| SYSTEM INFORMATION | |
|---|---|
| OS type and version | Ubuntu 24.04 |
| Webmin version | 2.641 |
| Virtualmin version | 8.1 |
| Webserver version | Apache |
| Related packages | Rate limiting settings |
Hi everyone,
I wanted to share a step-by-step solution regarding an issue I encountered with Virtualmin 8.1 on Ubuntu 24.04, where the Mail Rate Limiting feature was completely ignored (both authenticated users and local scripts could send unlimited emails).
After digging into the logs, we found a combination of two issues: milter-greylist bypasses localhosts/SASL by default, and Postfix chroot paths get messed up when Virtualmin updates the configuration.
Here is how to fix it
Correct the ACL order in greylist.conf
By default, milter-greylist white-lists 127.0.0.1 (âmy networkâ) early on, skipping your Virtualmin rate-limiting rules.
Open /etc/milter-greylist/greylist.conf, add noauth and nospf at the very top, and move your rate-limiting rules BEFORE any whitelist rule.
Your ACL section should look like this:
noauth
nospf
**1. Rate Limit Rules (MUST BE FIRST)**
ratelimit "domain_XXXXXXXXX" rcpt 5 / 1d
ratelimit "virtualmin_limit" rcpt 100 / 1d
racl blacklist from /.*@yourdomain.com/ ratelimit "domain_XXXXXXXXX" msg "Message quota exceeded"
racl blacklist from /.*/ ratelimit "virtualmin_limit" msg "Message quota exceeded"
**2. Standard Whitelists (Processed only if quota is NOT exceeded)**
racl whitelist list "my network"
racl whitelist list "my friends"
racl whitelist list "broken mta"
**3. Domain Whitelist & Default behavior**
racl whitelist from /.*@yourdomain.com/
racl whitelist default`
Restart the service: sudo systemctl restart milter-greylist
2: Fix Postfix Milters Configuration (The Chroot Trap)
Because Postfix runs chrooted on Ubuntu 24.04, it cannot read /var/run/... sockets properly, and Virtualmin sometimes appends broken local:/var/run/... strings when saving quotas.
Open /etc/postfix/main.cf and clean up your milter lines to look exactly like this (notice the relative unix:var/run/... path without a leading slash):
milter_default_action = tempfail
smtpd_milters = unix:var/run/milter-greylist/milter-greylist.sock, inet:127.0.0.1:8891
non_smtpd_milters = unix:var/run/milter-greylist/milter-greylist.sock, inet:127.0.0.1:8891`
Note: milter_default_action = tempfail is great for testing to ensure Postfix doesnât silently bypass a failing milter.
Restart Postfix: sudo systemctl restart postfix
Conclusion & Warning
Once this is done, testing your limits will successfully throw a 551 5.7.1 Message quota exceeded error in /var/log/mail.log.
Important distinction on how Virtualmin handles updates
- Safe to do: If you only change the quota numbers (e.g., changing 5 emails to 10) inside a specific Virtual domain settings, Virtualmin will only update
greylist.conf. Your Postfix configuration will remain intact and working. - Avoid doing: Do NOT use the global âDisable Mail Rate Limitingâ / âEnable Mail Rate Limitingâ toggle button in the main Email Settings menu. Doing so will completely overwrite
/etc/postfix/main.cfand append the brokenlocal:/var/run/...path at the end of the lines again.
If you ever accidentally toggle it, remember to check your main.cf and clean up the duplicated milters string as shown in Step 2.
Hope this helps anyone struggling with mail rate limits