Am 06.01.2014 16:12, schrieb Roland Plüss: > A couple of days ago my mail server got attacked by a spammer. As it > looks like he managed to compromise the password of one of the users on > the system and SASL authenticated using the account to send spam. I > blocked the attacking IP and changed the password of the affected user. > Still the spammer managed to send out quite a lot of mails because due > to permit_sasl_authenticated letting him pass by. Now to deal with this > situation in the future I would like to automatically lock down an > account if an unusual amount of mails are sent like 60 per minute or so. > I could though not figure out if postfix is able to do this or how to > get this done. Any ideas?
anvil_rate_time_unit = 1800s smtpd_client_connection_rate_limit = 50 smtpd_client_recipient_rate_limit = 400 smtpd_recipient_limit = 100 this way at least not more than 400 messages from the same IP can be sent within 30 minutes, independent of how many connections while these are limited to 50 and a single message must not have more than 100 CRPT
