On 7/23/2012 4:16 PM, CSS wrote: > I'd like to take some measures to limit what an authenticated sender can do > but not limit legitimate use.
See: http://www.postfix.org/postconf.5.html#smtpd_client_connection_rate_limit You would apply this to your submission service, eg: 587 inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_connection_rate_limit=1 This limits spammers and legit users to 1 msg/min, 60 msgs per hour. Postfix is not psychic. This may be a problem for roaming users who send batches of mails when they get a connection--10 msgs takes 10 minutes. Thus, as with anything, some analysis and [re]tuning will be required. If you trust some users to never have their acct compromised, you can always create multiple submission services on different ports and have different limits for different sets of users, or even no limits for some. Not a perfect solution, but better than what you have now. -- Stan
