self-hosted/Mailu
1
0
Fork 0
mirror of https://github.com/Mailu/Mailu.git synced 2025-11-27 22:18:22 +02:00
Code Issues Releases Activity

Refactor the rate limiting code

Browse Source 
Rate limiting was already redesigned to use Python limits. This
introduced some unexpected behavior, including the fact that only
one criteria is supported per limiter. Docs and setup utility are
updated with this in mind.

Also, the code was made more generic, so limiters can be delivered
for something else than authentication. Authentication-specific
code was moved directly to the authentication routine.
This commit is contained in:
kaiyou
2020-02-09 17:38:18 +01:00
parent 7507345ce9
commit 8e88f1b8c3
8 changed files with 53 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docs/compose/.env
View File

@@ -38,7 +38,7 @@ POSTMASTER=admin
TLS_FLAVOR=cert
# Authentication rate limit (per source IP address)
AUTH_RATELIMIT=10/minute;1000/hour
AUTH_RATELIMIT=10/minute
# Opt-out of statistics, replace with "True" to opt out
DISABLE_STATISTICS=False
@@ -68,6 +68,10 @@ ANTIVIRUS=none
# Max attachment size will be 33% smaller
MESSAGE_SIZE_LIMIT=50000000
# Message rate limit for outgoing messages
# This limit is per user
MESSAGE_RATELIMIT=100/day
# Networks granted relay permissions
# Use this with care, all hosts in this networks will be able to send mail without authentication!
RELAYNETS=

5
docs/configuration.rst
View File

@@ -46,7 +46,6 @@ rules does also apply to auth requests coming from ``SUBNET``, especially for th
If you disable this, ensure that the rate limit on the webmail is enforced in a different
way (e.g. roundcube plug-in), otherwise an attacker can simply bypass the limit using webmail.
The ``TLS_FLAVOR`` sets how Mailu handles TLS connections. Setting this value to
``notls`` will cause Mailu not to server any web content! More on :ref:`tls_flavor`.
@@ -57,6 +56,10 @@ The ``MESSAGE_SIZE_LIMIT`` is the maximum size of a single email. It should not
be too low to avoid dropping legitimate emails and should not be too high to
avoid filling the disks with large junk emails.
The ``MESSAGE_RATELIMIT`` is the limit of messages a single user can send. This is
meant to fight outbound spam in case of compromised or malicious account on the
server.
The ``RELAYNETS`` are network addresses for which mail is relayed for free with
no authentication required. This should be used with great care. If you want other
Docker services' outbound mail to be relayed, you can set this to ``172.16.0.0/12``