Limiting the number of simultaneous connections will fend off an attacker until fail2ban kicks in.
For my (domestic) server, I have in main.cf :- smtpd_client_connection_count_limit = 2 This is inherited by postscreen, which does a good job of throwing out surplus connections. Again - appropriate to *MY* circumstances - I have an iptables rule, limiting smtp connect requests to six a minute. For me, two messages an hour and I am busy :-) The soft- and hard-error limits need your attacker to make a mistake. FWIW, I have :- smtpd_error_sleep_time = 2s smtpd_soft_error_limit = 3 smtpd_hard_error_limit = 6 smtpd_junk_command_limit = 2 They are not often invoked. hope this helps Allen C On 09/07/16 16:07, Lefteris Tsintjelis wrote: > Is this a good postfix way to stall attackers (besides log parsing and > fire walling)? Bots are increasing dramatically these days > > smtpd_soft_error_limit = 1 > smtpd_hard_error_limit = 1 > smtpd_error_sleep_time = 16s (or even more) >
