On 3/1/2012 11:49 AM, Alex wrote: > Hi, > >>> I had thought it was related, but another issue I'm trying to figure >>> out is how to prevent a single remote server from sending thousands of >>> messages at a time, filling the queue, and causing significant >>> delivery delays for all mail. >> Is it safe to assume these thousands of messages are spam, and not legit >> mail? If so, simply block the IP address(es) in a cidr table: >> >> smtpd_recipient_restrictions >> permit_mynetworks >> reject_unauth_destination >> check_client_access cidr:/etc/postfix/blacklist.cidr >> ... >> >> /etc/postfix/blacklist.cidr >> #single IP >> 10.10.10.10/32 REJECT high rate spammer >> #class C network >> 10.10.10.0/24 REJECT snowshoe spammer >> >> If it's legit mail, anvil typically takes care of rate throttling, IIRC. >> Need more info. What version of Postfix are you using again? > Yes, it is for legit mail, such as that from constantcontact and other > bulk mailers that overwhelm my servers and upset my users who want > their more important mail.
Perhaps you would like to rate limit certain IPs? If so, you could apply the above map and, instead of rejecting, perform a check_policy_service action along with something like Postfwd. A policy server could also be global depending on your needs. Brian > > I'm using postfix-2.8.7 on fedora15. > > Perhaps someone hows a proper iptables QoS or other throttling ruleset > that I could use? > > I also appreciate other input on using anvil, but that also appears to > have at least some unwanted side-effects that may just upset my users > in other ways. > > Thanks again, > Alex
