mox/mox-/limitauth.go
Mechiel Lukkien 2154392bd8
add basic rate limiters
limiting is done based on remote ip's, with 3 ip mask variants to limit networks
of machines. often with two windows, enabling short bursts of activity, but not
sustained high activity. currently only for imap and smtp, not yet http.

limits are currently based on:
- number of open connections
- connection rate
- limits after authentication failures. too many failures, and new connections will be dropped.
- rate of delivery in total number of messages
- rate of delivery in total size of messages

the limits on connections and authentication failures are in-memory. the limits
on delivery of messages are based on stored messages.

the limits themselves are not yet configurable, let's use this first.

in the future, we may also want to have stricter limits for senders without any
reputation.
2023-02-07 23:18:15 +01:00

30 lines
544 B
Go

package mox
import (
"time"
"github.com/mjl-/mox/ratelimit"
)
var LimiterFailedAuth *ratelimit.Limiter
func init() {
LimitersInit()
}
// LimitesrsInit initializes the failed auth rate limiter.
func LimitersInit() {
LimiterFailedAuth = &ratelimit.Limiter{
WindowLimits: []ratelimit.WindowLimit{
{
// Max 10 failures/minute for ipmasked1, 30 or ipmasked2, 90 for ipmasked3.
Window: time.Minute,
Limits: [...]int64{10, 30, 90},
},
{
Window: 24 * time.Hour,
Limits: [...]int64{50, 150, 450},
},
},
}
}