submission rate limit advice

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

submission rate limit advice

Voytek
I've tightened or rather overtightened several postfix limits, in what
seemed like a good idea at the time...

noticed now this warning, this user is on a dynamic IP, so can't add his
IP to exception:

going by the counter "Connection rate limit exceeded: 125", what values
should I alter?

Jan 31 14:01:09 geko postfix/smtpd[24223]: warning: Connection rate limit
exceeded: 124 from d27-99-95-44.bla2.nsw.optusnet.com.au[27.99.95.44] for
service submission
Jan 31 14:03:14 geko postfix/smtpd[24340]: warning: Connection rate limit
exceeded: 125 from d27-99-95-44.bla2.nsw.optusnet.com.au[27.99.95.44] for
service submission
# grep 'rate limit' /var/log/maillog | grep 27.99.95.44 | wc
    113    1808   18784
#

currently have:

# grep _limit main.cf

smtpd_client_event_limit_exceptions = xxxx.yy....
message_size_limit = 30971520
dovecot_destination_recipient_limit = 1
smtp-amavis_destination_recipient_limit = 1
body_checks_size_limit = 150000
smtpd_client_connection_rate_limit = 12
smtpd_soft_error_limit = 5
smtpd_hard_error_limit = 10
smtpd_junk_command_limit = 2
smtpd_client_connection_count_limit = 5
postscreen_command_count_limit = 8
postscreen_command_time_limit = 30
#




Reply | Threaded
Open this post in threaded view
|

Re: submission rate limit advice

Bastian Blank-3
On Wed, Jan 31, 2018 at 05:01:41AM +0000, Voytek wrote:
> # grep _limit main.cf

Please read http://www.postfix.org/DEBUG_README.html#mail and follow it.

> smtpd_client_connection_rate_limit = 12
> smtpd_client_connection_count_limit = 5

Well, here is your problem.

From the documentation:
| WARNING: The purpose of this feature is to limit abuse. It must not be
| used to regulate legitimate mail traffic.

> smtpd_soft_error_limit = 5
> smtpd_hard_error_limit = 10

Revert them to default, esp as the default is state dependent.

Bastian

--
Military secrets are the most fleeting of all.
                -- Spock, "The Enterprise Incident", stardate 5027.4