Difference between revisions of "Rate limiting"

From Halon, SMTP software for hosting providers
Jump to: navigation, search
(Implementation)
(Clustering)
Line 20: Line 20:
  
 
== Clustering ==
 
== Clustering ==
Rate limits are synchronized in the cluster if a
+
Rate limits are synchronized in the cluster if a HMAC-SHA1 key is specified on the system settings page. The protocol is based on UDP and uses port 13131. In terms of security it may be wise to only activate this feature on local networks, as the HMAC-SHA1 only serves as a packet-authenticity firewall. It does not provide encryption nor protect against reply attacks. It should probably be protected by other means such as a VPN tunnel or psychical security (DMZ).
HMAC-SHA1 key is specified on the system settings page. The protocol is
 
based on UDP and uses port 13131. In terms of security it may be wise to
 
only activate this feature on local networks, as the HMAC-SHA1 only serves as a
 
packet-authenticity firewall. It does not provide encryption nor protect against reply attacks. It
 
should probably be protected by other means such as a VPN tunnel or psychical
 
security (DMZ).
 
  
 
== Performance ==
 
== Performance ==
 
The rate limits performance is roughly O(log N + log M) and lookups are currently implemented as a C++ <tt>std::multimap</tt>.
 
The rate limits performance is roughly O(log N + log M) and lookups are currently implemented as a C++ <tt>std::multimap</tt>.

Revision as of 08:24, 18 November 2013

Rate limiting is a crucial defense method against service misuse. We have implemented a global rate controlling service called rated. It handles rate limiting for all processes, based on an "items per time interval" algorithm. Our implementation features a sliding rate limit (in contrast to leaking bucket; which has a fixed output rate regardless of exactly when the rate was exceeded).

Implementation

Rate limits may be "hit" using the HSL rate() function, and sometimes using the graphical blocks in the flows. It returns true as long as the rate() call interval is less than its rate limit, but false when exceeded. If the count parameter is zero, the current rate is returned instead. When a "hit" is counted, its expiration time is the fourth parameter (interval).

// get the rate limit number, without increasing
if (rate("failed-login:saslusername"$saslusername060) >= 3)
    
Reject("Too many failed logins");

// increase, and reject if exceeded
if ($is_spam)
    if (
rate("spammers"$senderip10086400) == false)
        
Reject("You may only send 100 suspicious messages per day"); 

Clustering

Rate limits are synchronized in the cluster if a HMAC-SHA1 key is specified on the system settings page. The protocol is based on UDP and uses port 13131. In terms of security it may be wise to only activate this feature on local networks, as the HMAC-SHA1 only serves as a packet-authenticity firewall. It does not provide encryption nor protect against reply attacks. It should probably be protected by other means such as a VPN tunnel or psychical security (DMZ).

Performance

The rate limits performance is roughly O(log N + log M) and lookups are currently implemented as a C++ std::multimap.