Can “from” be “auth” in Mail Rate Limiting rules somehow?
Background:
I think that I have convincingly surmised that “Mail Rate Limiting” is ineffective out of the box, here:
https://forum.virtualmin.com/t/getting-mail-rate-limiting-milter-greylist-working/134526
The fix (from September 2025, not just the quick fix at the top) involves setting the milter to work from Postfix’s chrooted path, and setting the file’s permissions) which Virtualmin may fix (or may already have fixed) for Debian/Ubuntu since they chroot Postfix by default.
The other fix (the quick one at the top) involves putting “nospf” and “noauth” into /etc/milter-greylist/greylist.conf (higher in the files than any rules that Mail Rate Limiting) will make.
nospf - is because (it appears that) without “nospf” set, the milter automatically whitelists any domain that has spf (which would be more or less any domain you are sending mail with), and so it ignores your limits about how many mails users of that domain can send.
noauth - is because (it appears that) without “noauth” set, the milter automatically whitelists any mail coming from an authenticated user, and so it ignores your limits about how many mails users of a particular domain can send.
Without both of these set, any authenticated user (including hackers with guessed passwords) can send as much mail as they want, disregarding the spirit and purpose of “Mail Rate Limiting”.
Another problem (which I mentioned in a thread where someone else was having trouble with the milter):
https://forum.virtualmin.com/t/mail-rate-limiting-not-enforced/135640
was that because the rules that Mail Rate Limiting creates are like this:
ratelimit "domain_17660945084274" rcpt 500 / 1d
racl blacklist from /.*@testdomainbyron.com/ ratelimit "domain_17660945084274" msg "Authenticated user quota exceeded"
racl whitelist from /.*@testdomainbyron.com/
But the last line of the config is (by default I believe):
racl whitelist default
Effectively this means that only mails from each-address@testdomainbyron.com are limited to 500 per day, any other domain an authenticated user might choose to send from is not limited. This means that a user (or especially a hacker) can authenticate as someone@testdomainbyron.com and send an unlimited number of emails so long as they set their “From” address to be “supercheep@canada-pharmacy.com” (etc)… because the rules regard the “from address,” not the authenticated sender.
Guess how I know that?
My fix at the time (which I timidly recommended in that thread) was to put:
racl blacklist default
As the last line in greylist.conf. What this does is denies any mail from any address that isn’t in this file somewhere. I have the luxury of doing this because my inbound mail goes through a third-party spam filter so appears from my view to all originate from an IP range which I have whitelisted higher in the file. I think that without that, probably all mail from the outside world would be blacklisted with this setting.
Further, even with blacklist set as the default for unknown domains, a clever hacker could authenticate as “someone@testdomainbyron.com” and send 500 mails as “v1gra@testdomainbyron.com” and 500 mails as “cheep-0zempic@testdomainbyron.com” and 500 mails as “something-else@testdomainbyron.com”… etc… because the limits that are made are based on the “from address”, and that is easy to change.
The blacklist default solution has also been a mild nuisance for a domain or two that send mail from name@corportate-email-i-dont-host.com but for some reason (usually pebkac) need to do that through account@domain-i-do-host.com (in those cases it I have added “/.*@corporate-imail-i-dont-host.com/” rules manually).
Today:
Today I have come to believe that changing:
ratelimit "domain_17660945084274" rcpt 500 / 1d
racl blacklist from /.*@testdomainbyron.com/ ratelimit "domain_17660945084274" msg "Authenticated user quota exceeded"
racl whitelist from /.*@testdomainbyron.com/
to:
ratelimit "domain_17660945084274" rcpt 500 / 1d
racl blacklist auth /.*@testdomainbyron.com/ ratelimit "domain_17660945084274" msg "Authenticated user quota exceeded"
racl whitelist auth /.*@testdomainbyron.com/
Will cause the milter to limit by “authenticated user” instead of “from address”, thus mitigating the need to use racl blacklist default and to manually make rules for users who have some “reason” to send from a different domain than their own, as well as disabling the ability for someone to authenticate and send mail as address1@testdomainbyron.com and address2@testdomainbyron.com etc… since that rule would be based on the “authenticated user” not the “from address”.
Is there some way that I can do that already (templates or something)? (And please don’t tell me that “auth” is the way it is out of the box and changing it to “from” was something that I did along the way… because I could totally see that happening.)
Thanks for hanging in there through that brain dump.
| SYSTEM INFORMATION | |
|---|---|
| OS type and version | Ubuntu 24.04 |
| Virtualmin version | 7.50.2 |