#daemon #smtp #postfix #quota #limit

bin+lib policyd-rate-limit

Postfix rate limiter SMTP policy daemon

4 releases (2 stable)

Uses new Rust 2024

1.0.1 Apr 23, 2025
1.0.0 Apr 18, 2025
0.1.0 Feb 12, 2020
0.0.1 Feb 3, 2020

#61 in Email

Download history 148/week @ 2025-04-16 145/week @ 2025-04-23

293 downloads per month

BSD-3-Clause

29KB
517 lines

policyd-rate-limit

crates.io Test

Postfix rate limiter SMTP policy daemon

How it works

It depends on the Postfix policy delegation protocol, it searches for the sasl_username and based on the defined limits stored in a SQL(MySQL/PostgreSQL/SQLite) database it rejects or allows action=DUNNO the email to be sent.

How to use

Postfix policy daemon for rate limiting

Usage: policyd-rate-limit [OPTIONS] --dsn <dsn>

Options:
  -s, --socket <SOCKET>  Path to the Unix domain socket [default: /tmp/policy-rate-limit.sock]
      --dsn <dsn>        Database connection string [env: DSN=]
      --pool <pool>      Pool size for database connections [default: 5]
  -l, --limit <limit>    Maximum allowed messages [default: 10]
  -r, --rate <rate>      rate in seconds, limits the messages to be sent in the defined period [default: 86400]
  -v, --verbose...       Increase verbosity, -vv for debug
  -h, --help             Print help
  -V, --version          Print version

The database schema (postgres example):

CREATE TABLE IF NOT EXISTS ratelimit (
    username VARCHAR(128) NOT NULL, -- sender address (SASL username)
    quota INTEGER NOT NULL DEFAULT 0, -- limit
    used INTEGER NOT NULL DEFAULT 0, -- current recipient counter
    rate INTEGER DEFAULT 0, -- seconds after which the counter gets reset
    rdate TIMESTAMP WITHOUT TIME ZONE NOT NULL DEFAULT CURRENT_TIMESTAMP, -- datetime when counter was reset
    PRIMARY KEY (username)
);

Postfix configuration

Add the path of the policy-rate-limit socket to smtpd_sender_restrictions for example:

smtpd_sender_restrictions: check_policy_service { unix:/tmp/policy-rate-limit.sock, default_action=DUNNO }

check the perms of the socket

Dependencies

~64MB
~1M SLoC