# lower rate limit for certain authenticated users
&&SASL_WHITELIST {
	# other servers relay via mail.archlinux.org using authentication. username is the
	# hostname part of the fqdn
{% for host in groups['all'] %}
	sasl_username={{ hostvars[host].inventory_hostname_short }}
{% endfor %}
	# add other usernames to bypass rate-limits here:
	sasl_username=devnull;
};

# no rate-limit for some authenticated users
&&NO_RATE_LIMIT_USERS {
        sasl_username=aur;
};
id=NoRateLimit;
        protocol_state==END-OF-MESSAGE;
        &&NO_RATE_LIMIT_USERS;
        action=dunno;

# lower rate limit for certain users (360/3600 == average 1 email every 10 seconds)
id=SaslWhitelist;
	protocol_state==END-OF-MESSAGE;
	&&SASL_WHITELIST;
	action=rcpt(sasl_username/360/3600/REJECT You can only send to 360 recipients per 1h per user)
id=SaslWhitelist2;
	protocol_state==END-OF-MESSAGE;
	&&SASL_WHITELIST;
	action=dunno;

# sasl_username != doesn't work for whatever reason
id=RcptRate;
	protocol_state==END-OF-MESSAGE;
	sasl_username!~/^$/;
	action=rcpt(sasl_username/100/21600/REJECT You can only send to 100 recipients per 6h per user)

# this causes postfwd to log something for every mail; easier testing
id=logging;
	protocol_state==END-OF-MESSAGE;
	action=dunno;