Em 19/02/2019 23:39, Bill Cole escreveu:
Nothing is absolutely perfect but there are useful approaches, some
external to Postfix proper:
1. Rate limiting. Postfix has some of this (smtpd_client_*_limit
parameters) but you may be able to get more effective and subtle
limits via external tools (e.g. I have some custom code in MIMEDefang.)
2. Only offer SASL authentication on submission services (ports 587
and 465,) for port 587 only after STARTTLS, and require TLS (i.e.
smtpd_tls_security_level=encrypt on submission)
I like using policyd (https://wiki.policyd.org/) for rate limiting,
with two different limites, one hourly and other daily. For both cases,
fail2ban is looking for policy infringments and, as soon as they happen,
IP is iptables-blocked for 2 hours for the hour limitation and 2 days
for the daily one. And also when i have the daily limit infringment,
Support Staff is notified to change that user password immediately.
Not perfect, but have a great success rate on that solution.
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it
