mirror of
https://github.com/mjl-/mox.git
synced 2024-12-27 17:03:47 +03:00
2154392bd8
limiting is done based on remote ip's, with 3 ip mask variants to limit networks of machines. often with two windows, enabling short bursts of activity, but not sustained high activity. currently only for imap and smtp, not yet http. limits are currently based on: - number of open connections - connection rate - limits after authentication failures. too many failures, and new connections will be dropped. - rate of delivery in total number of messages - rate of delivery in total size of messages the limits on connections and authentication failures are in-memory. the limits on delivery of messages are based on stored messages. the limits themselves are not yet configurable, let's use this first. in the future, we may also want to have stricter limits for senders without any reputation.
30 lines
544 B
Go
30 lines
544 B
Go
package mox
|
|
|
|
import (
|
|
"time"
|
|
|
|
"github.com/mjl-/mox/ratelimit"
|
|
)
|
|
|
|
var LimiterFailedAuth *ratelimit.Limiter
|
|
|
|
func init() {
|
|
LimitersInit()
|
|
}
|
|
|
|
// LimitesrsInit initializes the failed auth rate limiter.
|
|
func LimitersInit() {
|
|
LimiterFailedAuth = &ratelimit.Limiter{
|
|
WindowLimits: []ratelimit.WindowLimit{
|
|
{
|
|
// Max 10 failures/minute for ipmasked1, 30 or ipmasked2, 90 for ipmasked3.
|
|
Window: time.Minute,
|
|
Limits: [...]int64{10, 30, 90},
|
|
},
|
|
{
|
|
Window: 24 * time.Hour,
|
|
Limits: [...]int64{50, 150, 450},
|
|
},
|
|
},
|
|
}
|
|
}
|