it´s possible? Do you make something like that?
    Thanks.
     
  7. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    To clarify, you want to enforce a limit of one email in a given time period to any address in your domain? Or maybe a per-address limit? The latter would make more sense, as receiving a single message with multiple recipients would hit such a per-domain limit. So maybe you want something like:
    Code:
    id=mydomain_recipient_2_per_5sec
      recipient_domain=mydomain.com
      action=rate(recipient/2/5/421 4.7.1 Sorry, $$recipient getting too much mail, try again soon.)
    
     
  8. Guilherme Oliveira

    Guilherme Oliveira New Member

    Jesse,

    Thanks for reply, I really need just one recipicient per message, you know if it´s possible? I´ll try the configuration above, anyway, thanks for the help.

    Att,
    Guilherme S.
     
  9. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    What issue are you trying to address? Unless you have a very unusual system, which eg. doesn't accept normal mail from the internet, you will end up rejecting good mail if you don't allow multiple recipients per message. If the real issue is in delivery, so an email is only delivered to a single reicipient at a time, postfix has settings for that (*_recipient_limit ... eg. run "postconf | grep recipient_limit" and you'll see something like 'dovecot_destination_recipient_limit = 1').
     
  10. Guilherme Oliveira

    Guilherme Oliveira New Member

    Jesse,

    It´s really a unsual system :(, when I use "recipient_limit" on postfix it limit incoming messages too.
    What I need is:
    A user can send to one recipient per message, but I can´t find anything like this.

    Thanks
     
  11. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Ah, you want to limit mail from your users, not to your domain. Assuming they use port 587 to send, just edit /etc/postfix/master.cf and set the smtpd_recipient_limit for submission (ie. add another line below it with ' -o smtpd_recipient_limit=1').
     
  12. Guilherme Oliveira

    Guilherme Oliveira New Member

    Jesse,

    I´ll try this.

    Thanks again.
     

Share This Page