acl_not_smtp is for the case when hosting PHP scripts is sending an email via mail() function, so it will works fine with $authenticated_id – you will get ‘username’ of the site that is sending an email – and you can limit ‘per user’ that is hosting a site(s).
Not sure why your Roundcube is running as ‘www-data’ – do you access Roundcube via http://server-hostname/webmail/ and does ‘server-hostname’ is created under ‘admin’ account on Vesta? You are using Apache2+nginx combination?
I’ll try (in next 2-3 days) to figure out how to force Roundcube to send emails via SMTP (it didn’t work tonight when I tried to do that, it still used mail() function even I entered SMTP host in Roundcube config file).
Next, we need to see what is an ACL section for authorized SMTP user – it’s probably acl_check_rcpt that Skurudo already sugested – but I’ll check.
File to edit: /etc/exim/exim.conf
File to edit: /etc/roundcube/defaults.inc.php
Change the settings in red to match those posted here.
$config[‘smtp_server’] = ‘localhost’;
// SMTP port (default is 25; use 587 for STARTTLS or 465 for the
// deprecated SSL over SMTP (aka SMTPS))
$config[‘smtp_port’] = 25;
// SMTP username (if required) if you use %u as the username Roundcube
// will use the current username for login
$config[‘smtp_user’] = ‘%u‘;
// SMTP password (if required) if you use %p as the password Roundcube
// will use the current user’s password for login
$config[‘smtp_pass’] = ‘%p‘;
how do I define Multiple Acls per hour, per minute, per second like this ??
acl_not_smtp: deny message = Web site of $authenticated_id user is sending too much emails – rate overlimit = $sender_rate / $sender_rate_period ratelimit = 20 / 1s / $authenticated_id deny message = Web site of $authenticated_id user is sending too much emails – rate overlimit = $sender_rate / $sender_rate_period ratelimit = 200 / 1h / $authenticated_id accept