Milter-greylist

Hi,

I'm trying to use  "ratelimit" option of milter-greylist to limit the
number of recipient in the  outgoing mail.
So, to limit all users is simple with something like this :

ratelimit "internal" rcpt 400 / 10m
racl blacklist ratelimit "internal" msg "Too many recipients, please retry later"


  exept that we have mailings lists  that contain more than 1000
subscribers and when user send mail to one of these lists, it will be rejected.
The question is how to exclude mailing list for this filter.

Thanks


-- 
Sofiane Habri

sofiane Habri sofiane.habri@... [milter-greylist]
<milter-greylist@yahoogroups.com> wrote:

> ratelimit "internal" rcpt 400 / 10m
> racl blacklist ratelimit "internal" msg "Too many recipients, please retry
> later"
> 
>   exept that we have mailings lists  that contain more than 1000
> subscribers and when user send mail to one of these lists, it will be
> rejected. The question is how to exclude mailing list for this filter.

You need a rule before your racl blacklist ratelimit to whitelist the
machine managing your mailing list. Generally speaking, you will want to
whitelist all your mail servers, and only ratelimit your users to
prevent infected machines to send spam.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

sofiane Habri sofiane.habri@... [milter-greylist]
<milter-greylist@yahoogroups.com> wrote:

> If you have any idea ..?

Another ACL whitelists the messages before you hit this rule?

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

Hi,
Le 04/03/2015 05:28, manu@... [milter-greylist] a �crit :
> Another ACL whitelists the messages before you hit this rule?
I dont think.


Here is my greylist.conf configuration:



# Your own network, which should not suffer greylisting
list "my network" addr { 127.0.0.1/8 145.238.0.0/16 }

# This is a list of broken MTAs that break with greylisting. Derived from
# 
http://cvs.puremagic.com/viewcvs/greylisting/schema/whitelist_ip.txt?rev=1.16
list "broken mta" addr {   \
         12.5.136.141/32    \ # Southwest Airlines (unique sender)
         12.5.136.142/32    \ # Southwest Airlines
         12.5.136.143/32    \ # Southwest Airlines
         12.5.136.144/32    \ # Southwest Airlines
         12.107.209.244/32  \ # kernel.org (unique sender)
         12.107.209.250/32  \ # sourceware.org (unique sender)
                               ...
}

# List of friendly whitelisted servers
list "white servers" addr {   \
         38.123.132.11      \ \ufffd#mail.meetup.com (RT #7584)
         82.227.104.11      \ # serveur evogt vogt-bodving.homelinux.net
         213.41.244.253     \ # serveur ajacoutot
         17.254.0.152       \ # lists.apple.com
         17.254.6.0/24      \ # apple.com
         17.254.13.38/31    \ # apple.com
         62.4.16.96/29      \ # serveurs nerim
         62.4.16.104/30     \ # serveurs nerim
         62.4.17.96/29      \ # serveurs nerim
         62.4.17.104/30     \ # serveurs nerim
         62.23.163.155      \ # Mairie de Meudon
                         ...

}
list "white users" rcpt {  \
         postmaster@... \
         cu6.payload.experts@... \
}

# on limite tous les utilisateurs en nombre de destinataire
ratelimit "users" rcpt 2 / 2m

racl blacklist addr 145.238.0.0/16 ratelimit "users" \
                 msg "too many recipients, please retry later"

racl whitelist list "my network"

racl whitelist list "broken mta"

racl whitelist list "white users"

racl greylist default delay 1m autowhite 7d


-- 
Sofiane Habri
Observatoire de Paris-Meudon
Divison Informatique de l'Observatoire -DIO-

sofiane Habri sofiane.habri@... [milter-greylist]
<milter-greylist@yahoogroups.com> wrote:

> But it has no effect, I can send as many  recipients I want.

How do you run your test? You do it through a remote machine, right?

Debugging this will probably require a few printf in
ratelimit_validate(). You could stat by removing  the #ifdef CONF_DEBUG
and associated #endif in this function, this will giveyou some debug
output. 

The log level is LOG_DEBUG, which would require syslog adjustement.
Alternatively since you are modifying the code, you can turn the
LOG_DEBUG into LOG_INFO or higher in this functon. 

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

Hi,

Thanks for your return
Le 05/03/2015 05:40, manu@... [milter-greylist] a \ufffdcrit :
> How do you run your test? You do it through a remote machine, right?
Yes, I do it through my MUA (T-bird).

Regards,


-- 
Sofiane Habri
Observatoire de Paris-Meudon
Divison Informatique de l'Observatoire -DIO-

sofiane Habri sofiane.habri@... [milter-greylist]
<milter-greylist@yahoogroups.com> wrote:

> > How do you run your test? You do it through a remote machine, right?
> Yes, I do it through my MUA (T-bird).

You will have to debug a bit, as I said in previous message:
--- cut here ---
Debugging this will probably require a few printf in
ratelimit_validate(). You could stat by removing  the #ifdef CONF_DEBUG
and associated #endif in this function, this will giveyou some debug
output. 

The log level is LOG_DEBUG, which would require syslog adjustement.
Alternatively since you are modifying the code, you can turn the
LOG_DEBUG into LOG_INFO or higher in this functon. 
--- cut here ---
-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

Le 18/03/2015 06:13, manu@... [milter-greylist] a \ufffdcrit :
>
> You will have to debug a bit, as I said in previous message:
I'll try to debug.
Thanks for your return.

-- 
Sofiane Habri
Observatoire de Paris-Meudon
Divison Informatique de l'Observatoire -DIO-