Description

Allow administrators to set a rate limit for outgoing smtp traffic.

Use Case

Gmail SMTP server only allows 2000 messages per 24 hour rolling period. This amounts to about 83 emails/hour.
On Authelia implementations with larger amounts of users and multiple services using the same Gmail account for notifications its possible that this limit could be reached.

Details

Rate limiting can be a complex problem. One user could conceivably cause other user's otp emails to be dropped by hitting the rate limit. Is the rate per user? Is there a global rate for all traffic?

Documentation

Cloudflare has a good blog post on the algorithm used on their edge servers to help mitigate attacks while minimizing the affect on legitimate traffic.

I think that ideally, requests should be limited on a per distinct user basis. This way, malicious traffic can be mitigated while legitimate traffic can be passed with minimal latency.

Mentioned in the cloudflare post is the method they use to cache currently enforced mitigations to maximize speed.

Here is the diagram from cloudflare modified for an example email request.

Pre-Submission Checklist

• I agree to follow the Code of Conduct

• I have checked for related issues and checked the documentation