The smtpd_recipient_limit was just an example parameter. In the following documentation http://www.postfix.org/postconf.5.html it says that all of these connection_rate settings unit time intervals are based on what anvil_rate_time_unit is set to. So I set the time accordingly to test. I wanted 15 messages/client every 4 minutes and a maximum of 2 concurrent connections with up to 10 connections every 4 minutes. Just to stop some runaway clients that get taken over by spammers and torture my senderbase scores.
Is there any policy server that does connection rate tracking? I do not want to use this crude way of doing as I am trying to test now and I wondered weather someone had already invented that wheel so I can re-target using the policy based method? I already use the policy server for greylisting and spf checking. Thanks for the advice in advance. -----Original Message----- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Barney Desmond Sent: Monday, October 19, 2009 10:07 PM To: postfix-users@postfix.org Subject: Re: Rate limits on mynetworks Hosts 2009/10/19 Craig Watson <c.wat...@glbb.jp>: > I have some hosts in mynetworks. They cannot handle authentication but I > want to apply the rate limits to them too. Is there anyway I can allow them > to relay but apply the rate limits to them? Below is my current config. I believe the correct way is to use a policy service: http://www.postfix.org/SMTPD_POLICY_README.html > #150 Recipients/Mail mesasge > smtpd_recipient_limit = 150 I'm not sure if this low limit breaks any RFCs, but in any case a client can get around this by making another connection. You're attempting to then rate-limit the connections below, but it's not really a "good" way of doing it. > #Exclude these dudes. > smtpd_client_event_limit_exceptions=111.111.111.111/32, 111.111.111.112/32 > #Limit to 2 Connections Per Client > smtpd_client_connection_count_limit=2 > #Limit to 10 Connection attempts/Client/anvil_rate_time_unit > smtpd_client_connection_rate_limit=10 > #Limit to 15 messages every anvil_rate_time_unit > smtpd_client_message_rate_limit=15 > #Unit Time is 240 Seconds > anvil_rate_time_unit=240 It doesn't seem to be in the official anvil docs (http://www.postfix.org/anvil.8.html), but I'm sure Wietse and others will be happy to jump in and point out that anvil is NOT for policy-based rate-limiting (so such usage probably won't be supported) - it's an anti-DoS measure against malicious or runaway clients. It's also a very crude tool for the job - I can't tell you off the top of my head just what the limit is you're attempting to enforce there, maybe it's 2250 per 4min, maybe it's 1500, maybe it's something else.
