# rate limit неудачных попыток аутентификации

	warn	set acl_c_prerate_host_auth_failed = no
	warn	set acl_m_normalize_action_result =
		set acl_m_rate_host_auth_failed =
		set acl_m_rate_count = ${eval:0$acl_c_authentication_failed-0$acl_c_rate_host_auth_failed_rated}
		condition	= ${if >{$acl_m_rate_count}{0}{yes}{no}}
		set acl_m_rate_host_auth_failed = ${sg{${lookup{$sender_host_address}iplsearch{CONFDIR/ratelimit-host-auth-failed}{$value}{}}}{\N^\s+\N}{}}
		condition	= ${if eq{$acl_m_rate_host_auth_failed}{}{yes}{no}}
		condition	= ${if eq{$sender_host_name}{}{no}{yes}}
		set acl_m_rate_host_auth_failed = ${sg{${lookup{$sender_host_name}wildlsearch{CONFDIR/ratelimit-host-auth-failed}{$value}{}}}{\N^\s+\N}{}}
	warn	condition	= ${if eq{$acl_m_rate_host_auth_failed}{}{no}{yes}}
		set acl_m_rate_host_auth_failed = ${if match{$acl_m_rate_host_auth_failed}{\N(?i)^\s*(no|skip)\N}{}{$acl_m_rate_host_auth_failed}}
		condition	= ${if eq{$acl_m_rate_host_auth_failed}{}{no}{yes}}
		set acl_m_rate_host_auth_failed = ${sg{$acl_m_rate_host_auth_failed}{eval:}{eval╕}}
		set acl_m_limit = ${extract{1}{,}{${extract{1}{:}{$acl_m_rate_host_auth_failed}}}}
		set acl_m_limit = ${sg{$acl_m_limit}{eval╕}{eval:}}
		set acl_m_limit = ${if match{$acl_m_limit}{\N.+(lookup |[\{\}])\N}{${expand:$acl_m_limit}}{$acl_m_limit}}
		set acl_c_rate_host_auth_failed_rated = $acl_c_authentication_failed
#		ratelimit	= $acl_m_limit / per_cmd / count=$acl_m_rate_count / strict / auth_failed-${if isip6{$sender_host_address}{${ipv6denorm:$sender_host_address}/64}{$sender_host_address}}
		ratelimit	= $acl_m_limit / per_cmd / count=$acl_m_rate_count / strict / auth_failed-${if isip6{$sender_host_address}{${sg{${ipv6denorm:$sender_host_address}}{\N(:\d+){4}$\N}{:0000:0000:0000:0000}}/64}{$sender_host_address}}
		set acl_m_action = ${extract{2}{:}{$acl_m_rate_host_auth_failed}}
		set acl_m_action = ${sg{$acl_m_action}{eval╕}{eval:}}
		set acl_m_action = ${if match{$acl_m_action}{\N.+(lookup |[\{\}])\N}{${expand:$acl_m_action}}{$acl_m_action}}
		acl		= acl_normalize_action "$acl_m_action"
		set acl_m_normalize_action_result = ${if match{$acl_m_normalize_action_result}{\N^\s*$\N}{defer}{$acl_m_normalize_action_result}}
		set acl_m_normalize_action_result = ${sg{$acl_m_normalize_action_result }{\N\b([^=\s\d]+)(\s)\N}{\$1=00\$2}}
		set acl_m_log_message	= ${sg{${sg{${extract{4}{:}{$acl_m_rate_host_auth_failed}}}{\N^\s+\N}{}}}{\N\s+$\N}{}}
		set acl_m_log_message	= Failed authenticated sender host rate $sender_rate exceeded limit $sender_rate_limit messages per $sender_rate_period${if eq{$acl_c_geo_data}{}{}{ ($acl_c_geo_data)}}${if eq{$acl_m_log_message}{}{}{: $acl_m_log_message}}
		set acl_m_smtp_message	= ${sg{${sg{${extract{3}{:}{$acl_m_rate_host_auth_failed}}}{\N^\s+\N}{}}}{\N\s+$\N}{}}
#		set acl_m_smtp_message	= Failed authenticated sender host rate exceeded limit.${if eq{$acl_m_smtp_message}{}{Try again later}{$acl_m_smtp_message}}
		set acl_m_smtp_message	= ${if eq{$acl_m_smtp_message}{}{Failed authenticated sender host rate exceeded limit. Try again later}{$acl_m_smtp_message}}
		set acl_m_smtp_message	= ${if match{$acl_m_smtp_message}{\N(^\$|[^\\]\$)\N}{${expand:$acl_m_smtp_message}}{$acl_m_smtp_message}}
ifelse_strstr(confRATELIMIT, `DEBUG', `
	warn	condition	= ${if eq{$acl_m_rate_host_auth_failed}{}{no}{yes}}
		log_message	= Failed authenticated sender host ${if eq{$sender_host_name}{}{}{$sender_host_name }}[$sender_host_address]${if eq{$acl_c_geo_data}{}{}{ ($acl_c_geo_data)}} rate $sender_rate / $sender_rate_limit / $sender_rate_period
') dnl ifelse_strstr(confRATELIMIT, `DEBUG', `')