Mail Rate Limiting broken out of the box (Ubuntu 24.04)

Today I installed a fresh Ubuntu and Virtualmin to test whether a feature is broken out of the box (that thread is here Can usermin assume @-the-domain-from-the-URL at :20000 for the logins? - #12 by Ron_E_James_D.O and contains screenshots of all of the configuration choices I made with the wizard).

I have confirmed that Mail Rate Limiting is also not working out-of-the-box.

I set my single test domain to allow at most 2 mails per 1 hour. I logged in using a fresh browser on :20000 as my test user. I sent three mails, two minutes apart, beginning 5 minutes after the hour (in case it resets on the hour) via usermin’s webmail to three different email addresses (each one at a different domain), and all three arrived in their respective inboxes.

If I am not mistaken the last should not have arrived and I should see an “exceeded” message somewhere in the log and not the status=sent (250 Message queued) from the receiving mail server that I do see.

Screenshot 2024-10-18 at 1.32.32 PM1380×466 26.3 KB

Screenshot 2024-10-18 at 1.35.08 PM1240×401 21.9 KB

Screenshot 2024-10-18 at 1.35.27 PM1378×406 26.8 KB

Screenshot 2024-10-18 at 1.35.36 PM1422×306 15.8 KB

Screenshot 2024-10-18 at 3.05.51 PM308×501 8.39 KB

image694×22 1.35 KB

For the record I downloaded the latest Ubuntu .iso today (24.04.1 LTS) and retested this with the same results (a different issue was fixed by my using that .iso instead of letting the Ubuntu installer download the latest install scripts from a few-months-old .iso).

Three mail messages, sent within a couple of minutes of each other, came in fine, with the domain’s rate limit set to 2 per hour. (I thought that maybe the web-interface would be exempt so I used Outlook this time, no joy.)

The greylist is mentioned in the logs like this:

2024-10-29T20:42:11.858571+00:00 xmail2 milter-greylist: User ronetest@newestisotest.com authenticated, bypassing greylisting
2024-10-29T20:42:11.861437+00:00 xmail2 milter-greylist: smfi_getsymval failed for {I}

But nothing else, certainly not an “exceeded” message of any kind.

image960×403 23 KB

image1191×710 19.6 KB

I should also note that the the folder:

/var/run/milter-greylist

Exists but is empty. The config file:

/etc/postfix.cf

has:

smtpd_milters = inet:127.0.0.1:8891,local:/var/run/milter-greylist/milter-greylist.sock
non_smtpd_milters = inet:127.0.0.1:8891,local:/var/run/milter-greylist/milter-greylist.sock

But there is no:

/var/run/milter-greylist/milter-greylist.sock

File. There are other .sock file (and other things generally) in random folders I look at like /var/run/fail2ban and /var/run/dovecot

There are also no lines containing

smtpd_client_message_rate_limit

or:

anvil_rate_time_unit

Anywhere in /etc/postfix/*

I have no idea if any of these things should be. I am just trying to peel back how it is supposed to work to try to figure out why mine is not working.

I tested and get same as you, maybe a bug.

I think I have it. (I have not fully tested because my 3-day-old test system has been through a bunch of things that did not work… including a postfwd install and some changes to the postfix configs, non of which seemed to have resulted in any change to mail delivery at all. So this will need to be tested on an actual out-of-the-box Virtualmin to confirm for sure.)

If, in this file:

/etc/milter-greylist/greylist.conf

I add:

noauth

on a line by itself…I think that can go anywhere but for posterity I added mine right here:

# List of users that want greylisting
list "grey users" rcpt { \
        user1@example.com \
        user2@example.com \
        user3@example.com \
}
noauth
# Give this a try if you enabled DNSRBL

(etc)

And stop and start the milter-greylist:

systemctl stop milter-greylist
systemctl start milter-greylist

It seems to obey my rate-limit settings.

Without that (and, I think this doesn’t matter but for posterity I had ronetest@newestistotest.com replacing user1@example.com at the time that I was messing with this) I would get:

2024-10-31T15:39:13.889351+00:00 xmail2 milter-greylist: User ronetest@newestisotest.com authenticated, bypassing greylisting

In mail.log, and with it I do not, and eventually get:

2024-10-31T15:57:06.573136+00:00 xmail2 milter-greylist: ratelimit overflow for class domain_173023091362546: 3, limit is 2 recipients / 3600 sec, key = “#.#.#.#”

(The numbers being my IP.). As well as the “Message quota exceeded” message that I expected.

It is worth mentioning that somewhere along the way I also did:

touch /var/lib/milter-greylist/greylist.db
chown greylist:greylist /var/lib/milter-greylist/greylist.db
chmod 600 /var/lib/milter-greylist/greylist.db

Since I saw a reference to that file in a log but saw no such file in the directory… I thought maybe it stored the message counts but it remains 0k so might not be needed at all.

Also it is very worth noting that I have no idea the consequences of adding noauth other than that mail rate limiting starts working. I take noauth to mean “enforce all of these rules even if you are authenticated” which might break something else. I tried every iteration of “racl greylist list “grey users” delay 30m autowhite 3d noauth” possible, but putting noauth anywhere but on a line by itself results in a syntax error when restarting milter-greylist.

I don’t know which of the several folks who sometimes respond to my posts work at Virtualmin (probably all of you) @Joe and @Ilia have specifically said things that indicate that they do (I think I remember). I am not sure if adding them with the “@” sign flags them, but it seems that someone who works at Virtualmin might should review this.

Ron

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.