On Tue, Jan 03, 2023 at 06:03:29PM -0500, Hébergement Arbre Binaire wrote:
> Local clients (bash scripts and PHP mailers in particular) are still not
> rate limited at all. How can I accomplish this?
The simple answer is that You can't, without replacing sendmail(1), with
something that submits via SMTP, rather dropping off a file in the queue
directory.
This is a reliability tradeoff. "Traditional" local submission is
"serverless". Mail can be submitted even when the MTA is down, and
will be delivered once the MTA is back up. The postdrop(1) program
has the "setgid" bit turned on, and is able to write directly into
the "maildrop" queue directory.
Also the error feedback channel from sendmail(1)/postdrop(1) to local
submission clients is exceedingly minimal, they just see a non-zero
exit code when submission fails, and the message is lost (no bounce).
If you don't need reliable queueing even when the MTA is down, or you're
willing to restrict "traditional" local submission to just a handful of
of system accounts, then you can replace sendmail(1) with a program that
submits over SMTP, or even require "untrusted" clients to submit over
SMTP, and if they can't too bad...
In particular the PHP scripts, et. al., may already have ways to
configure how mail submission is performed, perhaps using SMTP
instead of sendmail(1) based on configuration settings.
Another option is of course to use a null-client for local submission,
and then punt all the mail to the real MTA via SMTP, with excessive
traffic rejected, but then the null client needs to do something
sensible with rejected messages, not obvious what that should be. This
is also complicated by the fact that the null client retries will
gradually smear out in time, perhaps eventually or partially sliding
under the receiving rate limit.
--
Viktor.
