On 06/01/18 18:27, Jonathan Sélea wrote:
> For example:
> www.siteA.xyz on ServerY is hacked and someone is using mail() in order
> to send hundreds of thousands email via localhost - that is relayed to
> the smtp relay (that only accepts mail from internal servers). And
> instead of relaying them out to the web it does stop thoose kind of email.
>
> Is that possible? Can postfix just dump the emails "down the drain"
> instead of sending them? And can that be triggered if ServerY sends 100
> emails in 10 seconds for example.
In main.cf:-
smtpd_client_connection_count_limit (default is 50 connections)
Limits the number of simultaneous connections
a remote host can make.
smtpd_client_connection_rate_limit (disabled by default)
Limits the number of connection attempts
a remote host can make per time unit.
anvil_rate_time_unit (default is 60 seconds)
Sets the value of the time unit.
A simple script can pick up the connect refusal from the postfix log,
and add the host address to an iptables block-list.
Allen C
