Limiting the number of emails sent by a given auth-user/domain/IP

Hi Roberto, 

    First of all the new qmail config-all script does a wonder full job. There are a few suggestions though.

1. You can include the rcptcheck-overlimit.sh script in the installation process itself as its not currently done as qmHandle / svtools etc.  I had to download the script manually as stated above in the guide. 

2. The supervise scripts installed by config-all feature gives the below in qmail-smtpd run file 

# rcptcheck-overlimit. Limits the number of emails sent by relayclients
if [ -x $QMAILDIR/bin/rcptcheck-overlimit ]; then
export RCPTCHECK=$QMAILDIR/bin/rcptcheck-overlimit
export RCPTCHECKRELAYCLIENT="1"
fi

As you can see here we are calling $QMAILDIR/bin/rcptcheck-overlimit while the file we are installing is rcptcheck-overlimit.sh . We should standardise it so there is no room for confusion. 

Cheers

Hi Shailendra,

I checked the code in config-all.sh the script installs correctly rcptcheck-overlimit and not rcptcheck-overlimit.sh. Can you double check?

That said, the "configuring" page reports rcptcheck-overlimit.sh. I corrected it.

From now on, the current supervise scripts are copied in /var/qmail/doc/example-supervise and also to /var/qmail/ if it's a fresh installation. The scripts reported in the "configuring" page can have a slight difference with those actually installed.

It's very time consuming for me to sync the scripts in the sources with those copied in the 'configuring' page and I am wondering if it can be better to report only links to the actual scripts on my github. What do you think?

Sorry, the script was installed in /usr/local/bin while the run script is going to check /var/qmail/bin. I'm correcting it

Thanks for the contribution

Hi,

Thanks for nice piece of software. How can I limit messages on domain basis?

For example

*.example.com:1000

is it possible?

Thanks

BR

Hi,

I didn't wrote that code myself, but according to my tests wildcards are not allowed. You can limit a specific domain as follows

sub.domain.tld:1000

but you have to enable the line 56 on rcptcheck-overlimit.sh:

if [ -z "${limit}" ]; then value=$(eval ${PREFILTER} | grep -Fi "${FILTEREDSMTPAUTHUSER##*@}:" | tail -1); li mit="${value##*:}"; fi # domain part

I don't remember why it is commented out

Let me know if it works for you.

Hi,

Thanks for your reply. I'm testing the configuration and update you the result soon.

Thanks.

BR

Hi Roberto,

Regarding to the known bug, I modified line 55 in "rcptcheck-overlimit.sh" as underneath and works well on CentOs 8.2:

-value=$(eval ${PREFILTER} | grep -Fi "$FILTEREDSMTPAUTHUSER:" | tail -1); limit="${value##*:}" # specific authuser
+value=$(eval ${PREFILTER} | grep -i ^"$FILTEREDSMTPAUTHUSER:" | tail -1); limit="${value##*:}" # specific authuser

After that, "info@example.com" does not match "testinfo@example.com". Hope this can help.

Tony, I hope you can read this.

The above modification is not distinguishing users belonging to same domain here...

I'm restoring the original version for the time being.

For anyone interested in doing tests this is the modified version and this is the original script by Luca Franceschini

Great! Thank you

At the moment, the users listed in /var/qmail/control/relaylimits are without the dash(es) in user and domain part, because the script trims them away:

echo "foo@bar-dings.de" | tr -cd '[:alnum:].-@'
foo@bardings.de

I think the dash-char has to be escaped in the script to keep the dash-char, because the dash-char is used to define character-ranges (http://linuxcommand.org/lc3_man_pages/tr1.html)

echo "foo@bar-dings.de" | tr -cd '[:alnum:].\-@'
foo@bar-dings.de

Corrected. Thanks for the contribution

Hi,

Thanks for your information, I would like to share a tips for usage report.

Add this to crontab:

59 2 * * * /usr/bin/ls -lS /var/qmail/overlimit/ | /usr/bin/grep vpop | /usr/bin/awk '{ print $5" "$9 }' | /usr/bin/column -t | /usr/bin/mail -s "Overlimit Stats" you@youremail.com > /dev/null 2>&1

change the email "you@youremail.com" to your email address, then everynight will send an email report to administrator.

Thank you. I'll check it out.

Hi there,

Always thankful for this great documentation.

Rencently I found this rcptcheck patch and tried to apply my mail server.

Everything looks fine without any error during patching and compiling.

But once it's applied, starttls doesn't work with this new patch.(I used combined patch, not this patch separately.- the combined patch is also containing this rcptcheck, right?)

qmail-smtpd and qmail-submission (I'm using it as qmail-smtpd-ssl) are actually running.

But if I try to access with starttls it's not accessbie like below.(nothing shows after "CONNECTED").

ryan-PC:~# openssl s_client -starttls smtp -crlf -connect my-server-ip:587
CONNECTED(00000003)

So, I had to rolled back to the old patch...

Do you have any idea?

Thanks in advance.

How did you configured submission as qmail-smtpd-ssl?

Hi Roberto,

This is the run file of qmail-smtp-ssl.

#!/bin/sh

QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`

# You MUST export this, otherwise you'd get a 30 sec timeout
export SMTPAUTH="!"

# This enables greetdelay for qmail-smtpd.
#export SMTPD_GREETDELAY=5

# This enables chkuser
export CHKUSER_START=ALWAYS

# This enables simscan debug
#export SIMSCAN_DEBUG=2
#export QMAILQUEUE=/var/qmail/bin/qmail-dkim
#export DKIMVERIFY="FGHIKLMNOQRTVWjpu"
# This is to avoid verification of outgoing messages
#export RELAYCLIENT_NODKIMVERIFY=1

exec /usr/local/bin/softlimit -m 100000000 \
 /usr/local/bin/tcpserver -v -H -R -l 0 \
 -x /home/vpopmail/etc/tcp.submission.cdb -c "$MAXSMTPD" \
 -u "$QMAILDUID" -g "$NOFILESGID" 0 587 \
 /var/qmail/bin/qmail-smtpd \
 /home/vpopmail/bin/vchkpw /usr/bin/true 2>&1

Thanks,

Honestly I don't know what might be the cause... I also tried to configure qmail-submission as qmail-smtpd-ssl and it works here...