The new milter-greylist based email rate limiting is a great idea!
Considering the milter can do a lot more than what the Virtualmin GUI presently can configure, here's some suggestions:
- Per-email address limits
- Allow multiple limits per scope, e.g. "max. 50 per minute, max. 250 per hour..."
- A warning/reporting system, i.e. send a warning email to the admin when a limit is exceeded (so they can react quickly to a potentially hijacked account, or inform their customer)
- Configurable rejection messages
- Use a human-readable text instead of the domain ID in per-domain ratelimit entries for easier log evaluation