mod-mquota: Valvulad sending control quota module

Introduction to mquota

Mod-Mquota applies to sending mail operations when they are authenticated. It is mainly designed for shared hosting solutions where it is required to limit user sending rate and to control and minimize the impact of compromised accounts.

The plugin has a straightforward operation method were you configure different time periods inside which you limit the amount of mails that can be sent by minute, by hour and inside the total period.

Those limits apply to account level and whole domain level (so "smart" users cannot use, so on to bypass limits).

mod-mquota Configuration examples

Take a look inside <default-sending-quota> node inside /etc/valvula/valvula.conf and you'll find something like this:

<!-- sending and receiving quotas: used by mod-mquota -->
<default-sending-quota status="full" if-no-match="first">
<!-- account limit: 50/minute, 250/hour and 750/global from 09:00 to 21:00
domain limit: 100/minute, 375/hour and 1100/global
note: use -1 to disable any of the limits.
For example, to disable global limit, use globa-limit="-1"
<limit label='day quota' from="9:00" to="21:00" status="full"
minute-limit="50" hour-limit="250" global-limit="750"
domain-minute-limit="100" domain-hour-limit="375" domain-global-limit="1100" />
<!-- limit 15/minute, 50/hour and 150/global from 21:00 to 09:00 -->
<limit label='night quota' from="21:00" to="9:00" status="full"
minute-limit="15" hour-limit="50" global-limit="150"
domain-minute-limit="15" domain-hour-limit="50" domain-global-limit="150" />

Taking as a reference previous example, operation mode is applied following next rules:

mod-mquota Selecting a default period when no match is found (<if-no-match>)

When no period is found to apply, if-no-match attribute is used (at <default-sending-quota>). This allows to define a particular period where limits applies and then, outside that limit, a default period, no limit or just reject is applied.

Allowed values are:

mod-mquota Configuring exceptions to certain users

In the case you want to apply quotas in a general manner but need a way to avoid applying these quotas to certain users, then connect to the valvula database (take a look what's defined at /etc/valvula/valvula.conf) and then run the following query:

INSERT INTO mquota_exception (is_active, sasl_user) VALUES ('1', '');

This will allow sasl user to send without any restriction.