The throttle plugin has several checks (t_settings):
msg_size, max_rcpts, max_msgs, and max_quota.
Each of them keeps track of whether the throttle_tracking should be reset (setting init_time = now). The problem is that if any of these checks have an 'expired' value of True, but if any consequent checks have an 'expired' value of False the throttle_tracking is never restarted.
This means that a user can exceed the limits established in the throttle. Due to the time (_period + now) will always be greater than (_init_time + _period) therefore in the case of max_msgs, _cur_msgs will always be 0, and this will allow the number of messages to be infinite.
The throttle plugin has several checks (t_settings): msg_size, max_rcpts, max_msgs, and max_quota.
Each of them keeps track of whether the throttle_tracking should be reset (setting init_time = now). The problem is that if any of these checks have an 'expired' value of True, but if any consequent checks have an 'expired' value of False the throttle_tracking is never restarted.
This means that a user can exceed the limits established in the throttle. Due to the time (_period + now) will always be greater than (_init_time + _period) therefore in the case of max_msgs, _cur_msgs will always be 0, and this will allow the number of messages to be infinite.