Hi All We operate multiple Postfix instances behind HA-Proxies. The haproxy upstream protocol is enabled:
smtpd_upstream_proxy_protocol=haproxy (the IPs of the HA-proxies are in mynetworks) There are brute-force attacks agains the SMTP servers (auth Backend is OpenLDAP). We would like to block these clients and have found the following settings: smtpd_client_connection_rate_limit smtpd_error_sleep_time smtpd_soft_error_limit smtpd_hard_error_limit We experienced that these settings do not work behind HA-Proxies. Did we missed a configuration settings? Did someone implement brute-force restrictions behind HA-Proxies? If possible we would like to avoid fail2ban or other tools on the HA-Proxies. Your Feedback is highly appreciated! Thanks Felder
