exim4 - Why is rate limiting outbound mail to a smarthost only working with acl_not_smtp?

Solution 1:

The acl_not_smtp is equivalent to acl_data for SMTP traffic. Try rate limiting in that ACL. SMTP connections give you more ACL options where you can place the message. (Note: discard is a blackhole variant of accept so you won't see reject messages.) Discarding is rather drastic, and I would use defer or deny for SMTP traffic.

Rate limiting is covered in chapter 42 section 38 of the Exim Specification. You can test with modified configuration so you can rate limit harder while testing than you would once you implement. Allow time for the test limits to clear before implementing.

Try adding the following to your acl_smtp_rcpt:

defer
  ratelimit = 7 / 1m / $recipients
  message = Rate limit exceeded for $recipients: \
            $sender_rate/$sender_rate_period (max $sender_rate_limit)

/usr/bin/mail runs the local sendmail program to deliver the mail rather than connecting over the network stack. In your case, exim4 is used as a drop-in replacement for sendmail. The mail will be treated as a non-smtp delivery. Rate limiting will need to be done using a non-smtp ACL.