Am 04.02.2015 um 16:30 schrieb francis picabia:
I'm not aware we can introduce exemptions for smtpd_client_connection_rate_limit
smtpd_client_message_rate_limit
If anyone has already tweaked Postfix to accommodate
the Everbridge alert system, do you want to share what helped?
you can easily implement rate controls with iptables recent and remove
specific IP's or subnets bevor apply the rule - IMHO connection
ratecontrols belongs anyways to the network / firewall layer and not in
the application layer at all
iptables -I INPUT -p tcp --dport 25 -m conntrack --ctstate NEW -m recent
--name postfix1 --set
iptables -I INPUT -p tcp -s $SOURCE_RANGE -m conntrack --ctstate NEW -m
recent --remove
iptables -I INPUT -p tcp --dport 25 -m conntrack --ctstate NEW -m recent
--name postfix1 --update --seconds 1800 --hitcount 60 -j REJECT
iptables -I INPUT -p tcp --dport 25 -m conntrack --ctstate NEW -m recent
--name postfix1 --update --seconds 1800 --hitcount 60 -m limit --limit
60/h -j LOG --log-prefix "Firewall Rate-Control: "
