2009/10/19 Craig Watson <c.wat...@glbb.jp>: > I have some hosts in mynetworks. They cannot handle authentication but I > want to apply the rate limits to them too. Is there anyway I can allow them > to relay but apply the rate limits to them? Below is my current config.
I believe the correct way is to use a policy service: http://www.postfix.org/SMTPD_POLICY_README.html > #150 Recipients/Mail mesasge > smtpd_recipient_limit = 150 I'm not sure if this low limit breaks any RFCs, but in any case a client can get around this by making another connection. You're attempting to then rate-limit the connections below, but it's not really a "good" way of doing it. > #Exclude these dudes. > smtpd_client_event_limit_exceptions=111.111.111.111/32, 111.111.111.112/32 > #Limit to 2 Connections Per Client > smtpd_client_connection_count_limit=2 > #Limit to 10 Connection attempts/Client/anvil_rate_time_unit > smtpd_client_connection_rate_limit=10 > #Limit to 15 messages every anvil_rate_time_unit > smtpd_client_message_rate_limit=15 > #Unit Time is 240 Seconds > anvil_rate_time_unit=240 It doesn't seem to be in the official anvil docs (http://www.postfix.org/anvil.8.html), but I'm sure Wietse and others will be happy to jump in and point out that anvil is NOT for policy-based rate-limiting (so such usage probably won't be supported) - it's an anti-DoS measure against malicious or runaway clients. It's also a very crude tool for the job - I can't tell you off the top of my head just what the limit is you're attempting to enforce there, maybe it's 2250 per 4min, maybe it's 1500, maybe it's something else.
