self-hosted/Mailu
1
0
Fork 0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-14 10:53:30 +02:00
Code Issues Releases Activity

Merge #2738

Browse Source 
2738: Make ratelimit exemptions less generous r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Make ratelimit exemptions less generous, as discussed on #mailu-dev

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
This commit is contained in:
bors[bot] 2023-04-04 12:17:27 +00:00 committed by GitHub
commit d66ddb0f3e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
core/admin/mailu/internal/views/auth.py
View File

@ -13,14 +13,15 @@ def nginx_authentication():
""" """
client_ip = flask.request.headers["Client-Ip"] client_ip = flask.request.headers["Client-Ip"]
headers = flask.request.headers headers = flask.request.headers
if headers["Auth-Port"] == '25' and headers['Auth-Method'] != 'none': is_port_25 = headers["Auth-Port"] == '25'
if is_port_25 and headers['Auth-Method'] != 'none':
response = flask.Response() response = flask.Response()
response.headers['Auth-Status'] = 'AUTH not supported' response.headers['Auth-Status'] = 'AUTH not supported'
response.headers['Auth-Error-Code'] = '502 5.5.1' response.headers['Auth-Error-Code'] = '502 5.5.1'
utils.limiter.rate_limit_ip(client_ip) utils.limiter.rate_limit_ip(client_ip)
return response return response
is_from_webmail = headers['Auth-Port'] in ['10143', '10025'] is_from_webmail = headers['Auth-Port'] in ['10143', '10025']
if not is_from_webmail and utils.limiter.should_rate_limit_ip(client_ip): if not is_from_webmail and not is_port_25 and utils.limiter.should_rate_limit_ip(client_ip):
status, code = nginx.get_status(flask.request.headers['Auth-Protocol'], 'ratelimit') status, code = nginx.get_status(flask.request.headers['Auth-Protocol'], 'ratelimit')
response = flask.Response() response = flask.Response()
response.headers['Auth-Status'] = status response.headers['Auth-Status'] = status
@ -46,7 +47,9 @@ def nginx_authentication():
return response return response
is_valid_user = True is_valid_user = True
if headers.get("Auth-Status") == "OK": if headers.get("Auth-Status") == "OK":
utils.limiter.exempt_ip_from_ratelimits(client_ip) # successful email delivery isn't enough to warrant an exemption
if not is_port_25:
utils.limiter.exempt_ip_from_ratelimits(client_ip)
elif is_valid_user: elif is_valid_user:
utils.limiter.rate_limit_user(username, client_ip, password=response.headers.get('Auth-Password', None)) utils.limiter.rate_limit_user(username, client_ip, password=response.headers.get('Auth-Password', None))
elif not is_from_webmail: elif not is_from_webmail: