A feature I've yet to see on any control panel, yet would LOVE to see, is the ability to limit how often users can CHECK THEIR FREAKING EMAIL.

I can't tell you how many servers I have that are acting "overloaded" yet if I just turn off pop3/imap load goes down to "nice" levels.

People do NOT need to check their emails once a minute, and I've seen logins from people that happened every 10 SECONDS (no I'm not joking, I wish I were).

If I could set this I would limit mail checks to no more often than every 5 minutes.

I'll sing Directadmin's praises from the highest mountain if they'd find a way to add this (and CHROOT SSH and CGI too!! can't forget that!!).

Once every 10 seconds? wow. :)

I think iptables has a functionality that could do that:


iptables -A INPUT -p tcp --dport 110 --syn -m limit --limit 12/hour -j ACCEPT
iptables -A INPUT -p tcp --dport 110 --syn -j DROP
iptables -A INPUT -p tcp --dport 110 -j ACCEPT
That will limit new connections to port 110. I'm not sure if it will let them do 12 connections, then nothing for the rest of the hour, or one per 5 minutes, but you could do 1/minute which is more frequent, but not as bad as every 10 seconds! ;)

John

I would personally use --limit 1/minute

with the hour option you can use it 12 times in your first minute then be unable to access email for 59 minutes, or for me, 12 minutes then unable to access for another 48 while i get taken from the rule :)

Chris

Chris,

Watch out because this is also a pothole in itself. If you check mulltiple email boxes on the server, you will only be able to access one of them. Just a heads up :)

I'm someone who checks his email every minute (Set on Outlook) and I often use the button to check it manually :)

Originally posted by UltimeWWW
I'm someone who checks his email every minute (Set on Outlook) and I often use the button to check it manually :)

This is why we can't have nice things :p!

One minute can (and occasionally will) cause failures because of "pop" locks.

Five minutes works well for us.

Jeff

Does no one else use exim.conf to do this?

I have it set to 200 simultaneous SMTP connections and then if a user tries to send over 100 emails at once (say with a mailing script) then they're queued and set gradually to slow them down. There's loads of config options for it. My admin setup something similar for POP.

Matt

We use a very sophisticated exim.conf file to do lots of things :) .

But the thread is about limiting pop access; it's got nothing to do with sending email.

And your 200 smtp limit does nothing to stop scripts running on the server that connect through the sendmail interface; it only affects smtp, which usually means only email coming from elsewhere on the 'net.

Jeff

I mentioned in my post that I have something similar setup for POP ;)

Don't scripts running on the server use Exim to send the mail... I thought that was what Exim was for (as well as for processing 'outside' emails)?

Thanks,
Matt :)

are there other solutions for this?

Originally posted by thoroughfare
Don't scripts running on the server use Exim to send the mail... I thought that was what Exim was for (as well as for processing 'outside' emails)?
Most scripts us a "sendmail" command line (which is really a link to exim) to send email.

The connection limit only applies to smtp connections, not to direct connections through the command line, so to get SMTP to limit connections from the local server you'd have to delete or rename the sendmail link so no scripts would find it, rewrite all your scripts that call it to use an smtp connection to port 25 on localhost instead, and notify all your users to rewrite their scripts as well.

Jeff

or write/find sendmail replacement, which does not use any real mailbox directly, but instead connects to localhost port 25 and send mail there.
Then rename exim's sendmail to something else, maybe with permissions to execute only to some user/group. You may then send local mail (from cron etc.) to pipe of original file for more speed.

Removing sendmail binary is bad idea, because many programs use it also.

As I wrote previously, DA doesn't have a sendmail binary.

If your OS had it, then DA deletes it when it installs exim.

Jeff

I know there is no sendmail mail agent. I thought simply replacing /usr/sbin/sendmail link to exim with simple program, which will connect to localhost to do every mail delivery, so you could limit even local deliveries. It may produce more overhead than direct local delivery, but you can control it at least. I think you did it somewhere already, when you have been implementing jailed ssh access.

Jeff is your complicated exim config publicly available?

Also I would like such a script that links sendmail to use smtp.

Finally does using sendmail still show sent emails in exim's log? or are they logged anywhere at all.

Originally posted by Chrysalis
Jeff is your complicated exim config publicly available?
I presume you mean my "sophisticated exim.conf file".

I'm sorry if I gave the impression I have a file that does specifically what thoroughfare asked about; I don't.

I've written a lot of custom files for a lot of clients, but I don't recommend custom files because every time the file is changed by DA, the custom one has to be studied and may need to be rewritten.

Also I would like such a script that links sendmail to use smtp.
I'm not sure I understand what you mean. Do you mean so that if a script calls sendmail instead of using exim the script would use a mailserver on a different server? Or what?

Finally does using sendmail still show sent emails in exim's log?
Certainly :) ; the mail gets sent to exim's input stream instead of sendmail's.

Jeff

Originally posted by jlasman

I'm not sure I understand what you mean. Do you mean so that if a script calls sendmail instead of using exim the script would use a mailserver on a different server? Or what?

Jeff

I mean as pihhan said in the post above mine, a script replacing sendmail that reroutes to localhost smtp.

Thanks. Now I understand.

Anyone want to try writing one?

Jeff

We use nbsmtp in our jail script to replace sendmail.
It sends mail from /usr/sbin/sendmail within the jail, to port 25 (exim) which lives outside the jail.

John