Centralised and cluster-synchronised rate limiting

The next e-mail security (SP) release will feature an improved rate limit implementation. As before, it provides a high-performance, roughly O(log N + log M), and easy-to-use rate limiting. However, it is now managed by a new (privilege-separated) process called rated, making it possible to build inter-flow rate controls. It also provides a light-weight cluster synchronisation over UDP, effectively making all cluster nodes able to collaborate.

Our customers use our rate limiting for all kinds of tasks, such as preventing users and websites from sending too many suspicious messages per day. You can read more on our wiki’s rate limit page. One additional benefit of the centralised architecture, is that one can view and manipulate mail flows’ rate limits from the hsh; Halon scripting language shell, which is accessible using SSH or from the /scripting/ page.

As you can see in the image, the rate limit page now shows both local hits (that is has accumulated itself) as well as the total number of hits, as synchronised by its peers.