Build email flood defenses

bb2ef265 · Bob Mottram · a70e52d5 · bb2ef265 · bb2ef265 · bb2ef265
Commit bb2ef265 authored 6 years ago by Bob Mottram
--- a/src/freedombone-base-email
+++ b/src/freedombone-base-email
@@ -2023,4 +2023,16 @@ function email_remove_html {
    fi
 }

+function email_flooding_defense {
+    acl_check_rcpt_file=/etc/exim4/conf.d/acl/30_exim4-config_check_rcpt
+    if [ ! -f "$acl_check_rcpt_file" ]; then
+        return
+    fi
+    if grep -q '# Flooding defense' "$acl_check_rcpt_file"; then
+        return
+    fi
+    sed -i "/acl_check_rcpt:/a \\\\n  # Flooding defense\\n  deny\\n    ratelimit = 5 / 15m / per_rcpt / strict / \$sender_address\\n    log_message = Denied (sender address), sending rate of: \$sender_rate by \$sender_address" "$acl_check_rcpt_file"
+    systemctl restart exim4
+}
+
 # NOTE: deliberately no exit 0
--- a/src/freedombone-upgrade
+++ b/src/freedombone-upgrade
@@ -154,6 +154,7 @@ if [ -d "$PROJECT_DIR" ]; then
        populate_keyservers
        disable_email_encryption_at_rest
        email_remove_html
+        email_flooding_defense
        if [ -f /var/log/freedns_@_update.log ]; then
            rm /var/log/freedns_@_update.log
        fi

--- a/src/freedombone-utils-setup
+++ b/src/freedombone-utils-setup
@@ -1200,6 +1200,9 @@ function setup_email {

    function_check email_remove_html
    email_remove_html
+
+    function_check email_flooding_defense
+    email_flooding_defense
 }

 function setup_web {