hey, how do i restrict the accounts that can send mail?
like if i only want accounts created through cpanel to be able to send mail. . . to stop a php script from sending mail from "spam@mydomain.co" because there is no "spam" account setup through cpanel

unnu: ACLs ;) probably both of acl_not_smtp (assuming pipe-style deliveries are happening) and acl_smtp_mail ... look what cpanel is doing to get some idea of what lookups you need in these ... http://www.exim.org/exim-html-current/doc/html/spec_html/ch-access_control_lists.html

how can I block a specific IP for incoming emails?

acl

couple days ago I've asked about a way to control number of concurrent SMTP connection during remote delivery. Is < remote_max_parallel > designed to do that?

concurrent connections to the same host? no.

concurrent deliveries to several hosts (for the same message)? yes

1st, "... concurrent connections to the same host... "
".. Otherwise, if a single message has to be delivered to more than one remote host, or if several copies have to be sent to the same remote host, up to remote_max_parallel deliveries are done simultaneously. ..."

Yes, ... you're right. This indicates that concurrency may even occur to the same destination host, if the message the queue runner processes has >1 recipients at the same host.
Another level of concurrency is the number of queue runners you may have at a time. Plus the deliveries that are triggered immediatly after accepting the message.

I am delivering a single message with 10K recipients to a client. As of now EXIM established 20+ connections to the remote SMTP
I want to cap them at 40 (per client limitation)

The 20+ connections are not established at once, are they?

yes, at once

With the default of 2 for remote_max_parallel?

oozbooz: How are you delivering this message to exim?

henk, mailman that runs on the same machine
hs12, here is my iptables rule that triggers ...
iptables -I OUTPUT -s EXIM_UP -d CLIENT_SMTP -p tcp --syn --dport 25 -m connlimit --connlimit-above 19 -j LOG --log-prefix "[SMTP-CLIENT]: " --log-level 7
s/EXIM_UP/EXIM_IP
maybe iptables counts connection within 60 sec

ok, what is remote_max_parallel on your system? And, to you see really 1 message (with one exim spool id) with 10k recipients in your mailqueue?

we split 10K into 100 messages with 100 names
today, exim delivered 9K as soon as it got messages from mailman... and left 1K in the queue

Ok, so mailman pipes 100 messages to exim, that triggers 100 deliveries immediatly after exim received the message. Because Exim, by design, starts a delivery attempt\
immediatly.

correct

You may use queue_only and then you may control the deliveries via queue_run_max and remote_max_parallel

oozbooz: AFAICT you may want to queue_only and then limit the number of queue & yes

And start a sufficient number of queue runners.

well, as of now... QR kicks in every hour, our client is sensitive to timely delivery
meaning, I have to kicks QR more often

Yes. The daemon has to start the QR, otherwise queue_run_max is without effect.

which will impact my other deliveries... it is an option, but I have to look into this carefully

goood, Im so curious to know more about this setup and/or client & This is still the 1200 Baud connection story, right?

;-)

The queue runners still obey the retry times, so starting the QRs more often should not have too much impact.

I might have over-dramatized the setup/client
our business has a peculiar cycle of email delivery, it is one big wave cluster around 30 mins
some emails get queued which results in couple hours tail with 10% of total messages
clients tolerate this schedule and business side as well
so I am very cautious about drastic changes ...
but couple clients impose rules... for instance, no more than 40 concurrent connections per 60sec
I've tried serialize but it leads to painfully slow and unnecessary conservative delivery
If I start queuing messages and rely on QR, that means that publishing time and delivery time will have a gap .. on average

Is "client" basically the same as "target host", or "recipient domain", or something like that?

sorry, in what context?

(I guess client is roughly a customer, owning a target host for the recipient domain :))
(context: your lines at 23:46:43 and before)

oozbooz: exim. Can each client be identified by a set of recipient domains or a set of target hosts or so?
(might seem like a strange question, but I already assumed too many wrong things regarding this setup, so I thought Id ask &)