On 10/27/2015 3:06 PM, Voytek wrote: > is there a way to block or rate limit compromised sasl senders ? > > postconf -d | grep mail_version > mail_version = 2.11.0 > > grep limit main.cf > > recipient_delimiter = + > message_size_limit = 20971520 > dovecot_destination_recipient_limit = 1 > smtpd_client_connection_rate_limit = 50
Many people use a policy service such as postfwd to detect compromised users, and then either put all that user's sent mail on hold or trigger a script to disable the user's account. http://postfwd.org/ Alternately, postfix has a number of rate limit settings that can be used to limit damage from a runaway client. Note: It is very important that these limits are set high enough that a normal client will never exceed them. http://www.postfix.org/anvil.8.html http://www.postfix.org/TUNING_README.html#conn_limit -- Noel Jones
