* on the Fri, Oct 24, 2014 at 10:42:27PM +0200, li...@rhsoft.net wrote: >>>> Is there a way to limit connections from web applications on the same >>>> server for postfix? >>>> The web application sends messages via smtp on localhost (127.0.0.1:25). >>>> >>> Need to limit the maximum 5k messages per hour. Is that possible? >>> >>> You don't want to do that in Postfix, as it would have >>> to reject mail, and rejected mail would not be delivered. >>> >>> Rate limit the PHP application. >> >> I did this for a shared hosting system about ten years ago using the >> ident functionality in Exim. I installed a local ident daemon and >> then configured Exim to talk to it. Once Exim knew the user, it could >> apply user-level ratelimiting to both mail submitted via the >> executable and that submitted via a TCP socket together. >> >> If Postfix doesn't have ident support and allowing tcp connections >> for mail submission is important, you might want to take a look at >> Exim instead > > that's not the problem
I just re-read his question, and yes, it is the problem. > the problem is that a website script can't handle a temporary reject That's not true. > and so you end in lose random mails if for whatever reason the app exceeds > the limits Web-apps that weren't written to handle retries, don't handle retries. I'll agree with that. > if you fear injected junk than install a content-filter or just remove > functionality on websites which allow to define destination address by > untrusted user input (recommedn page with a user-defined content part > and so on) I'm guessing you've never worked for a shared hosting company which provides a platform where tens of thousands of users can upload their own php scripts. Content filtering is useful, but ratelimiting is essential in these environemts. If a user attempts to send more email than they are allowed to and the mail server starts rejecting it and the users code doesn't handle this case, then from the shared hosting companies point of view, it is a problem at the users end. -- Mike Cardwell https://grepular.com https://emailprivacytester.com OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
signature.asc
Description: Digital signature
