DevHeads.net

submission rate limit advice

I've tightened or rather overtightened several postfix limits, in what
seemed like a good idea at the time...

noticed now this warning, this user is on a dynamic IP, so can't add his
IP to exception:

going by the counter "Connection rate limit exceeded: 125", what values
should I alter?

Jan 31 14:01:09 geko postfix/smtpd[24223]: warning: Connection rate limit
exceeded: 124 from d27-99-95-44.bla2.nsw.optusnet.com.au[27.99.95.44] for
service submission
Jan 31 14:03:14 geko postfix/smtpd[24340]: warning: Connection rate limit
exceeded: 125 from d27-99-95-44.bla2.nsw.optusnet.com.au[27.99.95.44] for
service submission
# grep 'rate limit' /var/log/maillog | grep 27.99.95.44 | wc
113 1808 18784
#

currently have:

# grep _limit main.cf

smtpd_client_event_limit_exceptions = xxxx.yy....
message_size_limit = 30971520
dovecot_destination_recipient_limit = 1
smtp-amavis_destination_recipient_limit = 1
body_checks_size_limit = 150000
smtpd_client_connection_rate_limit = 12
smtpd_soft_error_limit = 5
smtpd_hard_error_limit = 10
smtpd_junk_command_limit = 2
smtpd_client_connection_count_limit = 5
postscreen_command_count_limit = 8
postscreen_command_time_limit = 30
#

Comments

Re: submission rate limit advice

By Bastian Blank at 01/31/2018 - 02:47

On Wed, Jan 31, 2018 at 05:01:41AM +0000, Voytek wrote:
Please read <a href="http://www.postfix.org/DEBUG_README.html#mail" title="http://www.postfix.org/DEBUG_README.html#mail">http://www.postfix.org/DEBUG_README.html#mail</a> and follow it.

Well, here is your problem.

From the documentation:
| WARNING: The purpose of this feature is to limit abuse. It must not be
| used to regulate legitimate mail traffic.

Revert them to default, esp as the default is state dependent.

Bastian