Refactor the rate limiting code

Rate limiting was already redesigned to use Python limits. This introduced some unexpected behavior, including the fact that only one criteria is supported per limiter. Docs and setup utility are updated with this in mind. Also, the code was made more generic, so limiters can be delivered for something else than authentication. Authentication-specific code was moved directly to the authentication routine.
2025-11-02 11:08:01 +00:00 · 2020-02-09 17:38:18 +01:00
parent 7507345ce9
commit 8e88f1b8c3
8 changed files with 53 additions and 55 deletions
--- a/docs/compose/.env
+++ b/docs/compose/.env
@@ -38,7 +38,7 @@ POSTMASTER=admin
 TLS_FLAVOR=cert

 # Authentication rate limit (per source IP address)
-AUTH_RATELIMIT=10/minute;1000/hour
+AUTH_RATELIMIT=10/minute

 # Opt-out of statistics, replace with "True" to opt out
 DISABLE_STATISTICS=False
@@ -68,6 +68,10 @@ ANTIVIRUS=none
 # Max attachment size will be 33% smaller
 MESSAGE_SIZE_LIMIT=50000000

+# Message rate limit for outgoing messages
+# This limit is per user
+MESSAGE_RATELIMIT=100/day
+
 # Networks granted relay permissions
 # Use this with care, all hosts in this networks will be able to send mail without authentication!
 RELAYNETS=