Wietse Venema:
> John Schmerold:
> > What is the best way to protect against dictionary attacks in Postfix?
>
> Reportedly, fail2ban (no first-hand experience, because I have no
> SASL clients).
Also, Postfix can rate-limit auth commands, on the assumption that
good users don't make lots of repeated login attempts.
Wietse
htp://www.postfix.org/postconf.5.html#smtpd_client_auth_rate_limit
smtpd_client_auth_rate_limit (default: 0)
The maximal number of AUTH commands that any client is allowed
to send to this service per time unit, regardless of whether
or not Postfix actually accepts those commands. The time unit
is specified with the anvil_rate_time_unit configuration
parameter.
By default, there is no limit on the number AUTH commands that
a client may send.
To disable this feature, specify a limit of 0.
WARNING: The purpose of this feature is to limit abuse. It must
not be used to regulate legitimate mail traffic.
This feature is available in Postfix 3.1 and later.
